Skip to content Skip to sidebar Skip to footer
Home / Configure / Firewall / Network / Selinux / SSH

Configuration Before Building the Webserver on RHEL 7

By Bangkit Ade Saputra Post a Comment

Hello everyone, welcome to the kitsake.com blog. I hope you are all doing well and always blessed with ease in everything, whether life or work. Amen.

Are you currently looking for a topic about Linux, particularly "What should be done after you install the Linux RHEL 7 operating system?" If so, then this post is the answer.

In this post, I will share some things that need to be configured before this server is run and used by many people when turned into public apps. So, what are they? Below, I'll explain the details and how to do it.

Disable SELinux in Server RHEL 7

Perhaps some of you may disagree when disabling Selinux, while others may agree. For me personally, Selinux is indeed good for its security, as everything needs to be whitelisted to be accessed. 

However, it can be too complicated. That's the reason why I disable it to avoid troubling myself, especially since some of you may not be familiar with Selinux knowledge itself.

Now, to do it, you can follow the steps below to disable SELinux:

Check Selinux status

First, you need to check the status of SELinux. Typically, when the OS is still fresh or newly installed RHEL 7, the status is enforced.

This check can also serve as a reference point for you to know the differences after you modify SELinux.

# sestatus

Change the Selinux setting so they are not active

After you know the SELinux status, you can modify it in the SELinux configuration file to disable.

# vi /etc/selinux/config
disable selinux
disable SELinux
and then change in the SELINUX=enforcing to SELINUX=disabled then - Save & Close

So, that's how you do it, but our previous configuration changes have not been fully applied because modifying the SELinux configuration file requires a server restart. However, do not restart yet, as we will do it in the final step because we will continue with setting up several services.

Disable Firewall in Server RHEL 7

Firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, and IPv6 firewall settings, and for ethernet bridges and has a separation of runtime and permanent configuration options. It also supports an interface for services or applications to add firewall rules directly.

The explanation above is obtained on a global scale. This is also similar to the Selinux service, which can be quite complicated to implement on the server. But if you don't have a firewall layer above the server, I suggest you enable Firewalld. In most cases and many companies, they already have firewall devices, so I turn it off at the OS level.

Turn off the firewall in Linux

You can see the steps below on how to do it:
# systemctl stop firewalld

Disable to automatically turn on when booting

And type the command below to ensure that the firewalld service will not be running after the system restarts. This is because, when it starts running again, ports or services within your system that have not been registered in firewalld will not function properly.

# systemctl disable firewalld

Change the default port of ssh

Alright, next, we will change the default SSH port, which is port 22. This will be even more effective when combined with custom NAT on network devices. It enhances security, making it harder for external parties to penetrate our server. Here are the steps:

# vi /etc/ssh/sshd_config
custom port for ssh
custom port for ssh

and then change the #Port 22 to Port 1234 (whatever you want) then save & close

Make Banner on Server and will display when starting ssh

The contents of /etc/motd are displayed by login(1) after a successful login but just before it executes the login shell.

The abbreviation "motd" stands for "message of the day", and this file has been traditionally used for exactly that (it requires much less disk space than mail to all users).

This feature is also cool, even though it's just a banner with custom text output. However, don't underestimate it; it can serve as a reminder that we are accessing the system and need to be cautious, especially in a production environment. 

It helps us identify which system we are on and reminds us to proceed with caution. While on a development server, we may be more relaxed, but on a production server, we must be careful.

To create your own warning banner, you can follow the steps below:

Adding some decorator when you first remotely server

# vi /etc/motd

Change network settings to static

Now, setting up the network usually happens when we overlook it during the RHEL 7 OS installation. We might have initially set it up with DHCP, but it needs to be reconfigured as static to ensure a more stable connection.
# vi /etc/sysconfig/network-scripts/ifcfg-ens33
make static ip on server
make static ip on the server

input some settings such as IP address, gateway, and others, like the picture above. then save & close.

Apply all configured

After the above services have been properly configured, the next step is to restart the server to apply all the configurations successfully. to implement and convincingly restart the server.
# reboot

Closing statement:

Yes, that's the article "Configuration Before Building the Webserver on RHEL 7". It's straightforward. Feel free to comment below if you have any additional services that can be set up.

Maybe that's all I can share with you guys, hopefully, this article will be useful.

Thank You

Bangkit Ade Saputra
Bangkit Ade Saputra At the end of the day, my job involves people. we're complicated, we're always changing, we have millions of things going on in our lives, and changing jobs is always a big decision.

Post a Comment for "Configuration Before Building the Webserver on RHEL 7"