![]() It is possible to set up CentOS 8 to update automatically, but this might not be desired. Updating packages can greatly reduce the risks for your server, since new versions patch known security vulnerabilities and exploits. For additional security, consider disabling password authentication completely and setting up pairs of ssh keys for remote logins. It will now listen to a port that is rarely subjected to brute force attacks. If SELinux is active on the server, also run the following command in order to modify its default policy, and then restart the sshd service: semanage port -a -t ssh_port_t -p tcp 22212 You will notice that the line that sets up the port is commented out, so add a new one with a port between 1000 (in this example, 22212), then save and close the file: ![]() You should change it to a random one, so edit the configuration file of the secure shell server: vi /etc/ssh/nfig The SSH service is one of the most targeted by hackers, especially when running on the well-known default port 22. ![]() If you wish, you can also choose an alternative firewall solution that offers enhanced features, such as CSF. Allow access only for trusted IP addresses and open only the ports required by the services that run on the server. The default firewall on CentOS systems is firewalld, you can start and enable the service with the following commands: systemctl start firewalldįirewalld configuration is outside the scope of this article, but the commands are simple and intuitive. Configuring the firewall is usually the first security task on a fresh installation, in order to allow traffic only for specific services and ports.
0 Comments
Leave a Reply. |