CentOS server configuration featured image

Performing Server Setup Using CentOS 8

Introduction

In this guide, we are going to explore how exactly you can go about setting up your server when using CentOS 8. There is a configuration process that you have to follow. We will divide the configuration up into five individual steps. You will be able to perform server setup easily following these simple steps. Doing so will strengthen the security as well as the functionality of your server, making it more usable.

1. Log into the Server as Root User

The very first step to take is to log into your server. To do this, you need to know the public IP address of your server. In addition to that, you also need the private key or the password for the root user account. You should be connected to your server. If you are not, then log in to the root user. You can do that using the following command:

Substitute the IP of your server where it is mentioned in the command. You may see a warning alerting you about the authenticity of the host. Simply accept it. You will enter your root password if you have activated password authentication. On the other hand, you may use the SSH key. For that, you may need to enter the passphrase the first time you use it per session. In case this is your first time logging in, you will have to change the root password. You can follow along with our tutorial on configuring your Linux server to use SSH key-based authentication to learn about setting up SSH authentication.

If you are not familiar, root refers to the admin user. In Linux, the root user has a lot of access and privileges. Therefore, you have to be very careful when using it. You may make a lot of changes unintentionally otherwise. It is best to avoid that. That is why we recommend making an alternative account. This account will have limited privileges to start off. You may increase the privileges as needed in the future.

2. Create New User Account

Now that you logged into the root account, we will make a new one. This alternative account will be your main account for day-to-day use. In the following example, we will be making a new user for sammy. You can substitute it with your preferred username. This is the command you should use:

Then we will set a password:

You will have to enter the selected password twice to verify it. Then, your account will be ready for use. If you want to give it extra privileges, you have to use the sudo command. Because of this, you can run commands as root when needed.

3. Enable Admin Privileges

Let’s see what you will do if you want to give your alternative account administrative privileges. If you do this, you save yourself from logging out and logging into your root account every so often. For this, you will give your account root privileges, also known as ‘superuser’. All you have to do is add sudo in front of the commands.

However, before you give the user privileges, you have to add it to the wheel group. This will allow you to use the sudo command. Take the following example:

After running this, you can start using sudo to capitalize on superuser privileges.

4. Set Up the Firewall

Next, you have to think about server security. For this, you must set up a basic firewall at the least. With the proper configuration, only selected ports on your server will receive traffic. You can set it up using the firewalld command. To configure the firewall policies, you will use firewall-cmd.

Let start by installing firewalld:

By default, it allows for ssh connections. To turn on your firewall right away, use this:

Next, you must ensure that the service has started. Here is how to check the service status:

Output:

One thing to note is if the firewall is active as well as enabled. This means that the firewall will be launched by default when you reboot your server. Finally, you can get around to setting your firewall policies. Here is how you can list all the currently allowed services:

Output:

Additional services are seen using:

If you want to add a service to the allowed list, use --add-service like this:

The above command will allow TCP traffic on port 80. To apply the changes to the firewall configuration, you have to reload it with this command:

For any future configuration additions, you will have to open the firewall. For a more detailed description of configuring your firewall on CentOS, take a look at our tutorial Setting Up a Firewall with FirewallD on CentOS 7.

5. Give Regular User External Access

The last thing you need to think about is giving SSH access to your non-root user account. How you do this depends on whether your root account is using a password or SSH keys. Lets see how to perform this action in either situation.

  • Using Password Authentication

Let’s say you log into your root account with a password. It means that password authentication is activated for SSH. Use the following command to add SSH to your alternative non-root account:

Substitute with your own username. Then, enter your password to log in. If you want to run a command with admin privileges, remember to use sudo like this:

For each session, you need to enter your password when using sudo for the first time.

  • Using SSH Key Authentication

The other possibility is that your root account is using SSH key based authentication. Generally speaking, using SSH keys is a much more secure option as compared to password authentication. If password authentication is, indeed, disabled, you are using SSH keys. In such a case, you have to make a copy of your public key. Then, add this copy to the new user account’s ~/.ssh/authorized_keys file. This will help you log in. You may also copy the file and directory structure to the new account.

The easiest way to copy is to use the rsync command. This way, you will retain the correct ownership and permissions. This command will copy the ssh directory of the root user as well as retain the relevant permissions.

Make sure to take into consideration the slash when using the rsync command. Your source ~/.ssh directory should not have a trailing slash when using rsync. If you use a trailing slash like this: ~/.ssh/, the command will not copy the entire directory structure. Instead, it will copy the contents of the directory onto the sudo user’s home directory. As such, the files will not be in the right place.

Here is the command:

Open up a new terminal and a new SSH session. This should be through your non-root user:

Again, add sudo before the command to access admin privileges:

Similarly to the previous session, you will have to enter the password when using sudo the first time in each session.

Conclusion

By this point, you should have a good understanding of how the server configuration works. Following these steps will help you perform basic server setup. Once you set a foundation for your server, you can start installing the software you need.

Take a look at more resources from our blog to help you utilize CentOS servers:

Happy Computing!