About CentOS.

CentOS operating system is a clone of RHEL ( Red Hat Enterprise Linux ) OS. It is one of many linux operating systems such as Ubuntu, Fedora, CoreOS, Debian and FreeBSD. The users of the CentOS Linux distributions are those who require system stability for as long as possible. CentOs therefore has this as its chief selling point. The release of tested, stable versions of the software. CentOS has YUM as the package manager, for all the default applications that ship with the OS. They come in thier stable versions and its not recommended to try to work around them.

For CentOS version 7, here are a few configuration procedures that will help for its basic setup. They will help with security and the use of your machine.

SSH to your server as root, using your machine's public IP address, supply the password. Accept any prompts the server throws back at you. If it is a first time login, you will have to change the login password for root.

About users on CentOS: Setting up users.

The super user is root in Linux and it has full privileges, broad enough to make both constructive and destructive adjustments to the operating system. Which in most cases cannot be undone. So user accounts are helpful for routine work on your linux system.

To create a new user called manager, fire the shell command

 # adduser manager 

To assign a password to new the user, manager, fire the shell command

 # passwd manager 

Key in a good password and confirm by typing it the second time, when prompted to do so

Adding root privileges

After setting up the regular user account with user level rights and privileges. The need to have users who are also admins such as "manager" will also arise.

This requires adding super user privileges to the normal account. Such that a regular account would be able to run admin commands by using the word "sudo" before each of such commands.

The "manager" user would have to be added to a group, called the "wheel" group for these privileges to be added to it. Such that it can be able to use the sudo command.

to do that, fire the following command :

 # gpasswd -a manager wheel

With this the user "manager" can now run commands with admin user privileges.

Configuring the secure shell Daemon

In order to increase server security, we can change the SSH configuration file. The SSH daemon allows access to the server, remotely as the root user over a custom port 22.

Start by using your favorite text editor , to view the configuration file as root.

 # vi /etc/ssh/sshd_config 

To ensure no one has remote access to our server as the root user, we can disable root logins via Secure Shell. We can then login as "manager" and use its admin privileges as occasion demands.

To do this, find the line as shown below and change the directive to no.

 /etc/ssh/sshd_config  
 #PermitRootLogin yes

Also to ensure no one has remote access to our server via port 22, we can change the SSH port.

To do this, find the line as shown below and change the directive to no.

 /etc/ssh/sshd_config  
 #Port 22

You will have to search through several lines, of directive so use the search utility within your favourite editor. For vi, press escape and type the following lines to find the PermitRootLogin directive.

 /PermitRoot 

Hit the enter key. Remove the '#' sign and change the "yes" to "no".

The new command will look like this :

 /etc/ssh/sshd_config  
 PermitRootLogin no

For the port, press escape and type the following lines to find the Port directive.

 /Port 

Also, hit the enter key. Remove the '#' sign and change the "22" to "1234". Or any custom port number you may choose.

The new command will look like this :

 /etc/ssh/sshd_config  
 Port 22

Ensuring remote access as root is disabled is very important on your server.

Also ensuring the default port address is no longer in use for remote SSH access is equally important on your server.

Strike the escape key again and type the following commands to save and close the file.

 :wq 

Restarting SSH

For the server to use the new configurations, an SSH restart is required.

 # systemctl reload sshd 

We test the new configs before logging off, to know they were properly done.

Launch a new terminal window using any command program you have. Begin a new connection to your server. With this new connection, we will test the new user "manager" instead of root for login.

Connect by SSH using the following command.

 # ssh -p 1234 manager@SERVER_IP_ADDRESS 

If you are using putty or any other SSH program, ensure to replace port 22 with your custom port for each session. You will be prompted for the new user name and password. Before you get logged in as the new user.

To run a command that requires admin previleges, type sudo before it like this:

 # sudo command_to_run 

If everything is well you can end the SSH session, by typing :

  exit 

Phanerus Banner