Scribd
Upload
20 views

Secure Centos 7

seguridad centos 7

Uploaded by

juan carlos
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
20 views

Secure Centos 7

seguridad centos 7

Uploaded by

juan carlos
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

1.

Cree un nuevo usuario:


Tenemos muchos registros de acceso en nuestro servidor con un usuario
predeterminado como "root, centos, ubuntu, ...", por lo que este paso es importante
para confundir a los atacantes.

# adduser someWeirdName

# passwd someWeirdName

2. Deshabilitar el inicio de sesión remoto de root

abra el archivo de configuración ssh con su editor de texto como root:

# vi / etc / ssh / sshd_config

To disable remote root logins, we need to find the line that looks like this:

PermitRootLogin yes

and change “yes” to “no”

PermitRootLogin no

Type this to restart SSH:

systemctl reload sshd

Sugerencia: antes de cerrar la sesión, asegúrese de poder iniciar sesión en el servidor con el
nuevo usuario creado.

3. Agregar autenticación de clave pública


Setting this up will increase the security of your server by requiring a private SSH key to
log in.
print your Public-Key on console from your machine using this command :
local$ cat ~/.ssh/id_rsa.pub
then select and copy printed text.
login to server with created user and open a file in .ssh called authorized_keys with a
text editor. We will use vi to edit the file:
$ vi .ssh/authorized_keys
Enter insert mode, by pressing i, then enter your public key (which should be in your
clipboard) by pasting it into the editor. Now hit ESC to leave insert mode. Enter :wq
then ENTER to save and exit the file.
4. Configuring a Basic Firewall

Firewalls provide a basic level of security for your server.


CentOS ships with a firewall called firewalld. A tool called firewall-cmd can be used to
configure your firewall policies.
First install firewalld:
# sudo yum install firewalld
# sudo systemctl start firewalld
In this step, we will only be adjusting the policies for the default zone. When we reload
our firewall, this will be the zone applied to our interfaces. We should start by adding
exceptions to our firewall for approved services. The most essential of these is SSH,
since we need to retain remote administrative access to the server.
If you have not modified the port that the SSH daemon is running on, you can enable
the service by name by typing:
$ sudo firewall-cmd — permanent — add-service=ssh
If you plan on running a conventional HTTP/HTTPS web server, you will need to enable
the http/https service:
# sudo firewall-cmd --permanent --add-service=http
# sudo firewall-cmd --permanent --add-service=https
if you use custom port for something else, use below command to enable it:
# sudo firewall-cmd — permanent — add-port=(customPort)/tcp
To see any additional services that you can enable by name, type:
# sudo firewall-cmd — get-services
When you are finished, you can see the list of the exceptions that will be implemented
by typing:
# sudo firewall-cmd — permanent — list-all
When you are ready to implement the changes, reload the firewall:
# sudo firewall-cmd — reload
If, after testing, everything works as expected, you should make sure the firewall will
be started at boot:
# sudo systemctl enable firewalld
Remember that you will have to explicitly open the firewall (with services or ports) for
any additional services that you may configure later.

You might also like