Below is a quick tutorial on how to setup a new CentOS server with basic settings quickly. I will also show you how to lock down SSH to secure the system. However, this is by no means a complete list of instructions for securing the CentOS operating system. We will create a basic non-super user, lock down SSH, configure the firewall, and set a static IP address.

1. First let’s set the root user password.

[root@localhost ~]# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

2. Now let’s create a basic non-super user and set the password

[root@localhost ~]# adduser newusername
[root@localhost ~]# passwd newusername
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

3. Next let’s edit the SSH configuration.

[root@localhost ~]# vi /etc/ssh/sshd_config
Here we can configure SSH to use a custom port and restrict SSH access so the root user cannot login. You will also need to restart the ssh service for the changes to take effect. Use :wq to save the configuration when finished.
# Prevent root logins:
PermitRootLogin no

#Port 22
Port 123

You can restart the sshd service with the command below.

[root@localhost ~]# service sshd restart

4. Next we need to edit the iptables configuration so the server will accept traffic on the new SSH port. Use :wq to save the configuration when finished.

[root@localhost ~]# vi /etc/sysconfig/iptables

While in the iptables config you should see a line referencing port 22 already. Change the port to the new port we set previously.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT

If you wanted to restrict access to a network such as 192.168.1.0/24, edit the line as shown.

-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 123 -j ACCEPT
For the above changes to take effect you must restart the iptables service.
[root@localhost ~]# service iptables restart

5. Now, let’s configure an ip interface as the last step. Use :wq to save the configuration when finished.

[root@localhost ~]# vi /etc/sysconfigc/network-scripts/ifcfg-eth0
Here you can edit the relevant settings as needed.
DEVICE=eth0
IPADDR=192.168.1.123
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.100
DNS2=192.168.1.101
NM_CONTROLLED=no
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
Now restart the network service and you’re set!
[root@localhost ~]# /etc/init.d/network restart
Categories: CentOSLinux

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Application Containers

Docker container management using Rancher

What is container management and why to use it?A container management platform is a solution used to o create cloud-native, distributed applications and package legacy applications that were not originally designed for virtual environments. Container Read more…

CentOS

Install MySQL Galera Cluster on Centos 7

What is MySQL cluster and how to use it?MySQL Galera Cluster is a synchronous multi-master cluster, available on Linux only, and only supports the XtraDB/InnoDB storage engines . It is designed to provide high availability Read more…

Application Containers

Installing Docker on Centos 7

What are Docker containers and how to use them?Docker is a software technology providing containers. Docker provides an additional layer of abstraction and automation of operating-system-level virtualization on Windows and Linux. Docker uses the resource Read more…