ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    nadnerB's CloudatCost Project Journal

    Scheduled Pinned Locked Moved IT Discussion
    cloudatcostcentos 7linux
    49 Posts 6 Posters 10.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Fyi the yum -y just pre accepts the install. Otherwise it will fetch the package information tell you what it is and the size and ask you if you'd like to install or not.

      nadnerBN 1 Reply Last reply Reply Quote 1
      • nadnerBN
        nadnerB @A Former User
        last edited by

        @thecreativeone91 said:

        Fyi the yum -y just pre accepts the install. Otherwise it will fetch the package information tell you what it is and the size and ask you if you'd like to install or not.

        Thanks šŸ™‚

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller
          last edited by

          CentOS is secure by default. Firewall is already locked down.

          nadnerBN 1 Reply Last reply Reply Quote 0
          • nadnerBN
            nadnerB @scottalanmiller
            last edited by

            @scottalanmiller not 100% sure what you mean by

            Firewall is already locked down.

            After Googling I discovered that it's called firewalld.
            I ran the following to check the status

            systemctl status firewalld
            

            Which resulted in:
            ML_Comm-CatCjournal001.jpg
            Does that mean that the firewall is off or on?

            1 Reply Last reply Reply Quote 0
            • ?
              A Former User
              last edited by A Former User

              Looks like the last one is stopping. You can also start it by systemctl start firewalld and enable it at system start with systemctl enable firewalld

              1 Reply Last reply Reply Quote 1
              • nadnerBN
                nadnerB
                last edited by

                Thanks šŸ™‚ that got it

                1 Reply Last reply Reply Quote 0
                • nadnerBN
                  nadnerB
                  last edited by

                  Following the instructions kindly provided by @JaredBusch on installing Fail2Ban
                  http://mangolassi.it/topic/4108/how-to-fail2ban-on-centos-7

                  1 Reply Last reply Reply Quote 1
                  • nadnerBN
                    nadnerB
                    last edited by

                    Righto, so the firewall (enabled and on but no custom configs yet) and fail2ban are done.

                    1 Reply Last reply Reply Quote 0
                    • nadnerBN
                      nadnerB
                      last edited by

                      So, today I'd like to set up SSH but I'll check on the fail2ban that I did yesterday.
                      Ā 
                      Logged in as my non-root user account
                      fail2ban-client status sshd ... looks like it requires use of sudo to check
                      Apparently my non-root account requires listing in a 'sudoers file'... righto.
                      Ā 
                      One goes the lab coat as I step into the research mode...

                      1 Reply Last reply Reply Quote 0
                      • nadnerBN
                        nadnerB
                        last edited by

                        I think I'll do this by group permissions instead of individual permissions.
                        New group created groupadd <group name>
                        User added usermod <user> -G <groupname>
                        Check members of the group grep ^<group name> /etc/group

                        • success šŸ™‚
                        1 Reply Last reply Reply Quote 0
                        • nadnerBN
                          nadnerB
                          last edited by nadnerB

                          Righto, so it looks like the Sudoers file, that I need to edit, is read only.
                          However, I have found what looks like a good set of instructions here: https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos
                          EDIT: This initial setup guide has a slightly different (I think) way of doing it (step 4) https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-12-04

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • nadnerBN
                            nadnerB
                            last edited by nadnerB

                            Hmmm, perhaps editing the Sudoers file is not a good idea...
                            Should I edit the file and add my username or just use su?
                            Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                            EDIT: I'll hold off on deploying this for now.

                            thanksajdotcomT ? 2 Replies Last reply Reply Quote 0
                            • thanksajdotcomT
                              thanksajdotcom @nadnerB
                              last edited by

                              @nadnerB said:

                              Hmmm, perhaps this is not a good idea...
                              Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                              EDIT: I'll hold off on deploying this for now.

                              I log in as root directly to all my servers.

                              ? nadnerBN scottalanmillerS 3 Replies Last reply Reply Quote 0
                              • ?
                                A Former User @nadnerB
                                last edited by

                                @nadnerB said:

                                Hmmm, perhaps this is not a good idea...
                                Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                                EDIT: I'll hold off on deploying this for now.

                                You don't edit the file You'd gpasswd -a nadnerb wheel where nadnerb is the username you wish to give sudo privileges too.

                                nadnerBN 1 Reply Last reply Reply Quote 1
                                • ?
                                  A Former User @thanksajdotcom
                                  last edited by

                                  @thanksajdotcom said:

                                  @nadnerB said:

                                  Hmmm, perhaps this is not a good idea...
                                  Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                                  EDIT: I'll hold off on deploying this for now.

                                  I log in as root directly to all my servers.

                                  I personally would disable root access over SSH after the initial setup.

                                  nadnerBN 1 Reply Last reply Reply Quote 1
                                  • nadnerBN
                                    nadnerB @thanksajdotcom
                                    last edited by

                                    @thanksajdotcom said:

                                    @nadnerB said:

                                    Hmmm, perhaps this is not a good idea...
                                    Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                                    EDIT: I'll hold off on deploying this for now.

                                    I log in as root directly to all my servers.

                                    Thanks for your input but I won't be doing this šŸ™‚

                                    1 Reply Last reply Reply Quote 0
                                    • nadnerBN
                                      nadnerB @A Former User
                                      last edited by

                                      @thecreativeone91 said:

                                      @nadnerB said:

                                      Hmmm, perhaps this is not a good idea...
                                      Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                                      EDIT: I'll hold off on deploying this for now.

                                      You don't edit the file You'd gpasswd -a nadnerb wheel where nadnerb is the username you wish to give sudo privileges too.

                                      Fantastic! Thanks! šŸ™‚

                                      ? 1 Reply Last reply Reply Quote 0
                                      • nadnerBN
                                        nadnerB @A Former User
                                        last edited by

                                        @thecreativeone91 said:

                                        @thanksajdotcom said:

                                        @nadnerB said:

                                        Hmmm, perhaps this is not a good idea...
                                        Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                                        EDIT: I'll hold off on deploying this for now.

                                        I log in as root directly to all my servers.

                                        I personally would disable root access over SSH after the initial setup.

                                        On the secret To-Do list

                                        1 Reply Last reply Reply Quote 0
                                        • ?
                                          A Former User @nadnerB
                                          last edited by

                                          @nadnerB said:

                                          @thecreativeone91 said:

                                          @nadnerB said:

                                          Hmmm, perhaps this is not a good idea...
                                          Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                                          EDIT: I'll hold off on deploying this for now.

                                          You don't edit the file You'd gpasswd -a nadnerb wheel where nadnerb is the username you wish to give sudo privileges too.

                                          Fantastic! Thanks! šŸ™‚

                                          No Problem. It's just a group you add it to, as the group has sudo premissions (sudoers file) .

                                          1 Reply Last reply Reply Quote 1
                                          • scottalanmillerS
                                            scottalanmiller @thanksajdotcom
                                            last edited by

                                            @thanksajdotcom said:

                                            I log in as root directly to all my servers.

                                            Why?

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post