Firewalls
The Internet is a dangerous place, by being out in the open, your server is exposed to major threats. Threats exploit vectors of entry, which could be exposed services that run or listen to certain ports.
Thus, the right thing to do is to build a firewall to block these ports from outside access, and allow others with reservations.
Install and enable FirewallD at boot:
sudo yum install firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld
We will use the public
zone as our foremost and only zone, since we are using a server with only one network interface, eth0
, and we are firewalling against the whole internet.
The first step is to enable the SSH service, since you probably want to retain the ability to connect remotely.
sudo firewall-cmd --permanent --zone=public --add-service=ssh
If you want to enable the HTTP and HTTPS service, add these services as well.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
Finally, when you are sure that the ssh
service is still enabled on the public
zone, reload the rules and enable the zone. If it worked, you will still be able to connect via SSH, and can now access HTTP and HTTPS servers externally. All other ports/services will be blocked to the world (for now).
sudo firewall-cmd --reload
sudo firewall-cmd --zone=public --change-interface=eth0
You can now set up other services with the firewall in a similar way. Make sure to reload the rules right to commit your changes.
sudo firewall-cmd --reload
A CLI interface to iptables that is utterly uncomplicated. Great for Debian/Ubuntu home servers.
There's good ol' iptables for advanced configuration, but I don't really deal with it, so look elsewhere.
Guides to configuring Debian home servers.
- Debian Netinstall - Barebones system with only what you need.
- Crunchbang - God Save the Crunch. Minimal Desktop Debian, with BunsenLabs and CB++.
- CentOS - What if Red Hat Linux was free?
- Port Forwarding - To remotely access a server on the open internet, you must port forward the services.
- Static IP - You should set a static IP for a server within the router DHCP subnet.
- Torrents - Torrent Servers
- IRC Bouncer - IRC Bouncers are critical to idling on IRC servers and receiving private messages.
- Web Server - Which web server is right for you?
- Partitioning - How to arrange the partitions.
- Bind Mount Directories
- NAS - Build a Network Attached Storage array.
- LTO Tape - The holy grail of archival storage on the cheap.
- Disable Lid Suspend - Don't suspend when the laptop lid is down.
- Disable PC Speaker Beep - It can be annoying if you accidentally press a wrong command and your server at home beeps randomly.
Guides for configuring and setting up a true CentOS dedicated server/VPS.
Always thoroughly test your dedicated server before you use it.
- Memtest - Test the sanity of your memory (especially non-ECC)
- Hard Drive Test - Test the reliability of your hard drives.
- Speed Test - Test connection speeds and peering worldwide, as well as read/write speeds.
- Stress Test - Test the overall performance of the computer.
- Hostname - The hostname is related to your server's primary domain.
- Firewalls - Easy firewalls with FirewallD.
- Web Server - A production dedicated server has a more complex web server design.
- Rsync Server - Rsync Servers are a reliable way of transmitting and syncing data across the internet, without resending what was already synced
- Handling Admin Privileges
- King in the Mountain - Create an emergency root account with a special SSH key put in a safe place.
-
Sudo - Give certain trusted users administrative (root) privileges, which are revokable.
- Passwordless Sudo - If you have SSH keys anyway, why type a second password?.