TutorialNinja Logo
Forgot PasswordRegister
PHP 47 Visual Basic 15 Javascript 14 HTML 12 Adobe Photoshop 10
Adobe Fireworks 1 Adobe Photoshop 10 Adobe Illustrator 0 Adobe InDesign 0 Gimp 0
C/C++ 3 Python 1 Visual Basic 15 Visual C# 1
Adobe Dreamweaver 0 Adobe Muse 0 ASP.net 0 .htaccess 6 CSS 5 Perl 0 PHP 47 PHP - User System 2 HTML 12 Java 0 Javascript 14 Ruby on Rails 0 General Web Development 4
CentOS 4 Debian 0 Ubuntu 0 Macintosh 1 Windows 7 Unraid 1
Adobe After Effect 0 Adobe Premiere 0 Adobe Audition 0 Final Cut 0 FruityLoops 0 iMovie 0 Windows Movie Maker 0
Apple Swift 0
Arduino 0 Raspberry Pi 3
ChatGPT 1
Site Statistics
Total Members
525
Total Tutorials
138
Newest User
cucumber2025
Todays Guests
73
1 Users 8 Guests Online

How to Secure Your CentOS Server: Best Practices


Securing your CentOS server is crucial for protecting your data and ensuring system stability.
This tutorial covers best practices for securing CentOS servers, including SSH hardening, setting up firewalls, disabling unused services, and using Fail2Ban to prevent brute-force attacks.



1. Hardening SSH Access


The default SSH configuration can be improved to reduce potential vulnerabilities:

Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config

  • Change the Default SSH Port: Modify the SSH port to something other than 22. Find the line Port 22 and change it to a non standard port (e.g., 2222).
  • Disable Root Login: Prevent direct root access by setting PermitRootLogin no in the same configuration file.


Restart the SSH service:
sudo systemctl restart sshd



2. Use SSH Keys:


SSH keys provide stronger security and eliminate the risks of brute-force and password-based attacks.

Generate an SSH key pair on your local machine:
ssh-keygen -t rsa -b 4096

Copy the public key to your server:
ssh-copy-id user@your-server



3. Setting Up a Firewall


CentOS includes firewalld, a powerful tool for managing firewall rules:

  • Install firewalld:
    sudo yum install firewalld
    Enable and start the service:
    sudo systemctl enable --now firewalld
  • Allow Necessary Services: For example, to allow SSH on your custom port:
    sudo firewall-cmd --permanent --add-port=2222/tcp
    Reload the firewall:
    sudo firewall-cmd --reload
  • Check Active Rules:
    sudo firewall-cmd --list-all




4. Disabling Unused Services


Reduce your attack surface by disabling unnecessary services:

  • List All Active Services:
    sudo systemctl list-unit-files --type=service
  • Disable Unnecessary Services: For example:
    sudo systemctl disable cups
    This prevents the printer service from running on a server.




5. Installing and Configuring Fail2Ban


Fail2Ban helps protect against brute-force attacks by monitoring log files and banning suspicious IPs:

  • Install Fail2Ban:
    sudo yum install epel-release
    sudo yum install fail2ban
  • Enable the SSH Jail: Edit the Fail2Ban configuration:
    sudo nano /etc/fail2ban/jail.local
    Uncomment and configure the SSH section:

    [ssh] enabled = true port = 2222 filter = sshd logpath = /var/log/secure maxretry = 5

    Restart Fail2Ban:
    sudo systemctl restart fail2ban
  • Check Banned IPs:
    sudo fail2ban-client status sshd




6. Additional Security Tips


  • Keep your system up to date:
    sudo yum update
  • Use strong passwords for all user accounts.
  • Install antivirus software if hosting files or applications prone to malware.




Conclusion


By following these steps, you can significantly enhance the security of your CentOS server.
SSH hardening, firewalls, service management, and tools like Fail2Ban work together to protect your system from attacks. Regular maintenance and updates ensure your server remains secure over time.
DanielXP's Avatar
Author:
Views:
1
Rating:
There are currently no comments for this tutorial, login or register to leave one.