I recently launched a CentOS 7 droplet and noticed that both firewalld and selinux were disabled by default. Does anyone have a good introductory guide on hardening CentOS 7?
I’m used to setting up an Ubuntu Server install such as:
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
See here: RHEL7 Security Guide
And here: RHEL7 SELinux
In particular:
systemctl start firewalld
systemctl enable firewalld
And
vi /etc/selinux/config
set enforcing or permissive.
shutdown -r now (or reboot)
After reboot, confirm:
sestatus
And to harden ssh: First confirm you’re able to login via ssh keys. Then generate a list of all authentication methods, like this:
man sshd_config | grep 'Authentication$'
Then
vi /etc/ssh/sshd_config
Search for all instances of “Authentication” and comment them out. Paste the afore-generated list, as follows:
PubkeyAuthentication yes
RSAAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication no
HostbasedAuthentication no
KerberosAuthentication no
PasswordAuthentication no
RhostsRSAAuthentication no
And restart sshd
systemctl restart sshd
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Scale up as you grow — whether you're running one virtual machine or ten thousand.

From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
