🎩 CentOS/RHEL Server Setup

# Update all packages
sudo dnf update -y
 
# Install essential tools
sudo dnf install -y curl wget git vim htop epel-release
 
# Enable PowerTools/CRB repo (for additional packages)
sudo dnf config-manager --set-enabled crb  # Rocky/Alma 9
# or
sudo dnf config-manager --set-enabled powertools  # CentOS Stream 8

# Create user
sudo useradd -m admin
 
# Set password
sudo passwd admin
 
# Add to wheel group (sudo)
sudo usermod -aG wheel admin

# Edit SSH config
sudo vim /etc/ssh/sshd_config

PermitRootLogin no
PasswordAuthentication no
Port 2222

sudo systemctl restart sshd

# Start and enable
sudo systemctl enable firewalld
sudo systemctl start firewalld
 
# Allow SSH (custom port)
sudo firewall-cmd --permanent --add-port=2222/tcp
 
# Allow HTTP/HTTPS
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
 
# Reload rules
sudo firewall-cmd --reload
 
# Check status
sudo firewall-cmd --list-all

# Check status
getenforce
 
# Temporarily set to permissive (for troubleshooting)
sudo setenforce 0
 
# Edit permanent config
sudo vim /etc/selinux/config
# SELINUX=enforcing (recommended for production)

sudo semanage port -a -t ssh_port_t -p tcp 2222

# Enable EPEL repo
sudo dnf install epel-release
 
# Install
sudo dnf install fail2ban
 
# Create local config
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
 
# Configure
sudo vim /etc/fail2ban/jail.local

[sshd]
enabled = true
port = 2222
bantime = 3600
maxretry = 3

# Start
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

# Install
sudo dnf install dnf-automatic
 
# Configure
sudo vim /etc/dnf/automatic.conf

[commands]
apply_updates = yes

# Enable timer
sudo systemctl enable --now dnf-automatic.timer