CentOS 8/FineTune

Uit WaaaghPedia

https://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers

Importeer SSH Sleutels

Ssh-key-auth-flow.png

mkdir ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAtJeRsDBByVp3IQg/c+jCYlRLPHbAQo6N3M9Bx9SF5t4YVXoO2gB1lMyLv+9PIX45v4MER1w3cQ2TmhG1rNvPe++6DSZnCMONmO/1AHDH2+iiXtXLtZPu2wwPeie7zS5+kdU4IQXjlLvIOAhWO3t+kdiXOQjLyg+K9tDYoxNr8rgDNNaXeykHOirpfLqG/DDFEmUJxS0eusaDLkH+isK3iSq5A24EAMUbYonrRjouF2XQzDbcSo2CwcsSsnq74IDjwYAzz+0HpG0Y2h8fXalEQla3IGZYW+l1kCaASb0i5cPB6HHG03NGSVj7Ys2cV5829Ec4JHPjZ6ZCB1GIu3eBnw== RonaldvanHeugten.nl Public SSH Key' >> ~/.ssh/authorized_keys

echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA0nZzEYjTzw7mHPzihrC9cExQL8/HOP7RygHADPPqazeNdb/KltJbeFSWPyiAdk2YDyj65MJufs3aRus0rU9xLwwvNCCJd5SdkO9dQdAIr9KuD0zJZ+zOOlIU2WHbYIf4kW7P0PGBRD/+VYW8lib/YAYn/CV9H6sU3Panie7O0OsGQ7bzSvaFqCPc73/nboJ7FN7VCU96VUZkjQ6rHwdS4h+2wXxLQ2CQ/Aox8mZ5X6BV2OWuuWuhBnT+UKYpjlG2ps24asnIskPAXEDun5hXc3Hhh3K87Yl4i8NNrjgT+AVoNA8Kjjr9z5WJNTwPkWSf7ErvPXlHCcVjfGE1YNu7/Q== wesleyvanlaere.nl Public SSH Key' >> ~/.ssh/authorized_keys

Extra beveiliging

#sed -i /etc/ssh/sshd_config -r -e 's/^PermitRootLogin.*/PermitRootLogin no/g'
sed -i /etc/ssh/sshd_config -r -e 's/^ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/g'
sed -i /etc/ssh/sshd_config -r -e 's/^PasswordAuthentication.*/PasswordAuthentication no/g'
sed -i /etc/ssh/sshd_config -r -e 's/^UsePAM.*/UsePAM no/g'
sed -i /etc/ssh/sshd_config -r -e 's/^MaxAuthTries.*/MaxAuthTries 6/g'
systemctl reload sshd

Maak nieuwe gebruiker en voeg deze in de sudoers groep en voeg je keys ook toe aan deze gebruiker. (herhaal bovenstaande stap)

Update CentOS

sudo yum clean all
sudo yum check-update
sudo yum update -y --disableplugin=fastestmirror

Auto Update

https://computingforgeeks.com/enable-automatic-software-updates-on-centos-rhel-8/

Install packages

sudo yum install -y epel-release
sudo yum install -y yum-utils
sudo yum install -y screen 
sudo yum install -y gcc 
sudo yum install -y git 
sudo yum install -y tar 
sudo yum install -y unzip 
sudo yum install -y curl 
sudo yum install -y NetworkManager-tui 
sudo yum install -y net-tools
sudo yum install -y wget 
sudo yum install -y nano 
sudo yum install -y htop
echo 'alias vi="nano"' >> ~/.bashrc
echo 'alias ll="ls -ls"' >> ~/.bashrc
echo 'export PS1="\[\033[38;5;11m\]\u\[$(tput sgr0)\]\[\033[38;5;15m\]@\h\[$(tput sgr0)\]\[\033[38;5;6m\][\w]:\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' >> ~/.bashrc

Draait u deze machine op en virtueel platform? Installeer dan de juiste Guest tools

SELinux Uitschakelen

sudo sed -i /etc/selinux/config -r -e 's/^SELINUX=.*/SELINUX=disabled/g'