CentOS is the most common Linux distribution used for production servers, since it is a very stable operating system, fully compatible with Red Hat Enterprise Linux (RHEL).

The disk images required for the installation of CentOS 7 can be downloaded for free from the project’s website, and the installation process is very simple because it provides an intuitive GUI.

While CentOS is fully functional out of the box after installation, there are a number of tweaks required in order to improve security and add useful features. In this article, we will discuss the most common issues of a fresh CentOS 7 installation and how to fix them quickly.

Installing CentOS 7

The installation is quite straight-forward but the user is presented with a number of choices, which can be confusing for people without Linux experience. There is no need to worry, since almost all of these decisions can be reverted later.

One thing that can’t be changed easily is the root user password, so make sure that you remember it later. Additional uses can also be created at this point.

Configuring the network settings during the installation is highly recommended because it is a lot easier to do it from the GUI, even if it’s not actually mandatory.

Disk setup is also important and new users should select automatic partitioning. However, it is possible to choose any partitioning scheme, various file systems, as well as setup software RAID or LVM.

A number of software packages can also be installed automatically. Experienced users always ignore this option, because these applications can be installed manually and customized in order to offer superior performance.

These applications are still potentially useful because they are fully functional and very helpful, both for new users and for people who just want to test various use cases. A LAMP stack can be deployed automatically for example, with just a single click.

Understand SELinux

Security-Enhanced Linux (SELinux) is a security module for the Linux kernel that provides an additional layer of security by enforcing strict access control security policies.

Mastering SELinux is notoriously difficult and it will block almost every action of a user that is unable to configure it properly.

No system administrator will advise you to disable SELinux, but you can stop it until the next reboot with the command:

It will continue to run in the background and save rule violations in its log files, which you can read in order to understand how the system works and eventually learn how to use it.

Secure SSH

Port 22, used by the SSH service, is constantly targeted by brute force attacks, which is a major security risk.

Change it as soon as possible to a random port, anything between 10000 and 30000 will do.  You will have to edit the file /etc/ssh/sshd_config and add a line Port xxxxx, and then restart the sshd service.

For extra security, you can disable password logins completely and connect through ssh using a secure key.

Configure yum

One of the first things to do after installing a new system is to run the yum update command in order to refresh all system packages to their latest versions.

By default, the only repositories configured in CentOS 7 are the official ones, which provide outdated versions of software like php.

There are many private repositories available, such as Remi for php, and you can add as many as you need. Start by configuring the Epel repository that will greatly increase the number of applications that you can install.

You have to run these commands:

Install common packages

After adding Epel and maybe a few other repositories, it is time to install a number of common utilities that can make your life easier, we will describe them briefly.

The wget package is very handy for downloading files from the command line and has other uses as well. Net-tools include a number of basic networking tools such as netstat, ifconfig or route.

The package bind-utils provides common commands for DNS troubleshooting, for example dig or nslookup. Htop is a superior version of top, the tool commonly used to monitor processes and resource usage.

Installing mlocate offers an alternative to the find command, by using the locate command to query a file database that can be refreshed by executing updatedb. Finally, lsof is a very important tool for investigating your system.

You can install all of them with a single command:

 

Like all Linux operating systems, CentOS 7 is very complex and there are many other possible issues and misconfigurations. However, by following the steps described in this article, you will fix the most common problems of a new installation and your system will be prepared to be configured for its actual role.

Facebooktwittergoogle_plusredditpinterestlinkedinmail