For the selected server using CentOS Cloud 7 a minimal configuration, we recommend that steps should be taken to safety in the use. After the virtual build machine (cloud server) as follows:
User: root is the root user will have after installing CentOS to bring in corrective action installation parts and as a user with permissions to manage the system Max. Therefore, for security reasons, we have to use other user should be created to act in the place of use and user: root only when necessary.
Start by logging in with user: root and create a new user, as well as to define password for a newly created user, password should be assigned, quite difficult to guess, for example, there are a number of 8 or more, consisting of uppercase letters. Small print Letters, numbers, and special characters.
1 # adduser somchai
2 # password somchai
After that, we will define the rights of newly created user with sudo so that it can be implemented in different parts instead of user: root.
Add a user’s permissions: somchai from the line of “root ALL = (ALL) ALL”
1 somchai ALL=(ALL:ALL) ALL
Save and exit the command page
Test login with user: somchai through console and run the command to test permissions as.
1 $ sudo iptables –L
After we have created the new user, and then. Next we begin to edit different parts of the system from the user that is created by a delegate from Herpes Simplex remote access to the server, including remote user’s permissions turned off: root.
1 $ sudo vi /etc/ssh/sshd_config
1 #Port 22 > Port 9009
3 #PermitRootLogin yes > PermitRootLogin no
Save and exit the command page
Unable to validate the file as modified according to the instructions below.
1 $ sudo sshd -t
To restart SSH service (to make sure. You may make this process through the ssh console is not a problem to block the firewall) *
1 $ sudo systemctl reload sshd.service
For CentOS with firewall to have, is firewalld and the parts that are used to define the rules and values is the firewall-cmd in this article, we will discuss the optimization of the firewall from the value derived from the installation server only when we start ordering service, then we will be able to assign a different port or init outgoing routing rule to use.
Order to start the work.
1 $ sudo systemctl start firewalld
The first part is to enable the remote server to be able to SSH service.
For the SSH service if it has not been modified port of the SSH server can enable service with the command.
1 # sudo firewall-cmd –permanent –add-service=ssh
But if there are changes to the SSH port (previously, we have such values have been changed.) The new port assignments can be done with the command.
1 $ sudo firewall-cmd –permanent –remove-service=ssh
2 $ sudo firewall-cmd –permanent –add-port=9009/tcp
If we want to use a different Mail server, for example, section or Web server usage can be added.
1 $ sudo firewall-cmd –permanent –add-service=smtp
2 $ sudo firewall-cmd –permanent –add-service=http
Examples of service checks that can be activated.
1 $ sudo firewall-cmd –get-services
When firewall is configured successfully. Can verify the information that has been modified from the?
1 $ sudo firewall-cmd –permanent –list-all
And reload the values to use with the given service has started since the start,
1 $ sudo firewall-cmd –reload
2 $ sudo systemctl enable firewalld
The Time zones are usually determined from the installation, but we should check the times and Time zones correctly again before getting started.
1 $ sudo timedatectl list-timezones
2 $ sudo timedatectl set-timezone Asia/Bangkok
3 $ sudo timedatectl
Network Time Protocol
When configuring Time zones are correct. Next we will set up the sync time from another server in order to have time to work correctly and matches that for the Service to be used is ntp, which can be installed from the default repositories of CentOS.
1 $ sudo yum install ntp
2 $ sudo systemctl start ntpd
3 $ sudo systemctl enable ntpd
Keep OS up-to-date (patching)
We should have a new version of update package on a regular basis. To protect against vulnerabilities that might be found in some version of this command should be run periodically (once a week, etc.).
1 $ sudo yum update