Pages

Monday, February 17, 2014

How to configure a CentOS Linux Server in 5 steps

Below is a quick tutorial on how to setup a new CentOS server with basic settings quickly. I will also show you how to lock down SSH to secure the system. However, this is by no means a complete list of instructions for securing the CentOS operating system. We will create a basic non-super user, lock down SSH, configure the firewall, and set a static IP address.

1. First let's set the root user password.

[root@localhost ~]# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
2. Now let's create a basic non-super user and set the password
[root@localhost ~]# adduser newusername
[root@localhost ~]# passwd newusername
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
3. Next let's edit the SSH configuration.
[root@localhost ~]# vi /etc/ssh/sshd_config
Here we can configure SSH to use a custom port and restrict SSH access so the root user cannot login. You will also need to restart the ssh service for the changes to take effect. Use :wq to save the configuration when finished.
# Prevent root logins:
PermitRootLogin no

#Port 22
Port 123
You can restart the sshd service with the command below.
[root@localhost ~]# service sshd restart
4. Next we need to edit the iptables configuration so the server will accept traffic on the new SSH port. Use :wq to save the configuration when finished.
[root@localhost ~]# vi /etc/sysconfig/iptables
While in the iptables config you should see a line referencing port 22 already. Change the port to the new port we set previously.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT
If you wanted to restrict access to a network such as 192.168.1.0/24, edit the line as shown.
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 123 -j ACCEPT
For the above changes to take effect you must restart the iptables service.
[root@localhost ~]# service iptables restart
5. Now, let's configure an ip interface as the last step. Use :wq to save the configuration when finished.
[root@localhost ~]# vi /etc/sysconfigc/network-scripts/ifcfg-eth0
Here you can edit the relevant settings as needed.
DEVICE=eth0
IPADDR=192.168.1.123
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.100
DNS2=192.168.1.101
NM_CONTROLLED=no
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
Now restart the network service and you're set!
[root@localhost ~]# /etc/init.d/network restart