CentOs shortcuts trick and more…
Synchronize time and date
service ntpd stop
ntpdate us.pool.ntp.org
hwclock –systohc
mv /etc/localtime /etc/localtime.bak
ln -s /usr/share/zoneinfo/Etc/UTC /etc/localtime
service ntpd start
Configure network on CentOS
Go and edit /etc/sysconfig/network-scripts/ifcfg-IFACENAME
. You can check Yours iface name by ifconfig -a
.
Example configuration for static IP address:
DEVICE=eth0
HWADDR=52:54:00:0D:00:01
TYPE=Ethernet
UUID=be1cbf14-ff67-4b8b-aab9-xxxxxxxxx
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.X.Y
NETMASK=255.255.255.0
GATEWAY=192.168.X.Y
Update Yum & install some tools
yum update
yum upgrade
yum install vim top nettop iotop screen yum-utils svn git
Save and restore iptables state
#save
iptables-save > /root/working.iptables.rules
#restore
iptables-restore < /root/working.iptables.rules
Harden kernel security
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
# ADD THE LINE
# ignore echo broadcast requests to prevent being part of smurf attacks
net.ipv4.icmp_echo_ignore_broadcasts=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
net.ipv4.tcp_syncookies=1
# ipv6 settings (no autoconfiguration)
net.ipv6.conf.default.autoconf=0
net.ipv6.conf.default.accept_dad=0
net.ipv6.conf.default.accept_ra=0
net.ipv6.conf.default.accept_ra_defrtr=0
net.ipv6.conf.default.accept_ra_rtr_pref=0
net.ipv6.conf.default.accept_ra_pinfo=0
net.ipv6.conf.default.accept_source_route=0
net.ipv6.conf.default.accept_redirects=0
net.ipv6.conf.default.forwarding=0
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.all.accept_dad=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.all.accept_ra_defrtr=0
net.ipv6.conf.all.accept_ra_rtr_pref=0
net.ipv6.conf.all.accept_ra_pinfo=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.all.forwarding=0
Add epel repo
Usefull if you want to install htop
# RHEL/CentOS 7 64-Bit ## wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm rpm -ivh epel-release-7-2.noarch.rpm ## RHEL/CentOS 6 32-Bit ## wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm rpm -ivh epel-release-6-8.noarch.rpm ## RHEL/CentOS 6 64-Bit ## wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh epel-release-6-8.noarch.rpm
Add PUIAS Computational repository
For git
wget -O /etc/yum.repos.d/PUIAS_6_computational.repo https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/install/centos/PUIAS_6_computational.repo #import key wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-puias http://springdale.math.ias.edu/data/puias/6/x86_64/os/RPM-GPG-KEY-puias rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-puias
Install fail2ban
yum install fail2ban cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local #edit the file vim /etc/fail2ban/jail.local #setup the service chkconfig --add fail2ban chkconfig fail2ban on /etc/init.d/fail2ban start #veryfiy with iptables iptables -L