In this article, we want to teach you the Initial server setup with Rocky Linux 9.
Rocky Linux is an open-source enterprise operating system designed to be 100% bug-for-bug compatible with Red Hat Enterprise Linux. It is under intensive development by the community.
Initial Server Setup with Rocky Linux 9
To start your server setup with Rocky Linux 9 you need to log in as a root user. Then, update the packages.
How to Update Rocky Linux 9 software
You can update the software repositories, system security patches, and all packages on the Rocky Linux server with the following command:
dnf update
When you have finished updating, you can release disk space by deleting all downloaded software packages with all cached repositories information on Rocky Linux 9 with the following command:
dnf clean all
Now you can install some utilities that are most useful.
“curl” and “wget” are used for downloading packages over the network mostly. nano, vi, and vim are text editors. “net-tools” manage local networking. “lsof” finds the list of open files by the process. And the “bash-completion” command line autocomplete.
Run the following command on Rocky Linux 9 to install them:
dnf install nano vim wget curl net-tools lsof bash-completion
Set up Hostname and networking on Rocky Linux 9 server
You can configure and manage network configurations such as setting network hostname and configuring static IP addresses using the “nmtui” graphical command-line utility.
Run the following command to set your hostname on Rocky Linux 9 server:
nmtui-hostname
It should be similar to this:
When you are done press ok to finish.
Set the static IP address on Rocky Linux 9
You can configure a network interface by following these steps. First, run the command below on Rocky Linux 9 server:
nmtui-edit
You would see:
Here you can click on the Edit button to set up the network interface IP settings. you will see:
Now to save your configuration edit find ‘OK’ by using the ‘tab’ key and quit.
When you are finished with your network configuration, you need to apply the new settings. To do this run the following command:
nmtui-connect
Here select the interface you want to manage and press the Deactivate/Active option to decommission and bring up the interface with the IP settings.
Now you can check the content of the interface file with the following commands:
ifconfig eth0
ip a
Also, you can use these two utilities to check the speed of your network interface and get formation from them.
# ethtool eth0 # mii-tool eth0
Note: You can list all open network sockets, and list all files that are opened by processes with the following commands:
# netstat -tulpn # ss -tulpn # lsof -i4 -6
Create a new user on Rocky Linux 9 server
You can create a new user on Rocky Linux 9 server with the following command:
For example, we add a user named olivia, you can choose your own name.
useradd olivia
Now set a password for your user with the following command:
passwd olivia
Output
Changing password for user olivia.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
At this point, you need to give your user the sudo privileges. In Rocky Linux users that are in the “wheel” group can run sudo commands. To do this, run the following command:
usermod -aG wheel olivia
To check that the user has access to root privileges run the commands below:
su - olivia sudo dnf update
Output [[email protected] ~]$ sudo dnf update We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for olivia: Last metadata expiration check: 0:07:18 ago on Sat 15 Oct 2022 05:16:01 AM EDT. Dependencies resolved. Nothing to do. Complete!
After you run the command you need to enter your password to execute your command.
Set up SSH passwordless login on Rocky Linux 9
Here you can set up an SSH-passwordless authentication for your new user by generating an SSH key pair. This will increase your Rocky Linux 9 server security.
Run the following commands:
su - olivia ssh-keygen -t RSA
Your output should similar to this:
Output [[email protected] ~]$ ssh-keygen -t RSA Generating public/private RSA key pair. Enter file in which to save the key (/home/olivia/.ssh/id_rsa): Created directory '/home/olivia/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/olivia/.ssh/id_rsa Your public key has been saved in /home/olivia/.ssh/id_rsa.pub The key fingerprint is: SHA256:NFaInEVRlw4elUcNFVdWD79LROfc01g7epBYV3jVO30 [email protected] The key's randomart image is: +---[RSA 3072]----+ | . =++o.o=+O^| | + ..o.= *[email protected]| | +. = +.*X| | o .. . +oE| | S . +o| | o .| | . | | | | | +----[SHA256]-----+
When you generate your keys you will be asked for a passphrase you can enter a strong password or press enter to leave it blank.
When your keys are generated you need to copy the generated public key pair to a remote server. Run the following command:
ssh-copy-id username@ip-address
Note: Replace the username and IP address of the remote server in the above command.
Here you should be able to log in automatically without the SSH server asking for a password.
Secure SSH remote logins on Rocky Linux 9
For more security, you can disable remote SSH access to the root account in the SSH configuration file. Open the file with your favorite text editor, here we use vi text editor:
vi /etc/ssh/sshd_config
When you get into your file, find the PermitRootLogin line and uncomment the line by removing the ‘#’ from the beginning of the line. And modify the line to No:
PermitRootLogin no
To apply the new changes restart the SSH on Rocky Linux 9 server with the following command:
systemctl restart sshd
At this point when you try to log in as a root user, you will get an access SSH Permission Denied error.
Set up a Firewall on Rocky Linux 9
In the Rocky Linux 9 server, the default firewall is firewalld. To install, enable and start the service run the following commands:
# dnf install firewalld -y # systemctl enable firewalld # systemctl start firewalld
To check that your service is active and running run the following command:
systemctl status firewalld
In your output you should see:
Output firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor p> Active: active (running) ...
Now you can open an incoming connection to a specific service like SSH.
First of all, you need to verify that the service is present in the firewalld rules. Then, add the rule for the service by adding --permanent switch to commands.
firewall-cmd --add-service=ssh firewall-cmd --add-service=ssh --permanent
Output [[email protected] ~]$ sudo firewall-cmd --add-service=ssh Warning: ALREADY_ENABLED: 'ssh' already in 'public' success [[email protected] ~]$ sudo firewall-cmd --add-service=ssh --permanent Warning: ALREADY_ENABLED: ssh success
You can do this for other services like HTTP and SMTP:
firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --permanent --add-service=smtp
Also, you can list all firewall rules on Rocky Linux 9 with the following command:
firewall-cmd --permanent --list-all
when you are done with these you can remove unwanted services too. Let’s see how it works.
How to remove unwanted services on Rocky Linux 9
After you installed your fresh Rocky Linux 9 server, it is suggested to remove and disable unwanted services that are running by default on your server for more security and reduce the attacks.
You can use the following commands to list all network services (TCP/UDP) on the server:
# ss -tulpn # netstat -tulpn
When you see your running services you may want to stop and remove a service that you don’t want it. For example, we want to remove the Postfix mail server. To do this, run the following commands.
To stop the service use:
systemctl stop postfix
Disable the service with:
systemctl disable postfix
Then, remove it with the following command:
dnf remove postfix
Also, you can use top and ps commands to find and recognize all unwanted services and remove them from the system.
you should install the psmic first:
dnf install psmisc
Then run the following command:
ps -p
How to manage services on the Rocky Linux 9 server
At this point, we want to teach you some basic information about the management process on Rocky Linux 9.
You can list all active, running, exited, or failed services with the following command:
systemctl list-units
To check if a service is automatically enabled during the system starts, run the following command:
systemctl list-unit-files -t service
To start a service you can use:
systemctl start service
You can stop it with:
systemctl stop service
To stop and start the service again run the following command:
systemctl restart service
If you have made changes to your service you need to reload it. You can use the following command for this:
systemctl reload service
Also, you can check whether the service is active or not with the following command:
systemctl status service
Conclusion
At this point, you learn how to log in to your server, create a new user with Sudo privileges, set up SSH passwordless login, and set up a basic firewall on Rocky Linux 9.
Hope you enjoy this article about the Initial server setup with Rocky Linux 9.