Linux/RHEL: Difference between revisions

From Bibliotheca Anonoma
No edit summary
Line 13: Line 13:


# Set up a as admin with sudo and ssh key, as well as any other users. Also set up a password (it's like a PIN, last line of defense against privilege escalation).
# Set up a as admin with sudo and ssh key, as well as any other users. Also set up a password (it's like a PIN, last line of defense against privilege escalation).
#* The private key created by Amazon should only be used in case of emergency by the effective owner (if other admins forget their passphrases or passwords).
#* Do not allow root user login via SSH. If this is enabled, disable it.
#* For AWS, The private key created by Amazon should only be used in case of emergency by the effective owner (if other admins forget their passphrases or passwords).
# Change the hostname to the current one using [https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec_Configuring_Host_Names_Using_hostnamectl.html hostnamectl.]
# Change the hostname to the current one using [https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec_Configuring_Host_Names_Using_hostnamectl.html hostnamectl.]
# Set up the [http://www.cyberciti.biz/faq/installing-rhel-epel-repo-on-centos-redhat-7-x/ EPEL repository.]
# Set up the [http://www.cyberciti.biz/faq/installing-rhel-epel-repo-on-centos-redhat-7-x/ EPEL repository.]
# Install Byobu, and enable it for all new users.
# Install Byobu, and enable it for all new users.
# Set up [https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-centos-7 Nginx] and also [https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-on-centos-7 Server Blocks] to make things easier.
# Set up [https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-centos-7 Nginx] and also [https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-on-centos-7 Server Blocks] to make things easier.
== Hardening ==
* [https://www.tecmint.com/security-and-hardening-centos-7-guide/ Part 1: Basic Bare Metal Security] - Fix the gaping holes in security in hardware and system setup before moving on to the software fixes.
* [https://www.tecmint.com/centos-7-hardening-and-security-guide/ Part 2: Advanced Software Security] - Software level methods to harden CentOS


== RHEL ==
== RHEL ==

Revision as of 23:04, 4 October 2017

Red Hat Enterprise Linux (and it's open-source clone, CentOS) is a popular Linux distribtuion targeting the corporate server market.

Facts

  • RHEL and CentOS are effectively interchangeable when it comes to support instructions.
  • RHEL offers an extended support level for corporations, though when it comes to us we take care of our own servers.
  • RHEL uses the YUM package manager, and RPMs as package files.
  • RHEL 7 will remain supported as the main version until 2019.
  • SELinux is used as the primary Mandatory Access Control System.
  • Systemd is used as the primary initscript system.

Initial Setup

  1. Set up a as admin with sudo and ssh key, as well as any other users. Also set up a password (it's like a PIN, last line of defense against privilege escalation).
    • Do not allow root user login via SSH. If this is enabled, disable it.
    • For AWS, The private key created by Amazon should only be used in case of emergency by the effective owner (if other admins forget their passphrases or passwords).
  2. Change the hostname to the current one using hostnamectl.
  3. Set up the EPEL repository.
  4. Install Byobu, and enable it for all new users.
  5. Set up Nginx and also Server Blocks to make things easier.

Hardening

RHEL

On Red Hat, you will want to utilize package subscription channels. CentOS's corresponding elements are EPEL.

https://access.redhat.com/solutions/265523 

yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

Databases

Retrieved from "https://wiki.bibanon.org/index.php?title=Linux/RHEL&oldid=5600"