Performing Server Setup Using CentOS 8 • CloudSigma

Introduction

In this guide, we are going to explore how exactly you can go about setting up your server when using CentOS 8. There is a configuration process that you have to follow. We will divide the configuration up into five individual steps. You will be able to perform server setup easily following these simple steps. Doing so will strengthen the security as well as the functionality of your server, making it more usable.

1. Log into the Server as Root User

The very first step to take is to log into your server. To do this, you need to know the public IP address of your server. In addition to that, you also need the private key or the password for the root user account. You should be connected to your server. If you are not, then log in to the root user. You can do that using the following command:

ssh root@your_server_ip

1	ssh root@your_server_ip

Substitute the IP of your server where it is mentioned in the command. You may see a warning alerting you about the authenticity of the host. Simply accept it. You will enter your root password if you have activated password authentication. On the other hand, you may use the SSH key. For that, you may need to enter the passphrase the first time you use it per session. In case this is your first time logging in, you will have to change the root password. You can follow along with our tutorial on configuring your Linux server to use SSH key-based authentication to learn about setting up SSH authentication.

If you are not familiar, root refers to the admin user. In Linux, the root user has a lot of access and privileges. Therefore, you have to be very careful when using it. You may make a lot of changes unintentionally otherwise. It is best to avoid that. That is why we recommend making an alternative account. This account will have limited privileges to start off. You may increase the privileges as needed in the future.

2. Create New User Account

Now that you logged into the root account, we will make a new one. This alternative account will be your main account for day-to-day use. In the following example, we will be making a new user for sammy. You can substitute it with your preferred username. This is the command you should use:

adduser sammy

1	adduser sammy

Then we will set a password:

passwd sammy

1	passwd sammy

You will have to enter the selected password twice to verify it. Then, your account will be ready for use. If you want to give it extra privileges, you have to use the sudo command. Because of this, you can run commands as root when needed.

3. Enable Admin Privileges

Let’s see what you will do if you want to give your alternative account administrative privileges. If you do this, you save yourself from logging out and logging into your root account every so often. For this, you will give your account root privileges, also known as ‘superuser’. All you have to do is add sudo in front of the commands.

However, before you give the user privileges, you have to add it to the wheel group. This will allow you to use the sudo command. Take the following example:

usermod -aG wheel sammy

1	usermod -aG wheel sammy

After running this, you can start using sudo to capitalize on superuser privileges.

4. Set Up the Firewall

Next, you have to think about server security. For this, you must set up a basic firewall at the least. With the proper configuration, only selected ports on your server will receive traffic. You can set it up using the firewalld command. To configure the firewall policies, you will use firewall-cmd.

Let start by installing firewalld:

dnf install firewalld -y

1	dnf install firewalld -y

By default, it allows for ssh connections. To turn on your firewall right away, use this:

systemctl start firewalld

1	systemctl start firewalld

Next, you must ensure that the service has started. Here is how to check the service status:

systemctl status firewalld

1	systemctl status firewalld

Output:

● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-02-06 16:39:40 UTC; 3s ago
Docs: man:firewalld(1)
Main PID: 13180 (firewalld)
Tasks: 2 (limit: 5059)
Memory: 22.4M
CGroup: /system.slice/firewalld.service
└─13180 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

● firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

Active: active (running) since Thu 2020-02-06 16:39:40 UTC; 3s ago

Docs: man:firewalld(1)

Main PID: 13180 (firewalld)

Tasks: 2 (limit: 5059)

Memory: 22.4M

CGroup: /system.slice/firewalld.service

└─13180 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

One thing to note is if the firewall is active as well as enabled. This means that the firewall will be launched by default when you reboot your server. Finally, you can get around to setting your firewall policies. Here is how you can list all the currently allowed services:

firewall-cmd --permanent --list-all

1	firewall-cmd --permanent --list-all

Output:

public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 eth1
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

public (active)

target: default

icmp-block-inversion: no

interfaces: eth0 eth1

sources:

services: cockpit dhcpv6-client ssh

ports:

protocols:

masquerade: no

forward-ports:

source-ports:

icmp-blocks:

rich rules:

Additional services are seen using:

firewall-cmd --get-services

1	firewall-cmd --get-services

If you want to add a service to the allowed list, use --add-service like this:

firewall-cmd --permanent --add-service=http

1	firewall-cmd --permanent --add-service=http

The above command will allow TCP traffic on port 80. To apply the changes to the firewall configuration, you have to reload it with this command:

firewall-cmd --reload

1	firewall-cmd --reload

For any future configuration additions, you will have to open the firewall. For a more detailed description of configuring your firewall on CentOS, take a look at our tutorial Setting Up a Firewall with FirewallD on CentOS 7.

5. Give Regular User External Access

The last thing you need to think about is giving SSH access to your non-root user account. How you do this depends on whether your root account is using a password or SSH keys. Lets see how to perform this action in either situation.

Using Password Authentication

Let’s say you log into your root account with a password. It means that password authentication is activated for SSH. Use the following command to add SSH to your alternative non-root account:

ssh sammy@your_server_ip

1	ssh sammy@your_server_ip

Substitute with your own username. Then, enter your password to log in. If you want to run a command with admin privileges, remember to use sudo like this:

sudo command_to_run

1	sudo command_to_run

For each session, you need to enter your password when using sudo for the first time.

Using SSH Key Authentication

The other possibility is that your root account is using SSH key based authentication. Generally speaking, using SSH keys is a much more secure option as compared to password authentication. If password authentication is, indeed, disabled, you are using SSH keys. In such a case, you have to make a copy of your public key. Then, add this copy to the new user account’s ~/.ssh/authorized_keys file. This will help you log in. You may also copy the file and directory structure to the new account.

The easiest way to copy is to use the rsync command. This way, you will retain the correct ownership and permissions. This command will copy the ssh directory of the root user as well as retain the relevant permissions.

Make sure to take into consideration the slash when using the rsync command. Your source ~/.ssh directory should not have a trailing slash when using rsync. If you use a trailing slash like this: ~/.ssh/, the command will not copy the entire directory structure. Instead, it will copy the contents of the directory onto the sudo user’s home directory. As such, the files will not be in the right place.

Here is the command:

rsync --archive --chown=sammy:sammy ~/.ssh /home/sammy

1	rsync --archive --chown=sammy:sammy ~/.ssh /home/sammy

Open up a new terminal and a new SSH session. This should be through your non-root user:

ssh sammy@your_server_ip

1	ssh sammy@your_server_ip

Again, add sudo before the command to access admin privileges:

sudo command_to_run

1	sudo command_to_run

Similarly to the previous session, you will have to enter the password when using sudo the first time in each session.

Conclusion

By this point, you should have a good understanding of how the server configuration works. Following these steps will help you perform basic server setup. Once you set a foundation for your server, you can start installing the software you need.

Take a look at more resources from our blog to help you utilize CentOS servers:

Happy Computing!

About
Latest

About Hark Labs

Software Engineer and enthusiast about new technologies

How To Enable, Create and Use the .htaccess File: A Tutorial - March 8, 2023
An Overview of Queries in MySQL - October 28, 2022
Introduction to Cookies: Understanding and Working with JavaScript Cookies - October 25, 2022
An Overview of Data Types in Ruby - October 24, 2022
The Architecture of Iptables and Netfilter - October 10, 2022