Initial Server Setup and Configurations on RHEL 7

Red Hat Enterprise Linux (RHEL) 7 is a Linux-based operating system from Red Hat designed for businesses. This article provides a practical guide on performing initial server setup and configurations on RHEL 7. We will walk through essential first steps to prepare a RHEL 7 server for production use.

Logging in as Root

After your server boots, you will log in as the root user. The root user is the administrative user in a Linux environment with full system privileges.

ssh root@your_server_ip

Creating a New User

After logging in as root, it's recommended to create an alternate user account with superuser privileges for everyday use. This follows the principle of least privilege.

adduser username

Grant the new user superuser privileges by adding them to the wheel group ?

usermod -aG wheel username

Setting up a Basic Firewall

RHEL 7 servers use the firewall-cmd tool to manage firewall rules. First, install the firewalld software if not already present ?

yum install firewalld

Loaded plugins: langpacks, ulninfo
Resolving Dependencies
--> Running transaction check
---> Package firewalld.noarch 0:0.8.4-1.el7 will be installed
--> Processing Dependency: python3-firewall = 0.8.4-1.el7 for package: firewalld-0.8.4-1.el7.noarch
--> Processing Dependency: firewalld-filesystem = 0.8.4-1.el7 for package: firewalld-0.8.4-1.el7.noarch
--> Processing Dependency: iptables-services >= 1.4.21-28 for package: firewalld-0.8.4-1.el7.noarch
Complete!

Start the firewalld service ?

systemctl start firewalld

Enable firewalld to start automatically at boot ?

systemctl enable firewalld

Configuring Sudo Access

To allow your regular user to perform administrative tasks without switching to root, configure sudo access. Edit the sudoers file using the visudo command ?

visudo

Find the line that looks like this ?

root    ALL=(ALL:ALL) ALL

Add a similar line for your user ?

username ALL=(ALL:ALL) ALL

Enabling SSH Key-Based Authentication

For enhanced security, enable SSH key-based authentication and disable password-based authentication. Generate SSH keys on your local machine ?

ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:abcdefghijklmnopqrstuvwxyz user@hostname

Copy the public key to your RHEL 7 server ?

ssh-copy-id username@your_server_ip

Disable password authentication by editing the SSH configuration file ?

sudo vi /etc/ssh/sshd_config

Find and modify the PasswordAuthentication line ?

PasswordAuthentication no

Restart the SSH service to apply changes ?

systemctl restart sshd

System Updates

Keep your server updated for security and stability. Update all packages to their latest versions ?

yum update

Setting Up Network Time Protocol

Accurate time synchronization is crucial for log analysis and coordinating with other servers. RHEL 7 uses chrony for NTP synchronization.

sudo yum install chrony

Start and enable the chronyd service ?

sudo systemctl start chronyd
sudo systemctl enable chronyd

Verify time synchronization ?

chronyc sources -v

Configuring SELinux

Security-Enhanced Linux (SELinux) provides mandatory access control security policies. It should remain enabled for production servers.

Check SELinux status ?

sestatus

If disabled, enable it by editing the configuration file ?

sudo vi /etc/selinux/config

Set SELinux to enforcing mode ?

SELINUX=enforcing

Reboot the server for changes to take effect ?

sudo reboot

Optional: Web Server Setup

If hosting web applications, install and configure Apache HTTP Server ?

sudo yum install httpd

Start and enable Apache ?

sudo systemctl start httpd
sudo systemctl enable httpd

Test the installation by accessing ?

http://your_server_ip/

Optional: Database Server Setup

For database-driven applications, install MariaDB ?

sudo yum install mariadb-server

Start and enable MariaDB ?

sudo systemctl start mariadb
sudo systemctl enable mariadb

Secure the installation ?

sudo mysql_secure_installation

Conclusion

These initial setup steps provide a solid foundation for your RHEL 7 server with proper security, user management, and essential services. Additional software and configurations will depend on your specific server requirements, but always prioritize security when making further modifications.