nadnerB's CloudatCost Project Journal
-
CentOS is secure by default. Firewall is already locked down.
-
@scottalanmiller not 100% sure what you mean by
Firewall is already locked down.
After Googling I discovered that it's called firewalld.
I ran the following to check the statussystemctl status firewalld
Which resulted in:
Does that mean that the firewall is off or on? -
Looks like the last one is stopping. You can also start it by
systemctl start firewalld
and enable it at system start withsystemctl enable firewalld
-
Thanks that got it
-
Following the instructions kindly provided by @JaredBusch on installing Fail2Ban
http://mangolassi.it/topic/4108/how-to-fail2ban-on-centos-7 -
Righto, so the firewall (enabled and on but no custom configs yet) and fail2ban are done.
-
So, today I'd like to set up SSH but I'll check on the fail2ban that I did yesterday.
Ā
Logged in as my non-root user account
fail2ban-client status sshd
... looks like it requires use of sudo to check
Apparently my non-root account requires listing in a 'sudoers file'... righto.
Ā
One goes the lab coat as I step into the research mode... -
I think I'll do this by group permissions instead of individual permissions.
New group createdgroupadd <group name>
User addedusermod <user> -G <groupname>
Check members of the groupgrep ^<group name> /etc/group
- success
-
Righto, so it looks like the Sudoers file, that I need to edit, is read only.
However, I have found what looks like a good set of instructions here: https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos
EDIT: This initial setup guide has a slightly different (I think) way of doing it (step 4) https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-12-04 -
Hmmm, perhaps editing the Sudoers file is not a good idea...
Should I edit the file and add my username or just usesu
?
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now. -
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.I log in as root directly to all my servers.
-
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.You don't edit the file You'd
gpasswd -a nadnerb wheel
where nadnerb is the username you wish to give sudo privileges too. -
@thanksajdotcom said:
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.I log in as root directly to all my servers.
I personally would disable root access over SSH after the initial setup.
-
@thanksajdotcom said:
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.I log in as root directly to all my servers.
Thanks for your input but I won't be doing this
-
@thecreativeone91 said:
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.You don't edit the file You'd
gpasswd -a nadnerb wheel
where nadnerb is the username you wish to give sudo privileges too.Fantastic! Thanks!
-
@thecreativeone91 said:
@thanksajdotcom said:
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.I log in as root directly to all my servers.
I personally would disable root access over SSH after the initial setup.
On the secret To-Do list
-
@nadnerB said:
@thecreativeone91 said:
@nadnerB said:
Hmmm, perhaps this is not a good idea...
Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
EDIT: I'll hold off on deploying this for now.You don't edit the file You'd
gpasswd -a nadnerb wheel
where nadnerb is the username you wish to give sudo privileges too.Fantastic! Thanks!
No Problem. It's just a group you add it to, as the group has sudo premissions (sudoers file) .
-
-
@nadnerB said:
Righto, so it looks like the Sudoers file, that I need to edit, is read only.
Just means you have to tell the editor that you "mean it" when you save. In vi that means :w! instead of :w
-
Righto, I've blocked root access via SSH and renamed the server to something more useful (for ron... later on)