CentOs shortcuts trick and more…

Synchronize time and date

service ntpd stop
 ntpdate us.pool.ntp.org
 hwclock –systohc

 mv /etc/localtime /etc/localtime.bak
 ln -s /usr/share/zoneinfo/Etc/UTC /etc/localtime

 service ntpd start

Configure network on CentOS

Go and edit /etc/sysconfig/network-scripts/ifcfg-IFACENAME. You can check Yours iface name by ifconfig -a.

Example configuration for static IP address:

DEVICE=eth0
HWADDR=52:54:00:0D:00:01
TYPE=Ethernet
UUID=be1cbf14-ff67-4b8b-aab9-xxxxxxxxx
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.X.Y
NETMASK=255.255.255.0
GATEWAY=192.168.X.Y

Update Yum & install some tools

yum update
yum upgrade
yum install vim top nettop iotop screen yum-utils svn git

Save and restore iptables state

#save
iptables-save > /root/working.iptables.rules
#restore
iptables-restore < /root/working.iptables.rules

Harden kernel security

# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
 
# ADD THE LINE
# ignore echo broadcast requests to prevent being part of smurf attacks
net.ipv4.icmp_echo_ignore_broadcasts=1
 
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
net.ipv4.tcp_syncookies=1
 
# ipv6 settings (no autoconfiguration)
net.ipv6.conf.default.autoconf=0
net.ipv6.conf.default.accept_dad=0
net.ipv6.conf.default.accept_ra=0
net.ipv6.conf.default.accept_ra_defrtr=0
net.ipv6.conf.default.accept_ra_rtr_pref=0
net.ipv6.conf.default.accept_ra_pinfo=0
net.ipv6.conf.default.accept_source_route=0
net.ipv6.conf.default.accept_redirects=0
net.ipv6.conf.default.forwarding=0
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.all.accept_dad=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.all.accept_ra_defrtr=0
net.ipv6.conf.all.accept_ra_rtr_pref=0
net.ipv6.conf.all.accept_ra_pinfo=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.all.forwarding=0

Add epel repo

Usefull if you want to install htop

# RHEL/CentOS 7 64-Bit ##
 wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
 rpm -ivh epel-release-7-2.noarch.rpm

## RHEL/CentOS 6 32-Bit ##
 wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
 rpm -ivh epel-release-6-8.noarch.rpm

## RHEL/CentOS 6 64-Bit ##
 wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
 rpm -ivh epel-release-6-8.noarch.rpm

Add PUIAS Computational repository

For git

wget -O /etc/yum.repos.d/PUIAS_6_computational.repo https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/install/centos/PUIAS_6_computational.repo
#import key
wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-puias http://springdale.math.ias.edu/data/puias/6/x86_64/os/RPM-GPG-KEY-puias
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-puias

Install fail2ban

yum install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
#edit the file
vim /etc/fail2ban/jail.local

#setup the service

chkconfig --add fail2ban 
chkconfig  fail2ban  on
/etc/init.d/fail2ban start

#veryfiy with iptables
iptables -L