{"id":922,"date":"2017-10-30T11:53:35","date_gmt":"2017-10-30T11:53:35","guid":{"rendered":"https:\/\/www.newdelhihosting.co.in\/blog\/?p=922"},"modified":"2017-10-30T13:04:30","modified_gmt":"2017-10-30T13:04:30","slug":"first-step-after-getting-a-centos-vps","status":"publish","type":"post","link":"https:\/\/www.newdelhihosting.co.in\/blog\/first-step-after-getting-a-centos-vps\/","title":{"rendered":"First Step After Getting a Centos VPS"},"content":{"rendered":"

Step1:-<\/strong><\/p>\n

The first Step you should do to connect to your server via SSH. You will need to know the IP address and the SSH port of your server.<\/p>\n

There are different ways to connect to your server, depending on the operating system you use.<\/p>\n

For Windows, you can use a free open source application called PuTTY.
\nFor Linux or Mac, you can use the Terminal.
\nFor a more guide on how to connect you can check out https:\/\/www.newdelhihosting.co.in\/blog\/how-to-vps-login-via-ssh\/<\/a><\/p>\n

Step2:-<\/strong><\/p>\n

After successfully connecting to your server, is to update your server. On CentOS you can do this with the following command:<\/p>\n

yum update<\/pre>\n
This will update the already installed packages on your system and install the latest security updates.
\nYou should regularly update your server. Try to set up a reminder for yourself to do it at least once a month or optionally you can enable automatic updates, so you don\u2019t have to do it manually.<\/p>\n
If you are using a centos 7 VPS, you should follow the instructions below:<\/p>\n
# yum -y install yum-cron<\/pre>\n
Once yum-cron is installed it is time to configure it. The default configuration file is \/etc\/yum\/yum-cron.conf. You can edit the file using your favorite text editor. The following options should be set:<\/p>\n
# update_cmd = default\r\n# apply_updates = yes<\/pre>\n
Save the file and restart the service<\/p>\n
# systemctl restart yum-cron<\/pre>\n
Enable the service on system boot:<\/p>\n
# systemctl enable yum-cron<\/pre>\n
Step3:-<\/strong>
\nSecuring your server properly is one of the most important steps you need to do after getting a new VPS.
\nTo get more knowledge for securing server click here https:\/\/www.newdelhihosting.co.in\/blog\/tips-for-securing-your-cpanel-server\/ <\/a><\/p>\n
Step4:-<\/strong><\/p>\n
Installation of CFS dependencies.<\/h4>\n
1)CSF is based on\u00a0Perl,<\/em>\u00a0so we need to install Perl on the server first.<\/p>\n
#yum install wget perl-libwww-perl.noarch perl-Time-HiRes<\/pre>\n
2) Installing CSF.
\nGo to the \u201c\/usr\/src\/\u201d directory and download CSF with wget command.<\/p>\n
#cd \/usr\/src\/\r\n#wget https:\/\/download.configserver.com\/csf.tgz<\/pre>\n
Now, extract the tar.gz file and go to the csf directory, then install it<\/p>\n
#tar -xzf csf.tgz\r\n#cd csf\r\n#sh install.sh<\/pre>\n
You will get the information that CSF installation is completed at the end as below.<\/p>\n
\u2018csf\/configserver.css\u2019 -> \u2018webmin\/csf\/images\/configserver.css\u2019\r\n\u2018csf\/csf-loader.gif\u2019 -> \u2018webmin\/csf\/images\/csf-loader.gif\u2019\r\n\u2018csf\/csf_small.png\u2019 -> \u2018webmin\/csf\/images\/csf_small.png\u2019\r\n\u2018csf\/csf.svg\u2019 -> \u2018webmin\/csf\/images\/csf.svg\u2019\r\n\u2018csf\/jquery.min.js\u2019 -> \u2018webmin\/csf\/images\/jquery.min.js\u2019\r\n\u2018csf\/LICENSE.txt\u2019 -> \u2018webmin\/csf\/images\/LICENSE.txt\u2019\r\n\u2018csf\/loader.gif\u2019 -> \u2018webmin\/csf\/images\/loader.gif\u2019\r\n\u2018\/etc\/csf\/csfwebmin.tgz\u2019 -> \u2018\/usr\/local\/csf\/csfwebmin.tgz\u2019\r\n\r\nInstallation Completed<\/pre>\n
Now, we should check that CSF really works on this server. Go to the \u201c\/usr\/local\/csf\/bin\/\u201d directory, and run \u201ccsftest.pl\u201d.<\/p>\n
#cd \/usr\/local\/csf\/bin\/\r\n#perl csftest.pl<\/pre>\n
If you see the test results as ,
\n\u201cRESULT: csf should function on this server\u201d then CSF is running without problems on your server.<\/p>\n
[root@newdelhihosting csf]# cd \/usr\/local\/csf\/bin\/\r\n[root@newdelhihosting bin]# perl csftest.pl\r\nTesting ip_tables\/iptable_filter...OK\r\nTesting ipt_LOG...OK\r\nTesting ipt_multiport\/xt_multiport...OK\r\nTesting ipt_REJECT...OK\r\nTesting ipt_state\/xt_state...OK\r\nTesting ipt_limit\/xt_limit...OK\r\nTesting ipt_recent...OK\r\nTesting xt_connlimit...OK\r\nTesting ipt_owner\/xt_owner...OK\r\nTesting iptable_nat\/ipt_REDIRECT...OK\r\nTesting iptable_nat\/ipt_DNAT...OK\r\n\r\nRESULT: csf should function on this server\r\n[root@newdelhihosting bin]#<\/pre>\n
3)Configure CSF on CentOS 7<\/p>\n
Before stepping into the CSF configuration process, the first thing we must know is that \u201cCentOS 7\u201d has a default firewall application called \u201cfirewalld\u201d. We have to stop firewalld and remove it from the startup.<\/p>\n
Stopping the firewalld and Removing it from the startup:<\/p>\n
#systemctl stop firewalld\r\n#systemctl disable firewalld<\/pre>\n
Now, we can step into the CSF Configuration directory \u201c\/etc\/csf\/\u201d and edit the file \u201ccsf.conf\u201d<\/p>\n
#cd \/etc\/csf\/\r\n#nano csf.conf<\/pre>\n
Change line 11 \u201cTESTING \u201c to \u201c0\u201d for applying the firewall configuration.<\/p>\n
TESTING = “0”
\nBy default CSF allows incoming and outgoing traffic for the SSH standard port 22, if you use a different SSH port then please add your SSH port to the configuration in line 139 \u201cTCP_IN\u201d.<\/p>\n
Note : Save \u201ccsf.conf\u201d once you configured .<\/p>\n
Now, we can start CSF and LFD.<\/p>\n
#systemctl start csf\r\n#systemctl start lfd<\/pre>\n
After starting csf and lfd, we need to enable csf and lfd services to be started at boot time.<\/p>\n
#systemctl enable csf\r\n#systemctl enable lfd<\/pre>\n
4) \u2013 Advanced Configuration<\/p>\n
Here are some tweaks about CSF, so you can configure as you need.<\/p>\n
Back to the csf configuration directory, and edit the csf.conf configuration file<\/p>\n
#nano \/etc\/csf\/csf.conf<\/pre>\n
1. Don\u2019t Block IP addresses that are in the csf.allow files.<\/p>\n
By default lfd also will block an IP under csf.allow files, so if you want that an IP in csf.allow files never get blocked by lfd, then please go to the line 272 and change \u201cIGNORE_ALLOW\u201d to \u201c1\u201d. This is useful when you have a static IP at home or in office premises and want to ensure that your IP never gets blocked by the firewall on your internet server.<\/p>\n
IGNORE_ALLOW = \"1\"<\/pre>\n
2. Allow Incoming and Outgoing ICMP.<\/p>\n
Go to the line 152 for incoming ping\/ICMP.<\/p>\n
ICMP_IN = \"1\"\r\n\r\n. . .\r\n\r\nICMP_OUT = \"1\"<\/pre>\n
3. Block Certain Countries<\/p>\n
CSF provide an option to allow and deny access by country using the CIDR (Country Code). Go to line 836 and add the country codes that shall be allowed and denied<\/p>\n
CC_DENY = \"PK,UK,US\"\r\nCC_ALLOW = \"IN,ID,MY,DE\"<\/pre>\n
4. Send the Su and SSH Login log by Email.<\/p>\n
You can set an email address that is used by LFD to send an email about \u201cSSH Login\u201d events and users that run the \u201csu\u201d command, go to the line 1069 and change the value to \u201c1\u201d.<\/p>\n
LF_SSH_EMAIL_ALERT = \"1\"\r\n\r\n...\r\n\r\nLF_SU_EMAIL_ALERT = \"1\"<\/pre>\n
define the email address you want to use in line 588.<\/p>\n
LF_ALERT_TO = “yourmail@yourdomain.tld”
\nIf you want more tweaks, read the options in the \u201c\/etc\/csf\/csf.conf\u201d configuration file.<\/p>\n
Once you done the tweaks, save the file and reload the firewall rules with<\/p>\n
#csf -r<\/pre>\n","protected":false},"excerpt":{"rendered":"
Step1:- The first Step you should do to connect to your server via SSH. You will need to know the IP address and the SSH port of your server. There are different ways to connect to your server, depending on the operating system you use. For Windows, you can use a free open source application…<\/p>\n","protected":false},"author":1,"featured_media":928,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[14],"tags":[],"class_list":["post-922","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vps-2"],"jetpack_featured_media_url":"https:\/\/www.newdelhihosting.co.in\/blog\/wp-content\/uploads\/2017\/10\/vps.jpg","_links":{"self":[{"href":"https:\/\/www.newdelhihosting.co.in\/blog\/wp-json\/wp\/v2\/posts\/922"}],"collection":[{"href":"https:\/\/www.newdelhihosting.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newdelhihosting.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newdelhihosting.co.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newdelhihosting.co.in\/blog\/wp-json\/wp\/v2\/comments?post=922"}],"version-history":[{"count":5,"href":"https:\/\/www.newdelhihosting.co.in\/blog\/wp-json\/wp\/v2\/posts\/922\/revisions"}],"predecessor-version":[{"id":927,"href":"https:\/\/www.newdelhihosting.co.in\/blog\/wp-json\/wp\/v2\/posts\/922\/revisions\/927"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newdelhihosting.co.in\/blog\/wp-json\/wp\/v2\/media\/928"}],"wp:attachment":[{"href":"https:\/\/www.newdelhihosting.co.in\/blog\/wp-json\/wp\/v2\/media?parent=922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newdelhihosting.co.in\/blog\/wp-json\/wp\/v2\/categories?post=922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newdelhihosting.co.in\/blog\/wp-json\/wp\/v2\/tags?post=922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}