CentOS 7, a popular choice for server environments, offers robust features and stability. However, to make the most of it, you need to set it up correctly. In this guide, we’ll walk you through the initial setup of your CentOS 7 server, focusing on security and efficiency. By the end, you’ll have a server that’s not only secure but also optimized for peak performance.
Table of Contents
- The Importance of Initial Server Setup
- Step 1: Access Your CentOS 7 Server
- Step 2: Update the System CentOS 7 Server
- Step 3: Create a New User
- Step 4: Securing OpenSSH on CentOS 7 Server
- Step 5: Configure the Firewall on CentOS 7 Server
- Step 6: Install Fail2Ban on CentOS 7 Server
- Step 7: Set Up Automatic Updates
- Step 8: Optimize Server Performance
- Conclusion
The Importance of Initial Server Setup
Firstly performing the initial setup of your CentOS 7 server is crucial for several reasons:
- Security: A properly configured server is less vulnerable to security threats.
- Efficiency: An efficiently configured server maximizes resource utilization and reduces downtime.
Now, let’s dive into the step-by-step process.
Step 1: Access Your CentOS 7 Server
To begin, you need access to your CentOS 7 server either physically or via SSH (Secure Shell). If you’re connecting remotely, make sure you have your server’s IP address and credentials.
Step 2: Update the System CentOS 7 Server
Start by ensuring your server’s software is up to date. Run the following command:
[root@centos7 ~]# yum update
This command will update all installed packages to their latest versions, including security patches.
Step 3: Create a New User
Once you are logged in as root, you can create a new user account that you will use to log in from now on. It’s good practice not to use the root user for day-to-day tasks. Create a new user with sudo privileges to enhance security:
This example creates a new user called samm, but you should replace it with any username that you prefer:
[root@centos7 ~]# adduser yourusername
[root@centos7 ~]# passwd yourusername
[root@centos7 ~]# usermod -aG wheel yourusername
Replace yourusername
with the desired username.
Granting Administrative Privileges
Now, you have a new user account with regular account privileges. However, you may sometimes need to perform administrative tasks.
To avoid having to log out of your regular user and log back in as the root account, you can set up what is known as “superuser” or root privileges for your regular account. This will allow your regular user to run commands with administrative privileges by putting the word sudo before each command.
To add these privileges to your new user, you need to add the new user to the wheel group. By default, on CentOS 7 server, users who belong to the wheel group are allowed to use the sudo command.
As root, run this command to add your new user to the wheel group with the following command:
[root@centos7 ~]# usermod -aG wheel yourusername
Now, when logged in as your regular user, you can type sudo before commands to perform actions with superuser privileges.
Step 4: Securing OpenSSH on CentOS 7 Server
For added security, you can do a few ways like disable root login via SSH, disable password-based authentication and use SSH keys for authentication or change the default SSH port (22). Here are some recommended configurations:
[root@centos7 ~]# nano /etc/ssh/sshd_config
- Disable Root Login: Prevent root login directly through SSH. Create a separate user with sudo privileges for administrative tasks. Locate the line
PermitRootLogin
and set it tono
. - Use SSH Key Authentication: Disable password-based authentication and use SSH keys for authentication. This is highly recommended for security. Locate the line
PasswordAuthentication
and set it tono
. - Change SSH Port (Optional): You can change the default SSH port (22) to a custom port for added security. Make sure the chosen port is not used by other services. Locate the line
Port
and set it to2222
.
Then save the file and restart the SSH service with the following commands:
[root@centos7 ~]# systemctl restart sshd
Step 5: Configure the Firewall on CentOS 7 Server
CentOS 7 comes with a built-in firewall, firewalld. To allow essential services, use the following commands:
[root@centos7 ~]# firewall-cmd --permanent --add-service=ssh
[root@centos7 ~]# firewall-cmd --permanent --add-service=http
[root@centos7 ~]# firewall-cmd --reload
This configuration allows SSH and HTTP traffic, but you can adapt it to your specific needs.
Step 6: Install Fail2Ban on CentOS 7 Server
Fail2Ban basically is a security tool that protects your server against brute-force attacks. Install it using the following command:
[root@centos7 ~]# yum install fail2ban
After installation, start the service and enable it to start on boot with the following command:
[root@centos7 ~]# systemctl start fail2ban
[root@centos7 ~]# systemctl enable fail2ban
Step 7: Set Up Automatic Updates
To keep your server secure, configure automatic updates with the following command:
[root@centos7 ~]# yum install yum-cron
[root@centos7 ~]# systemctl start yum-cron
[root@centos7 ~]# systemctl enable yum-cron
This ensures that your system stays up to date specifically with security patches.
Step 8: Optimize Server Performance
Additionally enhance your server’s efficiency with a few optimizations:
Swap Space
Create a swap file to improve memory management with the following command:
[root@centos7 ~]# fallocate -l 1G /swapfile
[root@centos7 ~]# chmod 600 /swapfile
[root@centos7 ~]# mkswap /swapfile
[root@centos7 ~]# swapon /swapfile
Disable Unnecessary Services
Identify and disable services you don’t need with the following command:
[root@centos7 ~]# systemctl list-unit-files | grep enabled
[root@centos7 ~]# systemctl disable servicename
Replace <service-name>
with the service you want to disable.
Conclusion
Lastly Congratulations! You’ve successfully completed the initial setup of your CentOS 7 server with a strong focus on security and efficiency. By following these steps, you’ve created a solid foundation for hosting websites, applications, or services.
Remember that server security is an ongoing process. Regularly monitor and update your server to stay protected against emerging threats. Additionally, fine-tune your server’s configuration to meet your specific needs.
While this guide has equipped you with the essential knowledge to set up a secure and efficient CentOS 7 server. Use it as a reference as you continue to manage and optimize your server for peak performance.
Also Read Our Other Guides :
- Initial Setup Rocky Linux 9 Server: Secure and Efficient
- Initial Setup Ubuntu Server 22.04: Secure and Efficient
- Initial Setup Debian 11 Server: Secure and Efficient
- How To Set Up a Firewall Using FirewallD on CentOS 7
- How To Set Up a Firewall Using FirewallD on Rocky Linux 9
- How To Install RTMP Server with Nginx on CentOS 7
Finally, now you have learned initial setup CentOS 7 Server with secure and efficient.