rawcool
07-24-2005, 03:59
1. Change admin & root passwords
Login as Admin
Type: /usr/bin/passwd then set your new password at the prompts
Login as Root (su -)
Type: /usr/bin/passwd then set your new password at the prompts
2. Install Pine if Pico doesn’t exist on your server If you don’t know how to use Pico check this link http://www.dedicated-resources.com/guide/21/How-To-Use-Pico.html. If you prefer to use VI ignore step 2.
Check for Pine:
Type: rpm -q pine
If it says package pine is not installed continue to get & install Pine
Get Pine:
Type: wget ftp://ftp.cac.washington.edu/pine/pine-4.61-1.i386.rpm
Install Pine:
Type: rpm -ivh pine-4.61-1.i386.rpm
3. Upgrade SSH if needed
To see SSH version installed (as root)
Type: rpm -qa openssh
See comments under 7. Update RPMs regarding downloading upgrades from RedHat
4. Disable direct root login
Type: pico -w /etc/ssh/sshd_config
***Disable Firewall if you have one installed.***
Edit #Port: uncomment Port 22 and change it to a different port: preferably one over 10000. Make sure you make note what this port is. because you'll need it to access your server.
Edit #Protocol 2, 1: uncomment and change it to Protocol 2
Edit #PermitRootLogin yes : uncomment and change it to PermitRootLogin no
Save and exit
Type: /etc/rc.d/init.d/sshd restart to restart ssh
5. Disable Telnet if it is not already; It should already be off but make sure just the same.(Please make sure you are logged in via SSH)
Type: pico -w /etc/xinetd.d/telnet
change disable to YES
Save and Exit
Type: /etc/init.d/xinetd restart
6. Setup the server to send an email everytime someone logs into root
Type: cd /root
Type: pico .bash_profile
At the end add: echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" offsite@emailaddress.com
**you can add multiple emails just leave a space between each email. Make sure the whole thing is on ONE line or it comes out looking strange**
7. Update RPMs
Configure up2date, edit the file /etc/sysconfig/rhn/up2date and change the following line:
pkgSkipList=kernel*;to pkgSkipList=kernel*;*psa*;*spam*;*perl-Mail-Spam*;
Run up2date, and update the rpm packages.
8. Setup Hostname
Make sure that your hostname resolves to the server before you do this:
Type pico -w /etc/hosts.
You should see two lines:
127.0.0.1 localhost.localdomain localhost
xxx.xx.xxx.xx hostname.server.com hostname
or it may be on 1 line.
127.0.0.1 localhost.localdomain localhost xxx.xx.xxx.xx hostname.server.com hostname
All you need to do is to move the line to the second line, if you have to do this just start at where the server ip begins and hit return that should drop it on the next line.
Then change the info on the second line with your ip and hostname information.
Reboot the server, and your changes will be picked up by plesk.
9. Log Into Plesk.
Log Into Plesk : https://ip.address:8443.
It will ask you to change the admin password
Change the password, and log in.
Click on the server tab and under services, click on updater.
Select your release name and go down the package list to see if anything needs updating.
Update any package that needs to be updated.
You can begin adding domains.
Then all that is left is for you to set up a firewall.
Login as Admin
Type: /usr/bin/passwd then set your new password at the prompts
Login as Root (su -)
Type: /usr/bin/passwd then set your new password at the prompts
2. Install Pine if Pico doesn’t exist on your server If you don’t know how to use Pico check this link http://www.dedicated-resources.com/guide/21/How-To-Use-Pico.html. If you prefer to use VI ignore step 2.
Check for Pine:
Type: rpm -q pine
If it says package pine is not installed continue to get & install Pine
Get Pine:
Type: wget ftp://ftp.cac.washington.edu/pine/pine-4.61-1.i386.rpm
Install Pine:
Type: rpm -ivh pine-4.61-1.i386.rpm
3. Upgrade SSH if needed
To see SSH version installed (as root)
Type: rpm -qa openssh
See comments under 7. Update RPMs regarding downloading upgrades from RedHat
4. Disable direct root login
Type: pico -w /etc/ssh/sshd_config
***Disable Firewall if you have one installed.***
Edit #Port: uncomment Port 22 and change it to a different port: preferably one over 10000. Make sure you make note what this port is. because you'll need it to access your server.
Edit #Protocol 2, 1: uncomment and change it to Protocol 2
Edit #PermitRootLogin yes : uncomment and change it to PermitRootLogin no
Save and exit
Type: /etc/rc.d/init.d/sshd restart to restart ssh
5. Disable Telnet if it is not already; It should already be off but make sure just the same.(Please make sure you are logged in via SSH)
Type: pico -w /etc/xinetd.d/telnet
change disable to YES
Save and Exit
Type: /etc/init.d/xinetd restart
6. Setup the server to send an email everytime someone logs into root
Type: cd /root
Type: pico .bash_profile
At the end add: echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" offsite@emailaddress.com
**you can add multiple emails just leave a space between each email. Make sure the whole thing is on ONE line or it comes out looking strange**
7. Update RPMs
Configure up2date, edit the file /etc/sysconfig/rhn/up2date and change the following line:
pkgSkipList=kernel*;to pkgSkipList=kernel*;*psa*;*spam*;*perl-Mail-Spam*;
Run up2date, and update the rpm packages.
8. Setup Hostname
Make sure that your hostname resolves to the server before you do this:
Type pico -w /etc/hosts.
You should see two lines:
127.0.0.1 localhost.localdomain localhost
xxx.xx.xxx.xx hostname.server.com hostname
or it may be on 1 line.
127.0.0.1 localhost.localdomain localhost xxx.xx.xxx.xx hostname.server.com hostname
All you need to do is to move the line to the second line, if you have to do this just start at where the server ip begins and hit return that should drop it on the next line.
Then change the info on the second line with your ip and hostname information.
Reboot the server, and your changes will be picked up by plesk.
9. Log Into Plesk.
Log Into Plesk : https://ip.address:8443.
It will ask you to change the admin password
Change the password, and log in.
Click on the server tab and under services, click on updater.
Select your release name and go down the package list to see if anything needs updating.
Update any package that needs to be updated.
You can begin adding domains.
Then all that is left is for you to set up a firewall.