CentOS, Dedicated Server, VPS

Basic Server Setup

No matter how new your server or vps is, it is outdated and running old software.  While I am not the best, nor do I know everything this is a base of what I do when I get a new box online.

Again assuming you can SSH into the box.

yum -y install nano
yum -y install yum-priorities
wget http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm –import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.3.6-1.el5.rf.*.rpm
rpm -i rpmforge-release-0.3.6-1.el5.rf.*.rpm
wget http://dag.linux.iastate.edu/dag/RPM-GPG-KEY.dag.txt
rpm –import RPM-GPG-KEY.dag.txt

nano /etc/yum.repos.d/dag.repo

name=Dag RPM Repository for Red Hat Enterprise Linux

Save and Exit

yum -y install perl-libwww-perl
yum -y update

chkconfig cups off
chkconfig pcmcia off
chkconfig kudzu off
chkconfig isdn off
chkconfig xfs off
chkconfig atd off
chkconfig nfslock off
chkconfig canna off
chkconfig FreeWnn off
chkconfig cups-config-daemon off
chkconfig iiim off
chkconfig mDNSResponder off
chkconfig nifd off
chkconfig rpcidmapd off
chkconfig bluetooth off
chkconfig anacron off
chkconfig gpm off
chkconfig saslauthd off
chkconfig avahi-daemon off
chkconfig avahi-dnsconfd off
chkconfig hidd off
chkconfig pcscd off
chkconfig sbadm off
chkconfig ossec off
chkconfig acpid off
chkconfig dhcpd off
chkconfig firstboot off

mkdir /root/source
cd /root/source
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

nano /etc/csf/csf.conf

Change TESTING=”1″ to TESTING=”0″

TCP_IN = “20,21,22,25,26,37,43,53,80,106,110,113,143,443,465,587,873,990,993,995,1129,2077,2078,2082,2083,2086,2087,2095,2096,3306,5224,5432,7777,7778,8443,8880,8888,8889,9080,10000,30000:35000”
TCP_OUT = “20,21,22,25,26,37,43,53,80,106,110,113,143,443,465,587,873,990,993,995,1129,2077,2078,2082,2083,2086,2087,2095,2096,3306,5224,5432,7777,7778,8443,8880,8888,8889,9080,10000”
UDP_IN = “20,21,53,953”
UDP_OUT = “20,21,53,113,123,953,33434:33523”

service csf restart
service lfd restart


. Add Passive Port range 30000-350000 to your Pureftp or Proftp configuration file
(i) Pureftpd
open /etc/pure-ftpd.conf, and this line
PassivePortRange    30000 35000
(ii) ProFTP
Open /etc/proftpd.conf, and add this line
PassivePorts    30000 35000

Now there are many other things you can do, root kit hunters and log rotators and more. However depending on your needs this alone will get you off to a good start.

Leave a Reply