Wednesday, January 20, 2010

Initial Setup for CentOS

Set up users and groups

Create staff group with gid 123
$ /usr/sbin/groupadd -g 123 staff

Create users (with uid 1234, with user gid 123)
$ /usr/sbin/useradd -c "John Doe" -d /home/jdoe -u 1234 -s /bin/bash -g 123 jdoe

To see useradd default: $ useradd -D

Force user to change password upon login
$ passwd -e jdoe

# If not available, just expire the account by
$ chage -d0 jdoe

Add user to wheel group
# Enabled sudo for wheel group
$ visudo

# uncomment this line:
# %wheel ALL=(ALL) ALL

# Add user to wheel group
$ usermod -G10 jdoe

Set hosts.allow to allow ssh (port 22) for specific network (e.g. 123.456.789.* with subnet 255.255.255.0) and hosts.deny to deny everywhere else.
$ cat /etc/hosts.allow
#
# hosts.allow   This file contains access rules which are used to
#               allow or deny connections to network services that
#               either use the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
sshd: 123.456.789.0/255.255.255.0

$ cat /etc/hosts.deny
#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
All:All


Disallow root login in via ssh by uncomment the following line.
$ vi /etc/ssh/sshd_config

#PermitRootLogin no

$ /etc/init.d/sshd restart