## Table of Contents
– [Introduction](#introduction
– [Prerequisites](#prerequisites
– [Basic Firewall Configuration](#basic-firewall-configuration
– [Time Zones Configuration](#time-zones-configuration
– [Synchronizing a Network Time Protocol](#synchronizing-a-network-time-protocol
– [Create a Swap File](#create-a-swap-file
– [Conclusion](#conclusion
## Introduction
In most cases, there are a few additional steps that are highly recommended for setting up the basic configuration for a new server. In this guide, we will explain to you about a few additional recommended steps for new CentOS servers.
## Prerequisites
You must have installed Initial server setup on CentOS 7 guide.
## Basic Firewall Configuration
A firewall is a protection from unauthorized access to a server. It is a network security device that monitors traffic to your server and allows or blocks specific traffic based on predetermined security rules. This is just a basic level of security for a server.
The firewalld service has an ability to do modifications, but it cannot drop the current connections, So you can turn it on before creation your firewall.
“`
$ sudo systemctl start firewalld
“`
Now the service set up and also running. To get set policy information for the firewall, you can use the firewall-cmd. It uses the concept of “Zones” to label the trust of other hosts on a network.
In this guide, we will adjust the policies for the default zone. When you reload our firewall, this will be the zone applied to your interfaces.
You have to add some exceptions to your firewall for approved services. SSH is the most essential because we need to retain administrative access to the server.
If you haven’t modified the port that the SSH daemon is running on, you can enable the service by name by entering below command.
“`
$ sudo firewall-cmd –permanent –add-service=ssh
“`
If you changed your SSH port for your server, then you have to specify the new port. And also include the protocol that the service uses. If your server has already restarted to use the new port then enter the below commands.
“`
$ sudo firewall-cmd –permanent –remove-service=ssh
$ sudo firewall-cmd –permanent –add-port=4444/tcp
“`
If you have a plan on running additional services, then you need to open a firewall for those as well. If you have a plan on running a conventional HTTP server, you have to enable the HTTP service.
“`
$ sudo firewall-cmd –permanent –add-service=http
“`
If you have a plan to run a web server with SSL/TLS enabled, You have to allow traffic for https as well.
“`
$ sudo firewall-cmd –permanent –add-service=https
“`
If you want SMTP email enabled, then you can enter the below command.
“`
$ sudo firewall-cmd –permanent –add-service=smtp
“`
If you want any additional services, then you can enable it by entering below command.
“`
$ sudo firewall-cmd –get-services
“`
If you want to see the list of exceptions that you implemented, you can use below command.
“`
$ sudo firewall-cmd –permanent –list-all
“`
To implement the changes, you have to reload the firewall by entering the below command.
“`
$ sudo firewall-cmd –reload
“`
After testing it will works as you expected. But you have to make sure that the firewall will be started at boot by entering below command.
“`
$ sudo systemctl enable firewalld
“`
## Time Zones Configuration
The first step is to set your server’s timezone. To do this use the timedatectl command.
To know available timezones use the below command.
“`
$ sudo timedatectl list-timezones
“`
Then you will get a list of time zones available for your server. If you find your region/timezone setting that is correct for your server, set it by entering the below command.
“`
$ sudo timedatectl set-timezone region/timezone
“`
For example, you can set it to United States eastern time, enter the below command.
“`
$ sudo timedatectl set-timezone America/New_York
“`
Then your system will be updated to use that timezone now. You can confirm by entering below command.
“`
$ sudo timedatectl
“`
## Synchronizing a Network Time Protocol
Till now, you have set your time zone, now you have to configure NTP. Then only your computers are synchronized with other servers.
For synchronizing NTP, we will use one service named ntp, which we can install from CentOS’s default repository.
“`
$ sudo yum install ntp
“`
Now, you have to start the service for this session. You also have to enable the service so that it is automatically started time the server boots.
“`
$ sudo systemctl start ntpd
$ sudo systemctl enable ntpd
“`
To align with the global servers your server will now automatically corrects its system clock.
## Create a Swap File
If we add swap to Linux server then it allows moving the less frequently accessed information from RAM to swap location on the disk.
Accessing data which is available on disk is little slower than accessing in the RAM but having swap is makes difference like application alive and crashing.
Generally, the amount of swap is equal to or double the amount of RAM is good.
By using the fallocate utility, to allocate the space for Swap file.
For example, if you want 4 GB file then we can create a file by the following command.
“`
sudo fallocate -l 4G /swapfile
“`
Once the file is created, then we need to restrict the access to the file, so that other process cannot see the file. Use the following command to do so.
“`
sudo chmod 600 /swapfile
“`
Now we are having a file with required permissions. If we want to tell the system for swap then use the following command.
“`
sudo mkswap /swapfile
“`
Now the system can use the swap file by using the below command.
“`
sudo swapon /swapfile
“`
If you want to modify the system file instead of a swap file then use the following command so that the server will automatically boot.
“`
sudo sh -c ‘echo “/swapfile none swap sw 0 0” >> /etc/fstab’
“`
## Conclusion
In this guide, we have described the Additional Recommended Steps for New CentOS servers.