By storrgie
I recently launched a CentOS 7 droplet and noticed that both firewalld and selinux were disabled by default. Does anyone have a good introductory guide on hardening CentOS 7?
I’m used to setting up an Ubuntu Server install such as:
- ssh hardening (ports, retries, key_auth. fail2ban)
- firewall hardening (ufw)
- application specific hardening
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
See here: RHEL7 Security Guide
And here: RHEL7 SELinux
In particular:
systemctl start firewalld
systemctl enable firewalld
And
vi /etc/selinux/config
set enforcing or permissive.
shutdown -r now (or reboot)
After reboot, confirm:
sestatus
And to harden ssh: First confirm you’re able to login via ssh keys. Then generate a list of all authentication methods, like this:
man sshd_config | grep 'Authentication$'
Then
vi /etc/ssh/sshd_config
Search for all instances of “Authentication” and comment them out. Paste the afore-generated list, as follows:
PubkeyAuthentication yes
RSAAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication no
HostbasedAuthentication no
KerberosAuthentication no
PasswordAuthentication no
RhostsRSAAuthentication no
And restart sshd
systemctl restart sshd
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.