Configure a CentOS 6.4 Web Server on Rackspace - Part 1: Securing the Server

Securing the Server

Change the Root Password

The passwd command allows you to change the root password. After entering the command you will be prompted to enter the new password two times:

# passwd

Add a New User with SUDO Privileges

The sudo command allows non-root users to temporarily take on root privileges. It's a good practice to create a new user with sudo privileges and then disable root login. So first let's create a new user. I'll use the username admin, but you can choose any username you want:

# useradd admin
# passwd admin

Now let's grant the new user sudo privileges. The following command opens the sudoers file in the vi text editor.

# visudo

Add the following line at the very bottom of the file, then save:

admin ALL=(ALL) ALL

Alternative: Add a Group With SUDO Privileges

If you plan to have several users with sudo privileges you can assign the privileges to a group and then add your users to that group. In the sudo file, replace the line we added above with this one:

%admins ALL=(ALL) ALL

This gives sudo priviliges to the group called admins. Now we need to create the admins group:

# groupadd admins

And finally, let's add our admin user to the admins group. We also have to add the user to the wheel group to allow them to use sudo:

# usermod -a -G admins,wheel admin

Grant New User SSH Access

Now that we have a user who can perform system administration tasks via sudo, let's grant him SSH access. Open the ssh config file:

# vi /etc/ssh/sshd_config

Scroll down to the section with the heading Authentication and add the following lines, then save:

# Authentication
AllowUsers admin
# or if you used the group method:
# AllowGroups admins
MaxAuthTries 6

Restart ssh:

# service sshd restart

Log In as the New User

Let's log out and log back in as our new admin user.

# exit
# this will exit the server and return you to the
# command prompt on your local computer.

# now we'll log back in as admin
$ ssh admin@12.34.56.78

If all goes well you'll be logged in as the admin user.

Disable Direct Root Login

Now that we're sure our new user can access the server, we can disable direct root login. Open the ssh config file again, but using the sudo command this time:

$ sudo vi /etc/ssh/sshd_config

Scroll down to the Authentication section and add:

# Authentication
PermitRootLogin no

Restart ssh:

$ sudo service sshd restart

Next >Part 2: Installing Packages

Most Recent

Archive

March 2016 (1)
January 2016 (1)
September 2015 (1)
May 2015 (1)
April 2015 (1)
March 2015 (1)
February 2015 (2)
January 2015 (5)
September 2014 (2)
August 2014 (4)
July 2014 (1)
March 2014 (1)
November 2013 (3)
September 2013 (3)
July 2013 (6)
June 2013 (1)
May 2013 (1)
March 2013 (2)
February 2013 (3)
January 2013 (4)