Initial Server Setup with CentOS 7
When you buy your CentOS 7 server this will be automatically provisioned and built for you. From there you should be able to find it in the Manage VPS section of your account. Selecting Options > Manage from the Manage VPS page will take you to the overview for your VPS.
From here you can find the root login details at the time the VPS was provisioned. Please note that if you update these details, the UI will not also update - so take care when changing the root password.
This article goes through what you should do to create a solid base for your new server, before installing or configuring any software or services.
Step 1 - Logging in
Initially, there will only be the root account set up. You'll first want to note the username for the server which should always be root and the given password and IP address on the right hand side of the VPS overview page. The password can be seen be clicking on the eye symbol.
You can connect to VPS using these details by following our guide here.
The root user is an administrative user and has full access rights to everything on the VPS. With this in mind we'd discourage you from using it on a regular basis. This is because root user access can make very devastating changes and mistyping a single command could potentially cause unfixable damage to the server.
With that in mind, we'll now go through creating a new user with reduced privileges.
Step 2 - Creating a User
Once you're logged into the server using the default root details, you can create a new user. This example creates the user admin but you can use whatever name you like.
# adduser admin
Next we set a password for the new user:
# passwd admin
Changing password for user admin. New password: Retype new password: passwd: all authentication tokens updated successfully.
From here the user will be ready to be used. We'll also want to give them access to the sudo command, so that they can run commands as root when needed.
Step 3 — Granting Administrative Privileges
Now we have our normal user account, we'll want to give them increased privileges. We do this because sometimes you'll need to run commands as root and we don't want to be swapping between this user and root all the time.
What we're going to do is make our user a "superuser". This means that will have access to the sudo command - meaning they can run other commands as if they are the root user.
To do this we're going to add them to the wheel group. The wheel group in CentOS 7 is a default group that allows users to use the sudo command.
We'll need to use our root user and run the command below, replacing admin with whatever you called your user.
# usermod -aG wheel admin
Now if you log in with your new user you can type sudo before other commands to run them as if you were the root user.
Step 4 — Setting Up a Simple Firewall
Firewalls provide some simple security for your server. They're responsible for stopping traffic going to every port on your server with the exception of those that you've approved specifically. CentOS has a service called firewalld to do this and the tool used to configure this service is called firewall-cmd.
First you'll want to install firewalld with the following command:
# dnf install firewalld -y
As the default settings for firewalld allow for SSH connections we can turn the service on straight away:
# systemctl start firewalld
Then we can check the status of the service to make sure it's started:
# systemctl status firewalld
That should give you something like:
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-07-13 13:26:32 BST; 4min 54s ago
Docs: man:firewalld(1)
Main PID: 18518 (firewalld)
Tasks: 2 (limit: 11222)
Memory: 24.5M
CGroup: /system.slice/firewalld.service
└─18518 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
You can see this is both active and enabled. This means that it will start by default when and if the server is rebooted.
Now we have the servive running we can use firewall-cmd to retrieve and apply policies to the firewall.
We'll first list the services already allowed:
# firewall-cmd --permanent --list-all
Which give us:
public target: default icmp-block-inversion: no interfaces: sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Then to get other services you can enable by name, you run:
# firewall-cmd --get-services
And to add a service that should be allowed through the firewall you use the --add-service flag:
# firewall-cmd --permanent --add-service=http
Running the above would add the http service and allow TCP traffic to port 80. You'll then need to reload the firewall:
# firewall-cmd --reload
Going forward, keep in mind that you have to open the firewall with services or ports for any additional services you may configure later.
Step 5 — Enabling Access for Your None-Root User
Now that we have a normal non-root user, we'll need to make sure that we can use it to access the server.
Like how we accessed the root user originally with a password, you should now be able to make a similar connection to the server using the user we have created.
If you're connecting from PuTTY you'll just need to use the new username when connecting in place or root.
If you're connecting from a Linux server you'll just need to use the command:
# ssh admin@yourServerIP
Then enter the password you set when prompted.
Once connected, keep in mind that to run a command with administrative privileges you have to type sudo before it like so:
# sudo command_to_run
To improve the servers security, we would strongly recommend setting up SSH keys instead of using password authentication. To do that you can follow our guide here on setting up SSH Key's for CentOS 7.
Conclusion
From here you have a good foundation for your server. You can now install any software you may need on your server.