Additional Recommendations for New Servers - CentOS 7

Difficulty: 1
Time: 10 minutes

After you’ve set up your server, there a few other steps we recommend to ensure its security make sure your server’s secure and works like you’d expect.

These steps are optional, but they’re the kind of things that seasoned admins always take care of.

Set up a basic firewall

Creating a firewall protects your server from malicious traffic that can lead to security issues or degraded performance due to floods of traffic, such as DDoS attacks.

CentOS 7 includes a firewall tool called firewalld, which we'll use.

Turn on the firewall

  1. Check the status of your firewall to see if it's running.
    systemctl status firewalld
    Or for an abbreviated status report, run:
    firewall-cmd --state
  2. If the status is inactive, turn on your firewall.
    sudo systemctl start firewalld

Create firewall rules

By default, firewalls block all traffic, so you have to define exceptions - that is: the traffic you want to let in.

  1. Create an exception so you can connect to your server through SSH.
    • If you have not modified the SSH port, enable the exception.
      sudo firewall-cmd --permanent --add-service=ssh
    • If you have modified the port that the SSH daemon listens on, allow it by entering the port number and TCP protocol. Make sure that you've first restarted your SSH server to use the new port.
      sudo firewall-cmd --permanent --remove-service=ssh
      sudo firewall-cmd --permanent --add-port=your SSH port/tcp
  2. Open any of the following ports based on which services you need:
    You want to enable... Run this command
    Web server (HTTP) traffic
    sudo firewall-cmd --permanent --add-service=http
    Web server & SSL (HTTPS) traffic
    sudo firewall-cmd --permanent --add-service=https
    Outgoing email (SMTP)
    sudo firewall-cmd --permanent --add-service=smtp
  3. Optionally, view any additional services that you can enable by name.
    sudo firewall-cmd --get-services
    If you want to add any of these services, you can use this command:
    sudo firewall-cmd --permanent --add-service=serviceName
  4. To review your exceptions, run the list-all command.
    sudo firewall-cmd --permanent --list-all

Reload and enable the firewall

You're now ready to activate the changes.

  1. Reload the firewall:
    sudo firewall-cmd --reload
  2. Enable the firewall:
    sudo systemctl enable firewalld

The firewall will now automatically starts during startup.

If you configure additional services later, make sure to open those respective ports.

Synchronize network time protocol

When different computer or server programs with out-of-sync clocks communicate with each other, switching between these systems can cause the time to jump back and forth. This can cause undesirable effects such as incorrect timestamps on emails or logs.

Fortunately, you can solve this problem simply by using Network Time Protocol (NTP) synchronization.

Configure time zones

  1. Get a list of time zones:
    sudo timedatectl list-timezones
  2. In the resulting (long) list, find your region (of your server) and include it your command.
    sudo timedatectl set-timezone your region/your timezone
  3. Close the file and issue the command to set the time zone. For example, if you live in Los Angeles:
    sudo timedatectl set-timezone America/Los_Angeles
    Your system updates to your selected time zone.
  4. Optionally, confirm the time zone.
    sudo timedatectl

Configure NTP synchronization

Next, configure your Network Time Protocol (NTP). NTP is an Internet protocol that synchronizes time of computer clocks across the Internet and helps to determine when events happened between systems. NTP works by a client requesting the current time from an NTP server and then using the server's response to set its own clock. Afterward, your computer is accurately synced with networked time servers.

  1. Install the NTP daemon:
    sudo yum install ntp
    Enter y at the prompt to continue.
  2. Enable NTP:
    sudo systemctl start ntpd
    sudo systemctl enable ntpd

NTP synchronization is now active on your server. This means your system will adjust the time throughout the day to match up with global NTP servers.

Next steps

If you like this configuration, you can take a server snapshot to use as a guide for setting up future installations. See Take a Snapshot of Your Server for instructions.

Also, consider adding swap space. Adding swap space is an easy way to increase cloud server performance and is particularly helpful if you host databases on your system. See Add Memory Swap - CentOS, Fedora to learn how to add swap space.


Hjalp denne artikel?
Tak for din feedback.
Det glæder os, at vi kunne hjælpe! Er der andet, vi kan gøre for dig?
Beklager. Er der andet, vi kan gøre for at hjælpe dig?