• Domains
  • Web Hosting
  • WordPress Hosting
  • Reseller Hosting
  • Cloud VPS
  • Dedicated Servers
  • Domains
  • Web Hosting
  • WordPress Hosting
  • Reseller Hosting
  • Cloud VPS
  • Dedicated Servers
home/Knowledge Base/Dedicated Servers/Linux Guides/Initial Setup of a CentOS 7 Server
Popular Search:Dedicated Server, CentOS, Web Hosting

Initial Setup of a CentOS 7 Server

42 views 0 March 21, 2020 aklwebhost

Introduction

A newly activated CentOS 7 server has to be customized before it can be put into use as a production system. In this article, the most important customizations that you’ll have to make are given in an easy-to-understand manner.

Prerequisites

A newly activated CentOS 7 server, preferably setup with SSH keys. Log into the server as root.

ssh -l root server-ip-address

Step 1: Create a Standard User Account

For security reasons, it is not advisable to be performing daily computing tasks using the root account. Instead, it is recommended to create a standard user account that will be using sudo to gain administrative privileges. For this tutorial, assume that we’re creating a user named joe. To create the user account, type:

adduser joe

Set a password for the new user. You’ll be prompted to input and confirm a password.

passwd joe

Add the new user to the wheel group so that it can assume root privileges using sudo.

gpasswd -a joe wheel

Finally, open another terminal on your local machine and use the following command to add your SSH key to the new user’s home directory on the remote server. You will be prompted to authenticate before the SSH key is installed.

ssh-copy-id joe@server-ip-address

After the key has been installed, log into the server using the new user account.

ssh -l joe server-ip-address

If the login is successful, you may close the other terminal. From now on, all commands will be preceded with sudo.

Step 2: Disallow Root Login and Password Authentication

Since you can now log in as a standard user using SSH keys, a good security practice is to configure SSH so that the root login and password authentication are both disallowed. Both settings have to be configured in the SSH daemon’s configuration file. So, open it using nano.

sudo nano /etc/ssh/sshd_config

Look for the PermitRootLogin line, uncomment it and set the value to no.

PermitRootLogin     no

Do the same for the PasswordAuthentication line, which should be uncommented already:

PasswordAuthentication      no

Save and close the file. To apply the new settings, reload SSH.

sudo systemctl reload sshd

Step 3: Configure the Time Zone

By default, the time on the server is given in UTC. It is best to configure it to show the local time zone. To accomplish that, locate the zone file of your country/geographical area in the /usr/share/zoneinfo directory and create a symbolic link from it to the /etc/localtime directory. For example, if you’re in the eastern part of the US, you’ll create the symbolic link using:

sudo ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime

Afterwards, verify that the time is now given in localtime by running the date command. The output should be similar to:

Tue Jun 16 15:35:34 EDT 2015

The EDT in the output confirms that it’s localtime.

Step 4: Enable the IPTables Firewall

By default, the active firewall application on a newly activated CentOS 7 server is FirewallD. Though it is a good replacement for IPTables, many security applications still do not have support for it. So if you’ll be using any of those applications, like OSSEC HIDS, it’s best to disable/uninstall FirewallD.

Let’s start by disabling/uninstalling FirewallD:

sudo yum remove -y firewalld

Now, let’s install/activate IPTables.

sudo yum install -y iptables-services
sudo systemctl start iptables

Configure IPTables to start automatically at boot time.

sudo systemctl enable iptables

IPTables on CentOS 7 comes with a default set of rules, which you can view with the following command.

sudo iptables -L -n

The output will resemble:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

You can see that one of those rules allows SSH traffic, so your SSH session is safe.

Because those rules are runtime rules and will be lost on reboot, it’s best to save them to a file using:

sudo /usr/libexec/iptables/iptables.init save

That command will save the rules to the /etc/sysconfig/iptables file. You can edit the rules anytime by changing this file with your favorite text editor.

Step 5: Allow Additional Traffic Through the Firewall

Since you’ll most likely be going to use your new server to host some websites at some point, you’ll have to add new rules to the firewall to allow HTTP and HTTPS traffic. To accomplish that, open the IPTables file:

sudo nano /etc/sysconfig/iptables

Just after or before the SSH rule, add the rules for HTTP (port 80) and HTTPS (port 443) traffic, so that that portion of the file appears as shown in the code block below.

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited

Save and close the file, then reload IPTables.

sudo systemctl reload iptables

With the above step completed, your CentOS 7 server should now be reasonably secure and be ready for use in production.

Was this helpful?

Yes  No
Related Articles
  • Setup Spigot Server on Arch Linux
  • How To Install OSSEC HIDS on a CentOS 7 Server
  • Using StrongSwan for IPSec VPN on CentOS 7
  • Hot Backups with Percona XtraBackup on the One-Click WordPress App
  • Installing Rust on Ubuntu 14.04
  • Using Tango on Ubuntu 14.04
Leave A Comment Cancel reply

Linux Guides
  • Initial Setup of a CentOS 7 Server
  • Setup Spigot Server on Arch Linux
  • How To Install OSSEC HIDS on a CentOS 7 Server
  • Using StrongSwan for IPSec VPN on CentOS 7
  • Hot Backups with Percona XtraBackup on the One-Click WordPress App
  • Installing Rust on Ubuntu 14.04
View All 190  
Popular Articles
  • Using StrongSwan for IPSec VPN on CentOS 7
  • Disabling SSDP (Linux / Windows)
  • Can I pay by Western Union?
  • Can a Coupon Code Discount Be Carried Forward While I Upgrade My VPS Account
  • Can I pay multiple due invoices using a single transaction?
KB Categories
  • Billing
  • Cloud Hosting
  • CMS Hosting
  • cPanel/WHM Control Panel Guide
  • Dedicated Servers
    • AMD Opteron 6272
    • Arch
    • Backup Storage
    • Bandwidth
    • Basic Security
    • BSD
    • CentOS
    • Containers
    • CoreOS
    • DDoS Protection
    • Debian
    • Dedicated Server Control Panel
    • Intel Core i5 3550
    • Intel Core i5 4570
    • Intel Core i7 3770
    • Intel Core i7 4770
    • Intel Xeon E3 1230 V3
    • Intel Xeon E3 1245 V2
    • IP Space
    • Linux Guides
    • Minecraft
    • Networking
    • Server Apps
    • Server Troubleshooting
    • Ubuntu
    • Windows Guides
    • Windows Server 2008
    • Windows Server 2012
  • Domain Names
  • Email Support Documentation
    • Setup IMAP or POP
    • User Features – How To
    • Webmail – How To
  • FTP (File Transfer Protocol
    • CuteFTP Guide
    • FileZilla Guide
  • Game Servers
  • MySQL and MariaDB
  • Node.js
  • Plesk Web Hosting Guide
  • VPS Server
  • Web Servers

  How to Use Sudo on Debian, CentOS, and FreeBSD

Install a Minecraft Server on CentOS 6  

  • Privacy Policy
  • Terms of Use
  • © 2022 AKLWEB HOST LLC, All Rights Reserved.

Popular Search:Dedicated Server, CentOS, Web Hosting