CentOS 7/FineTune

Uit WaaaghPedia

Maak nieuwe gebruiker en voeg deze in de sudoers groep

https://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers

Importeer SSH Sleutels

mkdir ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDqOq7WMtPomV0qavAriuZzptMYrsTe4Dd19EfJkMqtZ7dEPVeeNqCA5Ytk892Gg7iKAVZWBrqIJmrJBPaf20mIA7A61SIEf4URaq9BbVDHQiFLewbSDLiZ3b/CfRWKCBXWwVC+wMtVEGzh8nbqJWY05BLfya2B+bPIV30TcTf6vKVhiKRLad/TEPJQml355dqFw1r1sPD/1TzgcGE8Unz8wVm7AiK+VmHNKOueSNMGOmDuOJwJqn6PdEtr+QtrjlG0Uw5RXqWc6R4YrhCXweR+XL2jKHT61ymc69luwxfn5n3He8b/k6ZIP3d1NySobHJQ5fVYVh3EIRbRwnpZXf5YeJrFvRgiWCze99tKAc7NUU9N3Pcmpk7vs2nRutZzkd2ku5EZli1bp7g1PFu2gBH1VmYtRuU0Xh3mjSiav4qtje8i70IW2qRl8Bnpa+4DsL/IV7dppgI8kYBLQcoO2hw3wo1S4zr3IyWsbhb5BmirpzKwk5tri4XlMqYHtoj4kr/uSXPIUYTQ0OYtqQrZoWVCq6tiTq4HHECGoaowTOGCz2LgBAq3S7gp274yq/2TRZ4NKXrgS/ORwpVQkfXACEQbTrCFdFNR0hrQlHM/By8zI/keC2M0jIxHlMH4gFkP2tuGk/VRVlluQEyRG6dW6+lSWAGDlHkTB1eETrWi9JYGdw== RonaldvanHeugten.nl Public SSH Key' >> ~/.ssh/authorized_keys

Extra beveiliging

#sudo sed -i /etc/ssh/sshd_config -r -e 's/^PermitRootLogin.*/PermitRootLogin no/g'
sudo sed -i /etc/ssh/sshd_config -r -e 's/^ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/g'
sudo sed -i /etc/ssh/sshd_config -r -e 's/^PasswordAuthentication.*/PasswordAuthentication no/g'
sudo sed -i /etc/ssh/sshd_config -r -e 's/^UsePAM.*/UsePAM no/g'
sudo sed -i /etc/ssh/sshd_config -r -e 's/^MaxAuthTries.*/MaxAuthTries 6/g'
sudo systemctl reload sshd

Update CentOS


Helaas ben ik overgestapt naar Ubuntu als linux platform, CentOS wordt niet meer bijgehouden!
yum clean all
yum check-update
yum update -y --disableplugin=fastestmirror

Auto Update

https://linuxaria.com/howto/enabling-automatic-updates-in-centos-7-and-rhel-7

Install packages

yum install -y nano wget net-tools NetworkManager-tui curl unzip tar git gcc screen ntp yum-utils epel-release
yum install -y htop
yum updateinfo list security all
yum update --security
yum -y install yum-cron
systemctl start yum-cron
systemctl enable yum-cron
systemctl enable ntpd
systemctl start ntpd
ntpdate -s pool.ntp.org
date
echo 'alias vi="nano"' >> ~/.bashrc
echo 'alias ll="ls -ls"' >> ~/.bashrc
echo 'export PS1="\[\033[38;5;11m\]\u\[$(tput sgr0)\]\[\033[38;5;15m\]@\h\[$(tput sgr0)\]\[\033[38;5;6m\][\w]:\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' >> ~/.bashrc

Draait u deze machine op en virtueel platform? Installeer dan de juiste Guest tools

SELinux Uitschakelen

sed -i /etc/selinux/config -r -e 's/^SELINUX=.*/SELINUX=disabled/g'

Webmin

nano /etc/yum.repos.d/webmin.repo
[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1
wget http://www.webmin.com/jcameron-key.asc
rpm --import jcameron-key.asc
yum install webmin -y
systemctl start webmin
systemctl enable webmin
firewall-cmd --zone=public --permanent --add-port=10000/tcp
firewall-cmd --reload