Essential checklist after a fresh Linux installation part 1
I have shown the installation process on my previous blog titled by “Install centos on virtualbox or vmware”. The installation process is same if you want to install Centos on a physical machine.
On this article I will explain few things that help us preparing our system for implementing some particular service. Here we should go through some topic to make a server secure and workable over network.
As we all know security is a very important factor now a day. So we will concentrate on some basic security and it implementation procedure.
So let’s know about the topics:
- Set hostname.
- Disable selinux.
- Create a new user and make that user a super user.
- Disable SSH root login.
- Change the grub timeout.
- Disable IPv6 if not necessary.
- Set time zone.
- Configure network interface with a static IP.
- Check swap or create and configure swap for the system.
- Disable iptables or firewalld.
So let’s start the brief.
- Set hostname: this is one of the important parts for setting up a server. Why we need a hostname! Well when we prepare a service we usually prepare it for the people who do not know about IP address and logical issues. So we need to give that a name. Also it is related with security.
There are two ways to do it. First one is using command and second is editing a file named hostname under etc directory.
#Hostname set-hostname your-hostname
Or
#vim /etc/hostname
Put your hostname here.
- Disable selinux: first of all this is not recommended on centos 7 or RHEL 7. But for the beginners it is better to start without selinux. It will keep simple the processes at the beginning. We will eventually go through these contexts in future.
Some heads up about selinux. It has three levels and these are enforcing, permissive and disabled. Enforcing means it will enforce policy on the services, permissive means it will give warning but it will not enforce and disabled means it will totally disengage selinux from the kernel.
There are two files we can edit to disable selinux. First /etc/sysconfig/selinux and second one is /etc/selinux/config. Both of these files will show the same content.
Run the command:
#vim /etc/sysconfig/selinux
Now find the line
SELINUX= enforcing
Change it to
SELINUX= disabled
After this run the command
#Init 6
After the system boot up now run the command
#getenforce
If you get the answer as “disabled”, then we can be sure that the selinux is finally disabled permanently.
- Create a new user and make that user a super user: this is a step we should take to secure our system. As we all know root is the default user for almost every Linux base system. So when someone tries to break in they always try to crack the root password. So we need to secure our super user for this reason particularly. Also there are so many other reasons we should secure our super user.
There are few steps to complete this task.
First, we need to create a user and set a password to that user.
#useradd User_Name
#passwd User_Name
Second we have to put this user into wheel group.
#usermod -G wheel User_Name
Now open a file using vim editor
#vim /etc/pam.d/su
Uncomment the line have this content:
auth required pam_wheel.so use_uid
now save and exit the file. Open another file called sudoers.
#vim /etc/sudoers
Go to the end of this file and add the below line:
User_name ALL=(ALL) ALL
Save and exit the file.
- Disable SSH root login: SSh is one of the easiest way to service to provide remote access to the users or system administrators. So this service needs to be monitored and have proper regulation to protect the server.
it is a short work which can help us from a lot of threads. For this we need to edit just one single line from a file. Open the file sshd_config under etc/ssh directory.
#vim /etc/ssh/sshd_config
Now find and uncomment the line
#PermitRootLogin yes
Change it to:
PermitRootLogin no
Now save and exit the file.