Initial Server Setup with Rocky Linux 9

In this article, we want to teach you the Initial server setup with Rocky Linux 9.

Rocky Linux is an open-source enterprise operating system designed to be 100% bug-for-bug compatible with Red Hat Enterprise Linux. It is under intensive development by the community.

Initial Server Setup with Rocky Linux 9

To start your server setup with Rocky Linux 9 you need to log in as a root user. Then, update the packages.

How to Update Rocky Linux 9 software

You can update the software repositories, system security patches, and all packages on the Rocky Linux server with the following command:

dnf update

When you have finished updating, you can release disk space by deleting all downloaded software packages with all cached repositories information on Rocky Linux 9 with the following command:

dnf clean all

Now you can install some utilities that are most useful.

“curl” and “wget” are used for downloading packages over the network mostly. nano, vi, and vim are text editors. “net-tools” manage local networking. “lsof” finds the list of open files by the process. And the “bash-completion” command line autocomplete.

Run the following command on Rocky Linux 9 to install them:

dnf install nano vim wget curl net-tools lsof bash-completion

Set up Hostname and networking on Rocky Linux 9 server

You can configure and manage network configurations such as setting network hostname and configuring static IP addresses using the “nmtui” graphical command-line utility.

Run the following command to set your hostname on Rocky Linux 9 server:

nmtui-hostname

It should be similar to this:

When you are done press ok to finish.

Set the static IP address on Rocky Linux 9

You can configure a network interface by following these steps. First, run the command below on Rocky Linux 9 server:

nmtui-edit

You would see:

Here you can click on the Edit button to set up the network interface IP settings. you will see:

Now to save your configuration edit find ‘OK’ by using the ‘tab’ key and quit.

When you are finished with your network configuration, you need to apply the new settings. To do this run the following command:

nmtui-connect

Here select the interface you want to manage and press the Deactivate/Active option to decommission and bring up the interface with the IP settings.

Now you can check the content of the interface file with the following commands:

ifconfig eth0

ip a

Also, you can use these two utilities to check the speed of your network interface and get formation from them.

# ethtool eth0
# mii-tool eth0

Note: You can list all open network sockets, and list all files that are opened by processes with the following commands:

# netstat -tulpn
# ss -tulpn
# lsof -i4 -6

Create a new user on Rocky Linux 9 server

You can create a new user on Rocky Linux 9 server with the following command:

For example, we add a user named olivia, you can choose your own name.

useradd olivia

Now set a password for your user with the following command:

passwd olivia

Output
Changing password for user olivia.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

At this point, you need to give your user the sudo privileges. In Rocky Linux users that are in the “wheel” group can run sudo commands. To do this, run the following command:

usermod -aG wheel olivia

To check that the user has access to root privileges run the commands below:

su - olivia
sudo dnf update

Output
[olivia@BlueOnyx-Orcacore ~]$ sudo dnf update

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for olivia:
Last metadata expiration check: 0:07:18 ago on Sat 15 Oct 2022 05:16:01 AM EDT.
Dependencies resolved.
Nothing to do.
Complete!

After you run the command you need to enter your password to execute your command.

Set up SSH passwordless login on Rocky Linux 9

Here you can set up an SSH-passwordless authentication for your new user by generating an SSH key pair. This will increase your Rocky Linux 9 server security.

Run the following commands:

su - olivia
ssh-keygen -t RSA

Your output should similar to this:

Output
[olivia@BlueOnyx-Orcacore ~]$ ssh-keygen -t RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/home/olivia/.ssh/id_rsa):
Created directory '/home/olivia/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/olivia/.ssh/id_rsa
Your public key has been saved in /home/olivia/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:NFaInEVRlw4elUcNFVdWD79LROfc01g7epBYV3jVO30 olivia@BlueOnyx-Orcacore
The key's randomart image is:
+---[RSA 3072]----+
|     . =++o.o=+O^|
|      + ..o.= *O@|
|        +. = +.*X|
|       o .. . +oE|
|        S    . +o|
|              o .|
|               . |
|                 |
|                 |
+----[SHA256]-----+

When you generate your keys you will be asked for a passphrase you can enter a strong password or press enter to leave it blank.

When your keys are generated you need to copy the generated public key pair to a remote server. Run the following command:

ssh-copy-id username@ip-address

Note: Replace the username and IP address of the remote server in the above command.

Here you should be able to log in automatically without the SSH server asking for a password.

Secure SSH remote logins on Rocky Linux 9

For more security, you can disable remote SSH access to the root account in the SSH configuration file. Open the file with your favorite text editor, here we use vi text editor:

vi /etc/ssh/sshd_config

When you get into your file, find the PermitRootLogin line and uncomment the line by removing the ‘#’ from the beginning of the line. And modify the line to No:

PermitRootLogin no

To apply the new changes restart the SSH on Rocky Linux 9 server with the following command:

systemctl restart sshd

At this point when you try to log in as a root user, you will get an access SSH Permission Denied error.

Set up a Firewall on Rocky Linux 9

In the Rocky Linux 9 server, the default firewall is firewalld. To install, enable and start the service run the following commands:

# dnf install firewalld -y
# systemctl enable firewalld
# systemctl start firewalld

To check that your service is active and running run the following command:

systemctl status firewalld

In your output you should see:

Output
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor p>
   Active: active (running) 
...

Now you can open an incoming connection to a specific service like SSH.

First of all, you need to verify that the service is present in the firewalld rules. Then, add the rule for the service by adding --permanent switch to commands.

firewall-cmd --add-service=ssh
firewall-cmd --add-service=ssh --permanent

Output
[olivia@BlueOnyx-Orcacore ~]$ sudo firewall-cmd --add-service=ssh
Warning: ALREADY_ENABLED: 'ssh' already in 'public'
success
[olivia@BlueOnyx-Orcacore ~]$ sudo firewall-cmd --add-service=ssh --permanent
Warning: ALREADY_ENABLED: ssh
success

You can do this for other services like HTTP and SMTP:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=smtp

Also, you can list all firewall rules on Rocky Linux 9 with the following command:

firewall-cmd --permanent --list-all

when you are done with these you can remove unwanted services too. Let’s see how it works.

How to remove unwanted services on Rocky Linux 9

After you installed your fresh Rocky Linux 9 server, it is suggested to remove and disable unwanted services that are running by default on your server for more security and reduce the attacks.

You can use the following commands to list all network services (TCP/UDP) on the server:

# ss -tulpn
# netstat -tulpn

When you see your running services you may want to stop and remove a service that you don’t want it. For example, we want to remove the Postfix mail server. To do this, run the following commands.

To stop the service use:

systemctl stop postfix

Disable the service with:

systemctl disable postfix

Then, remove it with the following command:

dnf remove postfix

Also, you can use top and ps commands to find and recognize all unwanted services and remove them from the system.

you should install the psmic first:

dnf install psmisc

Then run the following command:

ps -p

How to manage services on the Rocky Linux 9 server

At this point, we want to teach you some basic information about the management process on Rocky Linux 9.

You can list all active, running, exited, or failed services with the following command:

systemctl list-units

To check if a service is automatically enabled during the system starts, run the following command:

systemctl list-unit-files -t service

To start a service you can use:

systemctl start service

You can stop it with:

systemctl stop service

To stop and start the service again run the following command:

systemctl restart service

If you have made changes to your service you need to reload it. You can use the following command for this:

systemctl reload service

Also, you can check whether the service is active or not with the following command:

systemctl status service

Conclusion

At this point, you learn how to log in to your server, create a new user with Sudo privileges, set up SSH passwordless login, and set up a basic firewall on Rocky Linux 9.

Hope you enjoy this article about the Initial server setup with Rocky Linux 9.