When you install a fresh Linux OS on server, You may need to install necessary package and make it ready for the production use. In technical word we call as a Server Hardening The server Hardening dependents upon the usage of the server. Here we will discuss basic Linux Server Hardening.
1. To configure IP Address:- (Setting Static IP Address)
vi /etc/sysconfig/network-scripts/ifcfg-eno16777984
HWADDR=
TYPE=Ethernet
BOOTPROTO=static
NAME=eno16777984
UUID=
ONBOOT=yes
IPADDR=10.11.12.40
NETMASK=255.255.254.0
GATEWAY=10.11.12.1
DNS=8.8.8.8
systemctl restart network.service
ip addr show
Note: Once you restart network service IP changes get reflect. Here IP has been changed from DHCP to STATIC. 10.11.12.40 is my internal IP.
2. To change hostname immediately:-
vim /etc/hostname
linux
or
hostname -> to view current name
vim /etc/sysconfig/network
HOSTNAME=blog
hostnamectl set-hostname blog
systemctl restart network
hostnamectl status
3. Resolve.conf file entry:
nameserver 8.8.8.8
nameserver 4.2.2.2
4. Install Vim editor:
yum install -y vim -> text editor most popular editor in linux
5. Disable SELinux policy:
getenforce
vim /etc/sysconfig/selinux
6. Check firewall and IPTABLES:
systemctl status firewalld.service
iptables -L
systemctl mask iptables
systemctl stop iptables
systemctl disable iptables
systemctl status iptables
systemctl enable firewalld.service
systemctl status firewalld.service
Once done above changes need to reboot the machine.
init 6 -> to reboot
7. Install SNMP:-
yum install net-snmp-utils php-snmp net-snmp-libs
vim /etc/snmp/snmpd.conf
8. Install necessary packages:-
yum install wget telnet net-tools links
9. Installing and Configuring NTP:-
yum install ntp
vi /etc/ntp.conf -> Configuration file
server ntp.server.com
or
server ntp.org
server ntp.server.com --> public ntp server, If we own any ntp server then we can use server hostip eg: server 10.11.12.41
systemctl start ntpd.service
systemctl enable ntpd.service
systemctl status ntpd.service
10. Install MySQL:
a) Add repostiory
rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
b) Install mySQL:
yum install mysql-server
c) Start MySQL service
[root@linux ~]# systemctl start mysqld
[root@linux ~]# systemctl enable mysqld
[root@linux ~]# systemctl status mysqld
d) Configure MySQL
mysql_secure_installation
e) login into mysql
mysql -u root -p
11. Install Apache:-
a) Install apache using yum in CentOS:
yum install httpd -y
b) Start the service after installing the apache:
service httpd start
service httpd enable
Default location for apache
/var/www/html/
Default Configuration file for apache
/etc/httpd/conf/httpd.conf
c) To change Apache port:
vim /etc/httpd/conf/httpd.conf
[Default port is 80 but here i am changing the apache listening port from 80 to 991]
Listen 10.11.12.40:991
<Virtualhost *:991>
ServerAdmin 10.11.12.40:3221
DocumentRoot /var/www/html/
</Virtualhost>
d) Allow apache service/port in firewall:
firewall-cmd --add-service=http
firewall-cmd --permanent --add-port=991/tcp
firewall-cmd --reload
semanage port -a -t http_port_t -p tcp 991
e) Restart and check the http configuration:
httpd -t
systemctl restart httpd.service
Note: To install Apache web-server using source file in Linux refer my next post.
12: Install Php:-
yum install php-common php-mbstring php-mcrypt php-devel php-xml php-gd
rpm -qa | grep -i php
cd /var/www/html vi test.php
(<? phpinfo(); ?> )
cat /var/www/html/test.php
To check disk space and RAM:-
Note: Here we have discussed basic Linux server hardening, Hardening server always depends upon the usage of the server for example if you going to use nginx webserver instead of apache then you have to install nginx. If you going to use Oracle / CouchDB / InfluxDB / MongoDB instead of MySQL DB then you have to install as per need. Same way hardening will also differ for Load balancer, Web-logic, Database server, FMS server and Wowza server hardening.
1. To configure IP Address:- (Setting Static IP Address)
vi /etc/sysconfig/network-scripts/ifcfg-eno16777984
HWADDR=
TYPE=Ethernet
BOOTPROTO=static
NAME=eno16777984
UUID=
ONBOOT=yes
IPADDR=10.11.12.40
NETMASK=255.255.254.0
GATEWAY=10.11.12.1
DNS=8.8.8.8
systemctl restart network.service
ip addr show
Note: Once you restart network service IP changes get reflect. Here IP has been changed from DHCP to STATIC. 10.11.12.40 is my internal IP.
2. To change hostname immediately:-
vim /etc/hostname
linux
or
hostname -> to view current name
vim /etc/sysconfig/network
HOSTNAME=blog
hostnamectl set-hostname blog
systemctl restart network
hostnamectl status
3. Resolve.conf file entry:
nameserver 8.8.8.8
nameserver 4.2.2.2
4. Install Vim editor:
yum install -y vim -> text editor most popular editor in linux
5. Disable SELinux policy:
getenforce
vim /etc/sysconfig/selinux
6. Check firewall and IPTABLES:
systemctl status firewalld.service
iptables -L
systemctl mask iptables
systemctl stop iptables
systemctl disable iptables
systemctl status iptables
systemctl enable firewalld.service
systemctl status firewalld.service
Once done above changes need to reboot the machine.
init 6 -> to reboot
7. Install SNMP:-
yum install net-snmp-utils php-snmp net-snmp-libs
vim /etc/snmp/snmpd.conf
8. Install necessary packages:-
yum install wget telnet net-tools links
9. Installing and Configuring NTP:-
yum install ntp
vi /etc/ntp.conf -> Configuration file
server ntp.server.com
or
server ntp.org
server ntp.server.com --> public ntp server, If we own any ntp server then we can use server hostip eg: server 10.11.12.41
systemctl start ntpd.service
systemctl enable ntpd.service
systemctl status ntpd.service
10. Install MySQL:
a) Add repostiory
rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
b) Install mySQL:
yum install mysql-server
c) Start MySQL service
[root@linux ~]# systemctl start mysqld
[root@linux ~]# systemctl enable mysqld
[root@linux ~]# systemctl status mysqld
d) Configure MySQL
mysql_secure_installation
e) login into mysql
mysql -u root -p
11. Install Apache:-
a) Install apache using yum in CentOS:
yum install httpd -y
b) Start the service after installing the apache:
service httpd start
service httpd enable
Default location for apache
/var/www/html/
Default Configuration file for apache
/etc/httpd/conf/httpd.conf
c) To change Apache port:
vim /etc/httpd/conf/httpd.conf
[Default port is 80 but here i am changing the apache listening port from 80 to 991]
Listen 10.11.12.40:991
<Virtualhost *:991>
ServerAdmin 10.11.12.40:3221
DocumentRoot /var/www/html/
</Virtualhost>
d) Allow apache service/port in firewall:
firewall-cmd --add-service=http
firewall-cmd --permanent --add-port=991/tcp
firewall-cmd --reload
semanage port -a -t http_port_t -p tcp 991
e) Restart and check the http configuration:
httpd -t
systemctl restart httpd.service
Note: To install Apache web-server using source file in Linux refer my next post.
12: Install Php:-
yum install php-common php-mbstring php-mcrypt php-devel php-xml php-gd
rpm -qa | grep -i php
cd /var/www/html vi test.php
(<? phpinfo(); ?> )
cat /var/www/html/test.php
To check disk space and RAM:-
Note: Here we have discussed basic Linux server hardening, Hardening server always depends upon the usage of the server for example if you going to use nginx webserver instead of apache then you have to install nginx. If you going to use Oracle / CouchDB / InfluxDB / MongoDB instead of MySQL DB then you have to install as per need. Same way hardening will also differ for Load balancer, Web-logic, Database server, FMS server and Wowza server hardening.
ConversionConversion EmoticonEmoticon