Check on listening port

• netstat -tunlp → check open/listening port

Securing SSH config

• more /etc/ssh/sshd_config

  • change port 22
  • PermitRootLogin no

Enable SELinux (SE → Security Enhanced)

• sestatus → check if active
• cat /etc/sysconfig/selinux
• stat myfile → extra context/access
• chcon myfile → change context

OpenLDAP → to manage users from another server

• dnf install openldap* → install everything
• systemctl start slapd
• systemctl enable slapd
• ps -ef | grep slapd → check if running
• cat /etc/openldap/slapd.d/ldap.conf

• cat /etc/nsswitch.conf

  • replace passwd: files sss → ldap

Traceroute → trace network traffic

• traceroute www.mywebsite.com

Secure SSH

Set idle timeout

• nano /etc/ssh/sshd_config

  • ClientAliveInterval 600
  • ClientAliveCountMax 0

Disable root login

• PermitRootLogin no
• PermitEmptyPassword no
• AllowUsers user1 user2
• Port change: 22 → 22224 (not usable port)

Access remote server with SSH keys

• For automation through script

• ssh-keygen

  • leave default folder
  • no passphrase
  • key created

• ssh-copy-id root@192.168.0.53

  • give password of 192.168.0.53

• ssh root@192.168.0.53

  • no password needed!