# 0. Configure users
# Create a nonroot user first
adduser 'user'
passwd 'user'
# edit /etc/sudoers:
# visudo
# Give a user all permission (equal to root):
# ’username ALL=(ALL) ALL‘
# Give a user all permission (equal to root), except the permission to reboot and shutdown the server:
# 'cmnd_Alias nopermit = /sbin/shutdown, /sbin/reboot'
# 'tecmint ALL=(ALL) ALL,!nopermit'
# Give permission to a group (say ubuntu) to run a few root privilege command (say add user and delete user):
# 'cmnd_Alias permit = /usr/sbin/useradd, /usr/sbin/userdel'
# ubuntu ALL=(ALL) permit
# 1. Configure SSH Server and Install firewalld
# Check version
ssh -V
# Use Secure Protocol over the default SSH Protocol and change port number also for extra Security:
# vi /etc/ssh/sshd_config
# 'Protocol 2,1' -> 'Protocol 2' # OR no such line
# 'Port 22' -> 'Port anyother' # OR no change
# 'PermitRootLogin yes' -> 'PermitRootLogin no'
# systemctl restart sshd.service
# Set Firewall at the same time
yum install firewalld
systemctl start firewalld
# Copy old version in case of sthing wrong
cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ssh.xml.old
# Method 1:
# vi /etc/firewalld/services/ssh.xml
# '<port protocol="tcp" port="22"/>' -> '<port protocol="tcp" port="newportNo."/>'
firewall-cmd --reload
# Method 2:
firewall-cmd --zone=public --add-port='newportNo.'/tcp --permanent
# Check if can relogin by using another terminal:
ssh -p 'newportNo.' 'username'@'server'
# Set Public key for SSH https://blog.csdn.net/qq_2300688967/article/details/81417410
# 2. Register and Enable Red Hat Subscription Repositories in RHEL 7 (Pass it because it Only need for RedHat)
# 3. Configure Network with Static IP Address (Pass it because Linode offered already)
# check config file:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0 # or sth like this
# 4. Set Hostname of Server (pass it because Linode offered already)
# Check config file:
# vi /etc/hostname
# 5. Update or Upgrade CentOS and Kernel
yum update && yum upgrade
# Update kernel https://www.tecmint.com/install-upgrade-kernel-version-in-centos-7/
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
yum --enablerepo=elrepo-kernel install kernel-ml
reboot
vi /etc/default/grub # set'GRUB_DEFAULT=0'
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
# How to search versions of an app (say python-pip)
yum search -v python | grep pip
# How to check Kernel
rpm -qa kernel |sort -V |tail -n 1
uname -r
# 6. Install Command Line Web Browser
yum install links # OR 'yum install lynx'
# Usage https://www.tecmint.com/command-line-web-browsers/
links https://www.tecmint.com # OR 'lynx https://www.tecmint.com'
# 7. Install Apache HTTP Server
yum install httpd
# If you would like to change default port (80) of Apache HTTP Server:
# vi /etc/httpd/conf/httpd.conf
# 'Listen 80' liked -> such as '3221' # OR no change
# systemctl restart httpd.service
# Allow service http through firewall (Permanent)
firewall-cmd --add-service=http
# Allow the port through firewall (Permanent)
firewall-cmd --permanent --add-port=80/tcp # OR such as '3221'
# Reload firewall
firewall-cmd --reload
# Restart Apache HTTP server and add the Apache service to system-wide to start automatically when system boots.
systemctl restart httpd.service
systemctl enable httpd.service
# Verify the Apache HTTP Server
links 127.0.0.1
# 8. Install PHP a server-side scripting language for web based services
yum install php
systemctl restart httpd.service
# Verify PHP by creating following php script in the Apache document root directory
echo -e "<?php\nphpinfo();\n?>" > /var/www/html/phpinfo.php
php /var/www/html/phpinfo.php
# OR
links http://127.0.0.1/phpinfo.php
# 9. Install MariaDB Database (a fork of MySQL for RedHat Enterprise Linux)
yum install mariadb-server mariadb
systemctl start mariadb.service
systemctl enable mariadb.service
# Allow service mysql (mariadb) through firewall.
firewall-cmd --add-service=mysql
# Secure mysql (mariadb) server
/usr/bin/mysql_secure_installation
# Read Also:
# Installing LAMP (Linux, Apache, MariaDB, PHP/PhpMyAdmin) in CentOS 7.0 https://www.tecmint.com/install-lamp-in-centos-7/
# Creating Apache Virtual Hosts in CentOS 7.0 https://www.tecmint.com/apache-virtual-hosting-in-centos/
# If still want MySQL, refer to https://sheldonldev.github.io/2019/09/14/01.html
# 10. Install GCC (GNU Compiler Collection)
yum install gcc
gcc --version
# 11. Install Java
yum install java
java -version
# 12. Install Apache Tomcat (servlet container designed by Apache to run Java HTTP web server)
yum install tomcat
systemctl start tomcat
/usr/sbin/tomcat version
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload
# secure tomcat server
# vi /etc/tomcat/tomcat-users.xml
# 'user name = “admin” password="adminadmin" roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status" liked -> 'newname' & 'newpasswd'
# systemctl start tomcat
systemctl stop tomcat
systemctl start tomcat
systemctl enable tomcat.service
# 13. Install Nmap to Monitor Open Ports
yum install nmap
# List all open ports and corresponding services using them on host
nmap 127.0.01
# 14. Configuration of FirewallD
systemctl status firewalld
# OR
firewall-cmd --state
# Get a list of all the zones
firewall-cmd --get-zones
# To get details on a zone before switching
firewall-cmd --zone=work --list-all
# To get default zone
firewall-cmd --get-default-zone
# To switch to a different zone say ‘work‘
firewall-cmd --set-default-zone=work
# To list all the services in the zone
firewall-cmd --list-services
# To add a service say http, temporarily
firewall-cmd --add-service=http
# To remove a service say http, temporarily
firewall-cmd --remove-service=http
# To add a service say http, permanently and reload
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
# To remove a service say http, permanently and reload.
firewall-cmd --remove-service=http
firewall-cmd --reload
# To allow a port (say 331), temporarily
firewall-cmd --add-port=331/tcp
# To block/remove a port (say 331), temporarily.
firewall-cmd --remove-port=331/tcp
# To allow a port (say 331), permanently
firewall-cmd --add-port=331/tcp --permanent
firewall-cmd --reload
# To block/remove a port (say 331), permanently.
firewall-cmd --remove-port=331/tcp --permanent
firewall-cmd --reload
# To disable firewalld
systemctl stop firewalld
systemctl disable firewalld
firewall-cmd --state
# To enable firewalld
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --state
# Refrence:
# How to Configure ‘FirewallD’ in RHEL/CentOS 7 https://www.tecmint.com/configure-firewalld-in-centos-7/
# Useful ‘FirewallD’ Rules to Configure and Manage Firewall https://www.tecmint.com/firewalld-rules-for-centos-7/
# 15. Installing Wget
yum install wget
# 16. Installing Telnet (a network protocol that enables a user to login into another computer on the same network over TCP/IP)
yum install telnet
telnet google.com 80
# 17. Install unzip Utility
yum install unzip
# 18. Installing Webmin (a Web based configuration tool for Linux, acts as a central system to configure various system configuration like users, disk quota, services and configurations of HTTP server, Apache, MySQL, etc.)
# may need dependencies such as:
yum install perl-Net-SSLeay
yum install perl-Encode-Detect
yum install perl-Data-Dumper
# download and install
wget https://sourceforge.net/projects/webadmin/files/webmin/1.930/webmin-1.930-1.noarch.rpm
rpm -ivh webmin-1.930-1.noarch.rpm
# 19. Enable Third Party Repositories (Just for example. It is not a good idea to add untrusted repositories specially in production)
# Add Extra Package for Enterprise Linux (EPEL) Repository:
# yum install epel-release
# Add Community Enterprise Linux Repository:
# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
# For Chinese user: https://blog.csdn.net/jack_nichao/article/details/77967159
# 20. Install NTFS-3G Driver (Not nessesary for Linode Server. It is useful to mount and access Windows NTFS file system)
# yum install ntfs-3g
# 21. Install Vsftpd FTP Server (Very Secure File Transfer Protocol Daemon)
# yum install vsftpd
# vi /etc/vsftpd/vsftpd.conf
# ’anonymous_enable=NO‘
# ’local_enable=YES‘
# ’write_enable=YES‘
# ’chroot_local_user=YES‘
# ’port = ???‘
# firewall-cmd --add-port=???/tcp
# firewall-cmd --reload
# systemctl restart vsftpd
# systemctl enable vsftpd
# 22. Install and Enable SELinux
yum install selinux-policy
# Check SELinux Mode
getenforce
# For debugging, set selinux mode to permissive temporarily. No need to reboot.
setenforce 0
# After debugging set selinux to enforcing again without rebooting.
setenforce 1
# 23. Install Rootkit Hunter
yum install rkhunter
# Run rkhunter (should be a scheduled job)
rkhunter --check
# 24. Install Linux Malware Detect (LMD)
# Refer to https://www.tecmint.com/install-linux-malware-detect-lmd-in-rhel-centos-and-fedora/
# 25. Server Bandwidth Testing with Speedtest-cli
# Refer to https://www.tecmint.com/check-internet-speed-from-command-line-in-linux/
yum install python-pip
pip install speedtest-cli
pip install speedtest-cli --upgrade
# Go to direct and check
cd /usr/bin
speedtest_cli --version
speedtest_cli --help
# Try these
speedtest --bytes
speedtest_cli --share # with share link
speedtest_cli --list
speedtest_cli --list | grep -i Mumbai # server ID and distance
speedtest_cli --server [server ID] # Test connection speed against a specific server
# 26. Configure Cron Jobs (a job scheduler) and Set Update Scheduel
# Refers to https://www.tecmint.com/11-cron-scheduling-task-examples-in-linux/
# Ceck usage
vi /etc/crontab
# Update OS every day! https://blog.csdn.net/qq_2300688967/article/details/81417410
# 27. Install Owncloud
# Refer to https://www.tecmint.com/install-owncloud-to-create-personal-storage-in-linux/
# 28. Password Protect GRUB, protect your Server by locking GRUB at boot to avoid any unauthorized access (Pass it because the machine booted by Linode).