CentOS 7 is a widely used operating system for servers, and security is of utmost importance when it comes to server environments. One way to ensure the security of your CentOS 7 system is by using firewall and SELinux policies. In this blog, we will go through the steps required to secure your CentOS 7 system using firewall and SELinux policies.
Install the firewall
The first step is to install the firewall. CentOS 7 comes with a built-in firewall called Firewalld. If Firewalld is not already installed on your system, you can install it by running the following command:
sudo yum install firewalld
Start and enable the firewall
Once you have installed the firewall, you need to start and enable it. You can start the firewall using the following command:
sudo systemctl start firewalld
To enable the firewall to start automatically at boot time, run the following command:
sudo systemctl enable firewalld
Configure the firewall
The next step is to configure the firewall. By default, the firewall blocks all incoming traffic, except for a few services like SSH. You can allow incoming traffic for specific services by adding firewall rules.
For example, to allow incoming traffic for SSH, run the following command:
sudo firewall-cmd --add-service=ssh --permanent
This command adds a rule to the firewall configuration file to allow incoming traffic for the SSH service.
You can also allow incoming traffic for specific IP addresses or ranges by running the following command:
sudo firewall-cmd --add-source=192.168.1.0/24 --permanent
This command adds a rule to allow incoming traffic from the IP range 192.168.1.0/24.
After adding firewall rules, you need to reload the firewall configuration for the changes to take effect. You can do this by running the following command:
sudo firewall-cmd --reload
SELinux is a mandatory access control system that provides an additional layer of security to your CentOS 7 system. To install SELinux, run the following command:
sudo yum install selinux-policy
Once you have installed SELinux, you need to enable it. You can enable SELinux by running the following command:
sudo setenforce 1
This command enables SELinux in enforcing mode.
Configure SELinux policies
The next step is to configure SELinux policies. By default, SELinux policies are in permissive mode, which means that SELinux will log policy violations but will not enforce them. You can configure SELinux policies by running the following command:
sudo setsebool -P httpd_can_network_connect 1
This command allows the Apache HTTP server to connect to the network.
You can also view the SELinux policies by running the following command:
sudo semanage port -l
This command displays the SELinux policies for ports.
- Test the firewall and SELinux policies:
After configuring the firewall and SELinux policies, you should test them to ensure that they are working correctly. You can test the firewall by trying to connect to your server from a remote system using SSH or any other allowed service.
You can test SELinux policies by running applications that require network access, such as a web server or a database server. If SELinux policies are not configured correctly, these applications may not work as expected.
In conclusion, securing your CentOS 7 system with firewall and SELinux policies is an essential step in ensuring the security of your server environment. By following the steps outlined above, you can configure your firewall and SELinux policies to provide an additional layer of security to your CentOS 7 system.