This file is a short summary of https://www.linode.com/docs/security/securing-your-server

ServerSetup.md

Pre

• CentOS 7.4 but should also work with others
• current state: root with password
• working SSH client with key pair

Basic programs

• yum update
• yum install epel-release
• yum install nano htop tmux

User setup

• useradd USERNAME && passwd USERNAME
• usermod -aG wheel USERNAME

SSH User Setup

• on client get public key
  • cat ~/.ssh/id_rsa.pub
• create key file
  • mkdir ~/.ssh; nano ~/.ssh/authorized_keys
  • paste public key and save
• protect keyfile
  • chmod 700 -R ~/.ssh && chmod 600 ~/.ssh/authorized_keys

SSH Server Setup

line numbers from openBSD config v 1.1

• edit config
  • sudo nano /etc/ssh/sshd_config
    • line 38 PermitRootLogin no
    • line 65 PasswordAuthentication no
• reload daemon
  • sudo systemctl restart sshd

TEST THE NEW CONFIG BEFORE CLOSING TERMINAL

Fail2Ban

For more configurations and email support follow https://www.linode.com/docs/security/using-fail2ban-for-security

• Install
  • sudo yum install fail2ban
• Enable
  • systemctl start fail2ban
  • systemctl enable fail2ban
• Config
  • use local config files (local>conf)
  • sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
  • sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
• Enable SSH Jail
  • sudo nano /etc/fail2ban/jail.local

    [DEFAULT]
    backend = systemd 
    [sshd]
    enabled = true
    

  • Reload
    • sudo fail2ban-client reload
  • Status
    • sudo fail2ban-client status

Docker

• install dependencies
  • sudo yum install -y yum-utils device-mapper-persistent-data lvm2
• add repo
  • sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
• install docker
  • sudo yum install docker-ce
• start docker
  • sudo systemctl start docker
• test docker
  • sudo docker run hello-world