How to configure a CentOS Linux Server in 5 steps

Published by Joe Conklin on

Below is a quick tutorial on how to setup a new CentOS server with basic settings quickly. I will also show you how to lock down SSH to secure the system. However, this is by no means a complete list of instructions for securing the CentOS operating system. We will create a basic non-super user, lock down SSH, configure the firewall, and set a static IP address.

1. First let’s set the root user password.

[root@localhost ~]# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

2. Now let’s create a basic non-super user and set the password

[root@localhost ~]# adduser newusername
[root@localhost ~]# passwd newusername
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

3. Next let’s edit the SSH configuration.

[root@localhost ~]# vi /etc/ssh/sshd_config
Here we can configure SSH to use a custom port and restrict SSH access so the root user cannot login. You will also need to restart the ssh service for the changes to take effect. Use :wq to save the configuration when finished.
# Prevent root logins:
PermitRootLogin no

#Port 22
Port 123

You can restart the sshd service with the command below.

[root@localhost ~]# service sshd restart

4. Next we need to edit the iptables configuration so the server will accept traffic on the new SSH port. Use :wq to save the configuration when finished.

[root@localhost ~]# vi /etc/sysconfig/iptables

While in the iptables config you should see a line referencing port 22 already. Change the port to the new port we set previously.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT

If you wanted to restrict access to a network such as 192.168.1.0/24, edit the line as shown.

-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 123 -j ACCEPT
For the above changes to take effect you must restart the iptables service.
[root@localhost ~]# service iptables restart

5. Now, let’s configure an ip interface as the last step. Use :wq to save the configuration when finished.

[root@localhost ~]# vi /etc/sysconfigc/network-scripts/ifcfg-eth0
Here you can edit the relevant settings as needed.
DEVICE=eth0
IPADDR=192.168.1.123
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.100
DNS2=192.168.1.101
NM_CONTROLLED=no
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
Now restart the network service and you’re set!
[root@localhost ~]# /etc/init.d/network restart
Categories: CentOSLinux

Related Posts

Application Containers

Docker container management using Rancher

A container management platform is a solution used to o create cloud-native, distributed applications and package legacy applications that were not originally designed for virtual environments. Container management software simplifies the process of adding or Read more…

CentOS

Install MySQL Galera Cluster on Centos 7

MySQL Galera Cluster is a synchronous multi-master cluster, available on Linux only, and only supports the XtraDB/InnoDB storage engines . It is designed to provide high availability and high throughput with low latency, while allowing Read more…

Application Containers

Installing Docker on Centos 7

Docker is a software technology providing containers. Docker provides an additional layer of abstraction and automation of operating-system-level virtualization on Windows and Linux. Docker uses the resource isolation features of the Linux kernel such as Read more…