IT's Just Me!!
Rants and Raves of a Sane Mind!!

After installing your operating system, in this case CentOS it is good practice to secure the root account and to set up alternative access


Linux (Bash) Terminal in Windows


If you run Windows you can install Putty or MobaXterm (recommended)

You can also install the Linux terminal for Windows from this tutorial: https://www.howtogeek.com/249966/how-to-install-and-use-the-linux-bash-shell-on-windows-10/


Getting Connected


Open the terminal client and type at the prompt: ssh root@yourserver.dedicated.co.za and press enter
You will be prompted for the password – enter the one you were provided.


Secure Root


The root user is the most important user on your server. To protect the server from being compromised via root we will disable remote root access.

1. Create a new user


Choose a new username – Do not use admin or administrator, try something unique 
In your Terminal window type useradd newuser  and press enter to create the user

Next create a password for the new user by typing passwd newuser
You will be prompted to type in a password for the new user and confirm the password when you hit enter.

*There is no place holder so it will not show anything while you type the password
** Ensure the password is secure. You can check the password secure rating here: https://howsecureismypassword.net/
I recommend using this password generator to generate a secure password: https://passwordsgenerator.net/
The output will look like this:

[root@server ~]# adduser newuser
[root@server~]# passwd newuser

Changing password for user newuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.



Next we will add the new user to the Administrator Group so it has root privileges:

At the prompt type: gpasswd -a newuser wheel and press enter

The output will look like this:

               [root@server ~]# gpasswd -a newuser wheel
                Adding user newuser to group wheel

2. Edit SSH access for the server


Now that we have our new account, we can secure our server a little bit by modifying its SSH configuration file (the program that allows us to log in remotely) to not allow remote access to the root account.

In your terminal type:  vim /etc/ssh/sshd_config

1st we will change the SSH access port. To do this we will find #Port 22 near the top of the file.
Uncomment the line by deleting the “#” symbol (press i to go into insert mode and tap backspace or delete. – press escape after to exit insert mode)
Now move the cursor to the “22” using the arrow keys on the keyboard.
Now replace “22” with “24” (or whichever port you wish to use. Hit Escape when you are done editing.

To disable remote root logins, we need to find: #PermitRootLogin yes. To search for this line, type /PermitRoot then hit ENTER. This should bring the cursor to the “P” character on that line.
Uncomment the line by deleting the “#” symbol (press i to go into insert mode and tap backspace or delete. – press escape after to exit insert mode)
Now move the cursor to the “yes” and replace “yes” with “no”.
Hit Escape when you are done editing. It should look like this:

                                            PermitRootLogin no

To save and quit editing the file press ” : ” on your keyboard and type “wq” and press enter

Now lets restart the ssh service. In the Terminal type: systemctl reload sshd

3. Change the firewall settings


To ensure that we can access the server via ssh on the new port and to remove ssh access on the old port we need to edit the firewall settings.

In the terminal enter: firewall-cmd –permanent –add-port=24/tcp (change 24 to whichever port you selected)
The output will be a “success” message

Now restart the firewall by typing: firewall-cmd –reload
The output will be a “success” message

Before we remove the default port in the firewall lets test to see if our changes works.

Open a new terminal window.

First we will test if we can log in as root. Type:  ssh -p24 root@yourserver.dedicated.co.za and press enter. It it will prompt for the password and then give an access denied message:
                             ssh -p24 root@yourserver.dedicated.co.za
                                            root@yourserver.dedicated.co.za’s password:
                                            Permission denied, please try again.

Next log in as the new user you created: ssh -p24 newuser@yourserver.dedicated.co.za and press enter. You should be prompted for the password, enter it in and see if all works.

If all is well you can remove access to the default port for ssh by typing
                                           firewall-cmd –permanent –remove-service=ssh
Restarting the firewall by typing
                                           firewall-cmd –reload

When logged in as the new user you will need to use the sudo command to perform access as root eg. to reboot the server you will type: sudo reboot
Alternatively you can switch to the root user by typing “su”. You will be prompted to enter the password and you will be logged in as root:
                         [newuser@yourserver ~]$ su
                                    Password:
                                   [root@afrighost newuser]#

When logged in as root you will always see “#” at the prompt, if logged in as user you will see “$” at the prompt

If all is well you can exit the session by typing exit and you will be returned to your user profile:

                                         [root@yourserver newuser]# exit
                                         exit
                                        [newuser@yourserver~]$


Installing FTP


To make things easier to upload files from your local computer to the server FTP is your best bet.
SSH into the server and type:
                                            yum install vsftpd ftp -y

This will download and install the ftp software required.

Next we will secure it so anonymous users can not access the FTP server.

In the terminal type:
                                vim /etc/vsftpd/vsftpd.conf

Find the line that reads:
                                 #anonymous_enable=YES
Press “i” to go into insert mode and uncomment the line by removing the “#” and then change “Yes” to “NO”

It should now look like this:
                                    anonymous_enable=NO

Press “esc” to exit insert mode and then :wq to quit

Now enable the FTP service by typing:
                                    systemctl enable vsftpd

Start the service by typing:
                                    systemctl start vsftpd

Set up an FTP Client


The most widely used FTP clients are Cyberduck and FileZilla

We will be using Filezilla in this Tutorial.

Download and install Filezilla from here:  https://filezilla-project.org/download.php not from any other source.

Once installed open Filezilla by double clicking the icon on your desktop.

Create a new site in the sites menu:
Press ctrl + S on your keyboard
Click on New Site
Host: yourserver.dedicated.co.za
Protocol: FTP – File Transfer Protocol
Encryption: Only use Plain FTP
Logon Type: Normal
User: the username you created
Password: Your password



Click connect /OK if you do not wish to log into the server at this moment


It will connect and take you to the users /home folder

Check the Filezilla help file for assistance on navigating the files/folders


Configure Timezones

To set our server’s timezone. This is a very simple procedure that can be accomplished using the timedatectl command:

First, take a look at the available timezones by typing:
                                                        sudo timedatectl list-timezones

This will give you a list of the timezones available for your server. When you find the region/timezone setting that is correct for your server, set it by typing:
                                                        sudo timedatectl set-timezone region/timezone

For instance, to set it to South African time, you can type:
                                                        sudo timedatectl set-timezone Africa/Johannesburg

Your system will be updated to use the selected timezone. You can confirm this by typing:
                                                         sudo timedatectl


Configure NTP Synchronization

Now that you have your timezone set, we should configure NTP. This will allow your computer to stay in sync with other servers, leading to more predictability in operations that rely on having the correct time.

For NTP synchronization, we will use a service called ntp, which we can install from CentOS’s default repositories:
                                                        sudo yum install ntp

Start the service for this session:
                                                        sudo systemctl start ntpd

Enable the service so that it is automatically started each time the server boots:
                                                        sudo systemctl enable ntpd

Your server will now automatically correct its system clock to align with the global servers.

Creating a Swap File

Adding “swap” to a Linux server allows the system to move the less frequently accessed information of a running program from memory to a location on the hard drive. Accessing data stored on the hard drive is slower than accessing memory, but having swap available can often be the difference between your application staying alive and crashing. This is especially useful if you plan to host any databases.

The best size for a swap space varies significantly depending on the source consulted. Generally, an amount equal to or double the amount of memory is a good starting point.

Allocate the space you want to use for your swap file using the “fallocate” utility. For example, if we need a 4 Gigabyte file, we can create a swap file located at /swapfile by typing:
                                                        sudo fallocate -l 4G /swapfile

After creating the file, we need to restrict access to the file so that other users or processes cannot see what is written there:
                                                        sudo chmod 600 /swapfile

We now have a file with the correct permissions. To tell our system to format the file for swap, we can type:
                                                        sudo mkswap /swapfile

Now, tell the system it can use the swap file by typing:
                                                        sudo swapon /swapfile

We need to modify a system file so that our server will do this automatically at boot. You can do this by typing:
                                                    sudo sh -c ‘echo “/swapfile none swap sw 0 0” >> /etc/fstab’

The Server should now use your swap file automatically at each boot.