클라우드 서버 도움말

Additional Recommendations for New Servers - CentOS 6

Difficulty: 1
Time: 10 minutes

After you’ve set up your server, there a few other steps we recommend to make sure your server’s secure and works like you’d expect.

These steps are optional, but they’re the kind of things that seasoned admins make sure are taken care of.

Set up a basic firewall

Like most other Linux™ distributions, the default firewall on CentOS 6 is iptables. iptables is the full suite of commands used to manage netfilter, the Linux packet-filtering framework. We'll configure a basic iptables setup.

Check iptables installation

  1. Make sure that iptables is installed:
    rpm -q iptables
    iptables is installed by default on CentOS 6 systems. If it's installed, the output shows which version you have. For example:
    iptables-1.4.7-14.el6.x86_64
  2. Check the status of your firewall to see if it's running:
    sudo service iptables status
    The output looks similar to this:
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    The rules are blank because they haven't been set up yet. That's our next step.
  3. But first, let's start iptables.
    sudo service iptables start

Create firewall rules

Define exceptions to your firewall policy so that you can activate your firewall.

  1. Flush, or clear, the existing rules:
    sudo iptables -F
  2. Allow secure shell (SSH) connections. By default, the SSH daemon runs on port 22. So allow inbound and outbound traffic from that port:
    sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    sudo iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
  3. Open the firewall as needed.
    Here are the commands to add some common services and open their respective ports:
    • To run a standard HTTP web server, allow incoming http traffic:
      sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
      sudo iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
    • To run an SSL/TLS-enabled web server, allow for https traffic:
      sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
      sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
    • To enable your SMTP email connection, enable the smtp service:
      sudo iptables -A INPUT -p tcp --sport 25 -j ACCEPT
      sudo iptables -A OUTPUT -p tcp --sport 25 -j ACCEPT

Save and restart your firewall

  1. Review your exceptions by doing one of the following:
    • Run this command with the -L switch to see the domain names of the sources and destinations:
      sudo iptables -L
    • Run the command with an added -n switch to see the IP addresses instead of domains:
      sudo iptables -L -n
  2. If all the rules look correct, save your firewall configuration:
    sudo iptables-save | sudo tee /etc/sysconfig/iptables
  3. Restart your firewall:
    sudo service iptables restart
    This applies your exceptions, blocks all other traffic, and configures your firewall to start automatically at startup.

If you configure additional services later, make sure to open those respective ports.

Configure your system's time zone and NTP

When different computer or server programs with out-of-sync clocks communicate with each other, switching between these systems can cause the time to jump back and forth. This jumping can result in undesirable effects such as email replies appearing to arrive before the original message is sent.

Fortunately, you can solve this problem simply by using Network Time Protocol (NTP) synchronization.

Check your time zone

With your server newly installed, the time zone is taken from /etc/localtime. It is also likely that you need to update usr/share/zoneinfo/.

  1. Check the date and time of your system :
    date
    ls -l /etc/localtime
  2. Optionally, check the time zone from your system's hardware clock:
    sudo less /etc/sysconfig/clock
  3. Close the file to return to the command line.

Update your time zone

  1. Identify your time zone by listing the time zones and then finding yours in the list:
    sudo ls /usr/share/zoneinfo/
  2. Drill down by adding your zone to the directory:
    sudo ls /usr/share/zoneinfo/America
  3. Find the city/area that applies best to you. For this example, we'll set our time to Los Angeles, CA (US).
  4. Open the sysconfig file again:
    sudo vim /etc/sysconfig/clock
  5. Change the ZONE in the file:
    ZONE="America/Los_Angeles"
  6. Save and close the file:
    :wq!
  7. Set the time zone to our local time:
    sudo cp /etc/localtime /root/old.timezone
    sudo rm /etc/localtime
    sudo ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
  8. Verify your settings:
    date
    ls -l /etc/localtime

Configure NTP synchronization

Next, configure your Network Time Protocol (NTP). NTP is an Internet protocol that synchronizes time of computer clocks across the Internet and helps to determine when events happened between systems. A client requests the current time from an NTP server and then uses the server's response to set its own clock. Afterward, your computer is accurately synced with networked time servers.

  1. Install the NTP daemon:
    sudo yum install ntp
  2. Enable NTP:
    sudo chkconfig ntpd on
  3. Synchronize the system clock:
    sudo ntpdate pool.ntp.org
  4. Start NTP:
    sudo /etc/init.d/ntpd start

NTP synchronization is now active on your server. Your system adjusts the time throughout the day to match up with global NTP servers.

Next steps

Your setup is complete! Remember that you can always add on to your configuration as you add more services.

If you like this configuration, you can take a server snapshot to use as a guide for setting up future installations. See Take a Snapshot of Your Server for instructions.

Also, consider adding swap space. Adding swap space is an easy way to increase cloud server performance and is particularly helpful if you host databases on your system.


이 글이 도움되었나요?
피드백을 보내주셔서 감사합니다. 고객 서비스 담당자에게 문의하시려면 지원 전화 번호 또는 위의 채팅 옵션을 이용하시기 바랍니다.
도와드릴 수 있어 기쁩니다! 더 도와 드릴 것이 있나요?
그것 유감스럽습니다. 혼동이 되었던 사항 또는 솔루션이 고객님의 문제를 해결하지 못했던 원인을 알려주세요.