Handelingen

CentOS 7/FineTune

Uit WaaaghPedia

< CentOS 7

Maak nieuwe gebruiker en voeg deze in de sudoers groep

https://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers

Importeer SSH Sleutels

Ssh-key-auth-flow.png

mkdir ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAtJeRsDBByVp3IQg/c+jCYlRLPHbAQo6N3M9Bx9SF5t4YVXoO2gB1lMyLv+9PIX45v4MER1w3cQ2TmhG1rNvPe++6DSZnCMONmO/1AHDH2+iiXtXLtZPu2wwPeie7zS5+kdU4IQXjlLvIOAhWO3t+kdiXOQjLyg+K9tDYoxNr8rgDNNaXeykHOirpfLqG/DDFEmUJxS0eusaDLkH+isK3iSq5A24EAMUbYonrRjouF2XQzDbcSo2CwcsSsnq74IDjwYAzz+0HpG0Y2h8fXalEQla3IGZYW+l1kCaASb0i5cPB6HHG03NGSVj7Ys2cV5829Ec4JHPjZ6ZCB1GIu3eBnw== RonaldvanHeugten.nl Public SSH Key' >> ~/.ssh/authorized_keys

echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA0nZzEYjTzw7mHPzihrC9cExQL8/HOP7RygHADPPqazeNdb/KltJbeFSWPyiAdk2YDyj65MJufs3aRus0rU9xLwwvNCCJd5SdkO9dQdAIr9KuD0zJZ+zOOlIU2WHbYIf4kW7P0PGBRD/+VYW8lib/YAYn/CV9H6sU3Panie7O0OsGQ7bzSvaFqCPc73/nboJ7FN7VCU96VUZkjQ6rHwdS4h+2wXxLQ2CQ/Aox8mZ5X6BV2OWuuWuhBnT+UKYpjlG2ps24asnIskPAXEDun5hXc3Hhh3K87Yl4i8NNrjgT+AVoNA8Kjjr9z5WJNTwPkWSf7ErvPXlHCcVjfGE1YNu7/Q== wesleyvanlaere.nl Public SSH Key' >> ~/.ssh/authorized_keys

Extra beveiliging

#sed -i /etc/ssh/sshd_config -r -e 's/^PermitRootLogin.*/PermitRootLogin no/g'
sed -i /etc/ssh/sshd_config -r -e 's/^ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/g'
sed -i /etc/ssh/sshd_config -r -e 's/^PasswordAuthentication.*/PasswordAuthentication no/g'
sed -i /etc/ssh/sshd_config -r -e 's/^UsePAM.*/UsePAM no/g'
systemctl reload sshd

Update CentOS

yum clean all
yum check-update
yum update -y --disableplugin=fastestmirror

Install packages

yum install -y nano wget net-tools NetworkManager-tui curl unzip tar git gcc screen ntp yum-utils epel-release
yum install -y htop
yum updateinfo list security all
yum update --security
yum -y install yum-cron
systemctl start yum-cron
systemctl enable yum-cron
systemctl enable ntpd
systemctl start ntpd
ntpdate -s pool.ntp.org
date
echo 'alias vi="nano"' >> ~/.bashrc
echo 'alias ll="ls -ls"' >> ~/.bashrc
echo 'export PS1="\[\033[38;5;11m\]\u\[$(tput sgr0)\]\[\033[38;5;15m\]@\h\[$(tput sgr0)\]\[\033[38;5;6m\][\w]:\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' >> ~/.bashrc

Draait u deze machine op en virtueel platform? Installeer dan de juiste Guest tools

SELinux Uitschakelen

sed -i /etc/selinux/config -r -e 's/^SELINUX=.*/SELINUX=disabled/g'

Webmin

nano /etc/yum.repos.d/webmin.repo
[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1
wget http://www.webmin.com/jcameron-key.asc
rpm --import jcameron-key.asc
yum install webmin -y
systemctl start webmin
systemctl enable webmin
firewall-cmd --zone=public --permanent --add-port=10000/tcp
firewall-cmd --reload