Introduction:
When setting up a new server, it is crucial to follow a series of steps to ensure its security, accessibility, and proper functionality. This article will provide a step-by-step guide on the initial server setup with Rocky Linux 9. By following these steps, you can lay a solid foundation for a secure and efficient server environment.
Step 1: Update System Packages:
After installing Rocky Linux 9, it is essential to update the system packages to their latest versions. Open a terminal on your server and execute the following command:
sudo dnf update
This command will update all the installed packages to their most recent versions, ensuring that your server benefits from the latest bug fixes and security patches.
Step 2: Configure Timezone and NTP:
Proper time synchronization is vital for various server operations and log management. Set the correct timezone on your server using the following command:
sudo timedatectl set-timezone <timezone>
Replace <timezone> with your desired timezone (e.g., “America/New_York”).
Next, configure NTP (Network Time Protocol) to keep your server’s time accurate and synchronized. Install the NTP daemon using the following command:
sudo dnf install -y chrony
Start and enable the chrony service:
sudo systemctl start chronyd sudo systemctl enable chronyd
Step 3: Create a Non-Root User:
Using the root account for everyday tasks is not recommended for security reasons. Create a non-root user with sudo privileges to perform regular administrative tasks. Run the following command to create a new user:
sudo adduser <username>
Replace <username> with your desired username. Set a strong password and provide any additional details as requested.
Grant administrative privileges to the user by adding them to the sudo group:
sudo usermod -aG sudo <username>
Step 4: Secure SSH Access:
Secure Shell (SSH) provides secure remote access to your server. To enhance security, modify the SSH server configuration to disallow root login and enforce key-based authentication.
Open the SSH server configuration file using a text editor:
sudo nano /etc/ssh/sshd_config
Locate the line that specifies PermitRootLogin and change its value to:
PermitRootLogin no
Find the line that specifies PasswordAuthentication and change its value to:
PasswordAuthentication no
Save the file and restart the SSH service:
sudo systemctl restart sshd
Step 5: Configure Firewall:
A firewall acts as a barrier between your server and potential threats. By default, Rocky Linux 9 uses firewalld for managing firewall rules. Ensure that the firewall is enabled and configured to allow necessary services.
Check the status of firewalld:
sudo systemctl status firewalld
If it is not active, start and enable it:
sudo systemctl start firewalld sudo systemctl enable firewalld
Configure the firewall rules based on your specific requirements. Allow essential services such as SSH (port 22) and HTTP (port 80) using the following commands:
sudo firewall-cmd --zone=public --add-service=ssh --permanent sudo firewall-cmd --zone=public --add-service=http --permanent sudo firewall-cmd --reload
Step 6: Install Additional Security Tools (Optional):
Consider installing additional security tools to enhance the protection of your server. Some popular options include fail2ban (to prevent brute-force attacks), rkhunter (to detect rootkits), and ClamAV (for antivirus scanning).
Conclusion:
By following this comprehensive guide, you have successfully completed the initial server setup on Rocky Linux 9. You have updated the system packages, configured the timezone and NTP synchronization, created a non-root user, secured SSH access, configured the firewall, and optionally installed additional security tools. These steps lay a solid foundation for a secure and efficient server environment. Remember to regularly update your server, monitor logs for any suspicious activities, and apply best practices to ensure ongoing server security and performance.
Nilesh R. Agrawal 