ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    nadnerB's CloudatCost Project Journal

    Scheduled Pinned Locked Moved IT Discussion
    cloudatcostcentos 7linux
    49 Posts 6 Posters 10.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • nadnerBN
      nadnerB @scottalanmiller
      last edited by

      @scottalanmiller not 100% sure what you mean by

      Firewall is already locked down.

      After Googling I discovered that it's called firewalld.
      I ran the following to check the status

      systemctl status firewalld
      

      Which resulted in:
      ML_Comm-CatCjournal001.jpg
      Does that mean that the firewall is off or on?

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by A Former User

        Looks like the last one is stopping. You can also start it by systemctl start firewalld and enable it at system start with systemctl enable firewalld

        1 Reply Last reply Reply Quote 1
        • nadnerBN
          nadnerB
          last edited by

          Thanks šŸ™‚ that got it

          1 Reply Last reply Reply Quote 0
          • nadnerBN
            nadnerB
            last edited by

            Following the instructions kindly provided by @JaredBusch on installing Fail2Ban
            http://mangolassi.it/topic/4108/how-to-fail2ban-on-centos-7

            1 Reply Last reply Reply Quote 1
            • nadnerBN
              nadnerB
              last edited by

              Righto, so the firewall (enabled and on but no custom configs yet) and fail2ban are done.

              1 Reply Last reply Reply Quote 0
              • nadnerBN
                nadnerB
                last edited by

                So, today I'd like to set up SSH but I'll check on the fail2ban that I did yesterday.
                Ā 
                Logged in as my non-root user account
                fail2ban-client status sshd ... looks like it requires use of sudo to check
                Apparently my non-root account requires listing in a 'sudoers file'... righto.
                Ā 
                One goes the lab coat as I step into the research mode...

                1 Reply Last reply Reply Quote 0
                • nadnerBN
                  nadnerB
                  last edited by

                  I think I'll do this by group permissions instead of individual permissions.
                  New group created groupadd <group name>
                  User added usermod <user> -G <groupname>
                  Check members of the group grep ^<group name> /etc/group

                  • success šŸ™‚
                  1 Reply Last reply Reply Quote 0
                  • nadnerBN
                    nadnerB
                    last edited by nadnerB

                    Righto, so it looks like the Sudoers file, that I need to edit, is read only.
                    However, I have found what looks like a good set of instructions here: https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos
                    EDIT: This initial setup guide has a slightly different (I think) way of doing it (step 4) https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-12-04

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • nadnerBN
                      nadnerB
                      last edited by nadnerB

                      Hmmm, perhaps editing the Sudoers file is not a good idea...
                      Should I edit the file and add my username or just use su?
                      Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                      EDIT: I'll hold off on deploying this for now.

                      thanksajdotcomT ? 2 Replies Last reply Reply Quote 0
                      • thanksajdotcomT
                        thanksajdotcom @nadnerB
                        last edited by

                        @nadnerB said:

                        Hmmm, perhaps this is not a good idea...
                        Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                        EDIT: I'll hold off on deploying this for now.

                        I log in as root directly to all my servers.

                        ? nadnerBN scottalanmillerS 3 Replies Last reply Reply Quote 0
                        • ?
                          A Former User @nadnerB
                          last edited by

                          @nadnerB said:

                          Hmmm, perhaps this is not a good idea...
                          Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                          EDIT: I'll hold off on deploying this for now.

                          You don't edit the file You'd gpasswd -a nadnerb wheel where nadnerb is the username you wish to give sudo privileges too.

                          nadnerBN 1 Reply Last reply Reply Quote 1
                          • ?
                            A Former User @thanksajdotcom
                            last edited by

                            @thanksajdotcom said:

                            @nadnerB said:

                            Hmmm, perhaps this is not a good idea...
                            Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                            EDIT: I'll hold off on deploying this for now.

                            I log in as root directly to all my servers.

                            I personally would disable root access over SSH after the initial setup.

                            nadnerBN 1 Reply Last reply Reply Quote 1
                            • nadnerBN
                              nadnerB @thanksajdotcom
                              last edited by

                              @thanksajdotcom said:

                              @nadnerB said:

                              Hmmm, perhaps this is not a good idea...
                              Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                              EDIT: I'll hold off on deploying this for now.

                              I log in as root directly to all my servers.

                              Thanks for your input but I won't be doing this šŸ™‚

                              1 Reply Last reply Reply Quote 0
                              • nadnerBN
                                nadnerB @A Former User
                                last edited by

                                @thecreativeone91 said:

                                @nadnerB said:

                                Hmmm, perhaps this is not a good idea...
                                Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                                EDIT: I'll hold off on deploying this for now.

                                You don't edit the file You'd gpasswd -a nadnerb wheel where nadnerb is the username you wish to give sudo privileges too.

                                Fantastic! Thanks! šŸ™‚

                                ? 1 Reply Last reply Reply Quote 0
                                • nadnerBN
                                  nadnerB @A Former User
                                  last edited by

                                  @thecreativeone91 said:

                                  @thanksajdotcom said:

                                  @nadnerB said:

                                  Hmmm, perhaps this is not a good idea...
                                  Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                                  EDIT: I'll hold off on deploying this for now.

                                  I log in as root directly to all my servers.

                                  I personally would disable root access over SSH after the initial setup.

                                  On the secret To-Do list

                                  1 Reply Last reply Reply Quote 0
                                  • ?
                                    A Former User @nadnerB
                                    last edited by

                                    @nadnerB said:

                                    @thecreativeone91 said:

                                    @nadnerB said:

                                    Hmmm, perhaps this is not a good idea...
                                    Comments @JaredBusch, @thecreativeone91, @scottalanmiller or @thanksajdotcom ?
                                    EDIT: I'll hold off on deploying this for now.

                                    You don't edit the file You'd gpasswd -a nadnerb wheel where nadnerb is the username you wish to give sudo privileges too.

                                    Fantastic! Thanks! šŸ™‚

                                    No Problem. It's just a group you add it to, as the group has sudo premissions (sudoers file) .

                                    1 Reply Last reply Reply Quote 1
                                    • scottalanmillerS
                                      scottalanmiller @thanksajdotcom
                                      last edited by

                                      @thanksajdotcom said:

                                      I log in as root directly to all my servers.

                                      Why?

                                      1 Reply Last reply Reply Quote 1
                                      • scottalanmillerS
                                        scottalanmiller @nadnerB
                                        last edited by

                                        @nadnerB said:

                                        Righto, so it looks like the Sudoers file, that I need to edit, is read only.

                                        Just means you have to tell the editor that you "mean it" when you save. In vi that means :w! instead of :w

                                        1 Reply Last reply Reply Quote 2
                                        • nadnerBN
                                          nadnerB
                                          last edited by

                                          Righto, I've blocked root access via SSH and renamed the server to something more useful (for ron... later on)

                                          1 Reply Last reply Reply Quote 0
                                          • nadnerBN
                                            nadnerB
                                            last edited by

                                            Hmmm, attempting to install htop is proving to be more difficult than yum -y install htop.
                                            I can't seem to connect to any of the mirrors.
                                            *http://mirror.netflash.net/centos/7.0.1406/updates/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not *resolve host: mirror.netflash.net; Unknown error"
                                            Trying other mirror.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post