Below is a quick tutorial on how to setup a new CentOS server with basic settings quickly. I will also show you how to lock down SSH to secure the system. However, this is by no means a complete list of instructions for securing the CentOS operating system. We will create a basic non-super user, lock down SSH, configure the firewall, and set a static IP address.

1. First let’s set the root user password.

[root@localhost ~]# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

2. Now let’s create a basic non-super user and set the password

[root@localhost ~]# adduser newusername
[root@localhost ~]# passwd newusername
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

3. Next let’s edit the SSH configuration.

[root@localhost ~]# vi /etc/ssh/sshd_config
Here we can configure SSH to use a custom port and restrict SSH access so the root user cannot login. You will also need to restart the ssh service for the changes to take effect. Use :wq to save the configuration when finished.
# Prevent root logins:
PermitRootLogin no

#Port 22
Port 123

You can restart the sshd service with the command below.

[root@localhost ~]# service sshd restart

4. Next we need to edit the iptables configuration so the server will accept traffic on the new SSH port. Use :wq to save the configuration when finished.

[root@localhost ~]# vi /etc/sysconfig/iptables

While in the iptables config you should see a line referencing port 22 already. Change the port to the new port we set previously.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT

If you wanted to restrict access to a network such as 192.168.1.0/24, edit the line as shown.

-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 123 -j ACCEPT
For the above changes to take effect you must restart the iptables service.
[root@localhost ~]# service iptables restart

5. Now, let’s configure an ip interface as the last step. Use :wq to save the configuration when finished.

[root@localhost ~]# vi /etc/sysconfigc/network-scripts/ifcfg-eth0
Here you can edit the relevant settings as needed.
DEVICE=eth0
IPADDR=192.168.1.123
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.100
DNS2=192.168.1.101
NM_CONTROLLED=no
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
Now restart the network service and you’re set!
[root@localhost ~]# /etc/init.d/network restart
Categories: CentOSLinux

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

CentOS

How to find and cleanup large files in Linux

Today I received an alert a linux system was low on free space. Using the below command I found “/dev/mapper/VolGroup00-LogVol00” had 4% available space. [root@centos ~]$ df -hFilesystem               Read more…

CentOS

How to Install the VMware Tools on CentOS

It is very important that you install VMware Tools in the guest operating system. With the VMware Tools installed VMs support significantly faster performance, time synchronization, and other enhanced features. Below are the steps to Read more…

CentOS

VMware SRM: The guest operating system ‘centos64Guest’ is not supported

Recently, I ran a test of a SRM Recovery Plan for a new set of Linux VMs I inherited. The first test didn’t go so well and returned the error “Error – The guest operating Read more…