Home Tech CentOS: Basic CentOS Setup Before Building a Working Server

CentOS: Basic CentOS Setup Before Building a Working Server

SHARE

Basic CentOS Setup Before Building a Working Server

 

The essential things you have to actually do in the first time you build a web server on CentOS 6. You may simply straight forward to install Apache, Nginx, Lighthttpd, or any web server you want but it is strongly recommended to firstly follow some basic and common practices of initial server setup. This is aimed to tweak and apply some basic security protection on your server and make it real private. For instance, to change default root login, change default SSH port and so on.

Following all steps in this initial CentOS server setup is not a must but strongly recommended. However the decision is up to you. I assumed you have either VPS or Dedicated server already so you can follow this guide.

In this example, I use a VPS with 512Mb of RAM running CentOS 6.3 x32 located in Amsterdam hosted by DigitalOcean.

Step 1 – Login to your remote server via SSH connection. You can use either use Terminal (Mac / Linux) or Putty in Windows. You should login as root.

About Root

The root user is the administrative user in a Linux environment that has very broad privileges. Because of the heightened privileges of the root account, you are actually discouraged from using it on a regular basis. This is because part of the power inherent with the root account is the ability to make very destructive changes, even by accident.

The next step is to set up an alternative user account with a reduced scope of influence for day-to-day work. We’ll teach you how to gain increased privileges during the times when you need them.

 

During your first login, Putty (or Terminal) will ask you to cache server’s host key in the registry and remember server’s ras2 key fingerprint. Don’t panic and simply hit Yes.

1

Step 2 – Change default password for root. Sometimes a VPS or server is created using random password generated by the provider’s management software. It is good practice to change it to something easier to remember by you but hard to crack or guess by others. Use this command syntax:

1Passwd

You’ll then be asked to enter your new password twice.

2

Make sure you use strong words and numbers combination but also make sure you can easily remember it.

Step 3 – Create new user. This new user will be used for you to login to your server in the next time because you have to also disable root login (I’ll tell you in the next steps) because “root” is really a standard username hackers can easily guess. Use command below to create new username:

1/usr/sbin/adduser newuser

*change “NEWUSER” above with your own new username. In this example I use my name “sawiyati”.

Then issue this command to setup password for that user:

1passwd newuser

Upon hitting Enter on your keyboard your server will ask you to type the password for that user.

3

Step 4 – Setup root privileges to that user so once you logged in to your server using that new user you will still be able to perform any root only tasks. To do that simply issue this command:

1/usr/sbin/visudo

then look for the line / section called:

1

2

# User privilege specification

root    ALL=(ALL)       ALL

or in different CentOS release it may also like this:

1

2

## Allow root to run any commands anywhere

root    ALL=(ALL)        ALL

Then add this line right after the root line:

## Allow root to run any commands anywhere

root      ALL=(ALL)        ALL

newuser   ALL=(ALL)        ALL

it should look like this:

4

How to edit? If you don’t have Nano editor installed yet, simply hit “a” (without quotes). Once done adding new line, simply hit Esc key to exit editing mode. Now press Shift key + ZZ to save and exit vi editor.

NOTE:

To avoid having to log out of our normal user and log back in as the root account, we can set up what is known as “super user” or root privileges for our normal account. This will allow our normal user to run commands with administrative privileges by putting the word sudo before each command.

 

Step 5 – Change SSH default port and disable root login. This is what I mean in step 3 above. In this case you’ll need to edit “sshd_config” file which is the main configuration file of SSH service in your server. You can either use vi or Nano to edit it. In this example I use Nano editor:

1nano /etc/ssh/sshd_config

Then fine following lines:

1#port 22

Remove the # symbol and change the “22” (it is default port) to to any number between 1025 and 65536, For example is port 22000. Example:

1port 22000

5

Next, also find:

1#PermitRootLogin yes

Remove the # symbol and change yes to no

PermitRootLogin no

So it will look like this:

6

Next, find this line as well:

1#UseDNS yes

Remove the # symbol and change yes to no

UseDNS no

It may look like this:

7

Don’t close Nano editor just yet, now proceed to the next step:

Step 6 – Allow new user to login via SSH to your server. Simply add this line in the very bottom of that file:

1AllowUsers newuser

Of course you have to replace “newuser” with your own username created in the step 3 above. Example:

8

Once done, hit Control+O to save then Control+X to exit Nano editor.

Step 7 – Reload SSH service. To make sure the new configuration is used by the service, simply reload SSH by using this command:

1/etc/init.d/sshd reload

It should return with the OK message.

Step 8 – Give it a try! I assumed currently you are still logging in as root. Don’t close that SSH session yet before you test it and make sure all the settings you defined in SSH config file really works. Now launch another Terminal window or launch another Putty instance then login using new SSH port, new username, and of course new password.

After the changes, you’ll see your new username instead of root:

9

Enjoy..