In this guide, we will show you the CentOS 8 Server initial setup and Basic Configuration after its installation. There are some basic primary configurations that you need to do to ensure the new CentOS 8 server is ready to host your applications and services.
The following guide will cover basic service configurations such as SSH, Chrony, and Firewalld. And we will install some essential command utilities that you must have on your server.
Prerequisites
- CentOS 8 Server installed
- Root privileges
- Basic Linux Command-line
1. Update and Upgrade Packages
Firstly, after installing the CentOS 8 server, we need to check all available updates of default packages.
Since CentOS 8 replace the yum package manager with DNF, we will be using the ‘dnf’ command for all related packages management.
Now check available updates of default packages using the command below.
dnf check-update
The command will show you the list of packages that needed to be updated. Now run the following command to update all packages.
dnf update
Wait for all packages being updated.
Once it’s complete, you can remove all packages cached to get more free space.
dnf clean all
Now all default packages on CentOS 8 server have been updated to the latest version.
2. Install Additional Repository
In this section, we’re going to add the repository for CentOS 8 Server. We’re going to add the EPEL (Extra Package for Enterprise Linux) repository to the CentOS 8 server.
Besides the CentOS 8 has a new content package repository called ‘BaseOS’ and ‘AppStream’, we still need a more additional repository for our CentOS 8 Server.
Install the EPEL repository through the dnf command below.
dnf install epel-release
Once the installation is complete, check the list of the repository on CentOS 8 server.
dnf repolist
And you will get the EPEL repository on the list.
As a result, the EPEL repository has been added to the CentOS 8 server.
3. Install Basic Utilities
After adding the new EPEL repository, we’re going to install some additional packages to the system.
We’re going to install some basic packages command-line utility such as net-tools, vim, htop, telnet, etc. Install Basic command-line utility for CentOS 8 server using the dnf command below.
dnf install net-tools bind-utils vim telnet policycoreutils git htop
Once all packages installation is completed, go to the next section.
4. Setup Timezone and NTP Service
In this step, we’re going to set up the timezone and synchronize time though the NTP server using chrony service.
– Setup Timezone
Firstly, check the timezone that currently used by the system using the following command.
timedatectl
And you will get the result as below.
Now check all available timezone and specify with your own country name using the following command
timedatectl list-timezones | grep YOUR-COUNTRY
Once your country timezone is on the list, you can apply the timezone to the system using the command as below.
timedatectl set-timezone Asia/Jakarta
And the timezone configuration for CentOS 8 has been completed.
– Setup NTP Client
After configuring the timezone, we’re going to set up the NTP service on the CentOS 8 server. The NTP service will keep the time automatically synchronize with the NTP pool.
By default, the CentOS 8 server is using the ‘Chrony’ package for managing NTP. Check the chrony packages and make sure it’s installed on your system.
dnf list installed | grep chrony
Now you will get the chrony package on the list.
Next, edit the chrony configuration ‘/etc/chrony.conf’ using vim editor.
vim /etc/chrony.conf
Change the pool with your own location pool server.
pool 0.id.pool.ntp.org iburst
Save and close the configuration file, then restart the chronyd service.
systemctl restart chronyd
Now the chrony service is up and running with the new NTP pool.
Next, we need to enable the network time synchronization on the system using the timedatectl command below.
timedatectl set-ntp yes
Now the network time synchronization has been enabled, check using the following command.
timedatectl
And you will get the result as below.
As a result, the NTP service is active and the system clock synchronization enabled.
Additionally, you can track the NTP connection using the chronyc command as below.
chronyc tracking
Below is the result.
5. Setup SSH
In this section, we’re going to set up the SSH service for basic security. We’re going to set up the SSH key-based authentication, disable root login and password authentication, and whitelist users.
– Setup SSH key-based authentication
To enable the SSH key-based authentication, you will need to generate the SSH key from your local computer.
Generate the SSH key using the following command.
ssh-keygen
The SSH key ‘id_rsa’ and ‘id_rsa.pub’ is generated to the ‘~/.ssh’ directory.
Next, copy the public key ‘id_rsa.pub’ to the CentOS 8 server using the ‘ssh-copy-id’ command below.
ssh-copy-id hakase@SERVERIPADDRESS TYPE YOUR PASSWORD
Once the public key is uploaded, try to login to the CentOS 8 server.
ssh hakase@SERVERIPADDRESS
Now you will not be prompted for the SSH password, because you’re logged in to the CentOS 8 server with the SSH private key ‘~/.ssh/id_rsa’.
As a result, the SSH key-based authentication has been enabled.
– Setup SSH Basic Security
After configuring the SSH key-based authentication, we’re going to set up the SSH basic security by disabling the root login, disable the password authentication, and enable the whitelist users.
Note:
Before implementing this configuration, ensure you have the user with the root privileges and make sure the SSH key-based authentication has been enabled on your server.
Now go to the ‘/etc/ssh’ directory and edit the configuration file ‘sshd_config’ using vim editor.
cd /etc/ssh/ vim sshd_config
On the ‘PermitRootLogin’ and ‘PasswordAuthentication’ configurations, change both values to ‘no’.
PermitRootLogin no PasswordAuthentication no
Now change the ‘hakase’ user with your own and paste the following configuration to the end of the line.
AllowUsers hakase
Save the configuration file and exit.
Next, test the ssh configuration and make sure there is no error, then restart the ssh service.
sshd -t systemctl restart sshd
Now the root user cannot log in to the server, the password authentication has been disabled, and only user ‘hakase’ is allowed to log in to the CentOS 8 server through SSH.
And as a result, the basic SSH security configuration has been completed.
6. Setup Firewalld
In this section, we’re going to enable the CentOS 8 firewall. We’re going to enable the firewalld service and add some basic ports into it.
Check if the firewalld package is installed on the system using the following command.
dnf list installed | grep firewalld
Check the firewalld service status.
systemctl status firewalld
And you will get the result as below.
The firewalld package is automatically installed on the CentOS 8 server by default.
Next, make a list of services that as you need and the port that will be used by your services. For this guide, we just want to add the HTTP and HTTPS services to the firewalld.
Now run the following commands to add HTTP and HTTPS services to the firewalld.
firewall-cmd --add-service=http --permanent firewall-cmd --add-service=https --permanent
check the firewalld rules and make sure there is no error, then reload the firewalld.
firewall-cmd --check-config firewall-cmd --reload
Now the HTTP and HTTPS services have been added to firewalld rules, check the firewalld list services using the command below.
firewall-cmd --list-services
And you will get the result as below.
As a result, the basic firewalld configuration has been completed.
And the Basic initial setup and configuration of the CentOS 8 server have been completed.
