CentOS, a popular Linux distribution, has a strong focus on security. While CentOS inherits its core from Red Hat Enterprise Linux (RHEL), it benefits from enterprise-level security features and best practices. Below are some important security aspects and practices for CentOS:
getenforce # Check the current SELinux status
setenforce 1 # Set enforcing mode
/etc/selinux/config.yum-cron to enable automatic updates:yum install yum-cron
systemctl enable --now yum-cron
/etc/yum/yum-cron.conf to configure automatic updates for security patches.yum install audit
systemctl start auditd
auditctl -w /etc/passwd -p wa # Watch for changes to the /etc/passwd file
/etc/security/pwquality.conf file.minlen = 12
minclass = 3 # Require different character classes
systemctl list-unit-files --type=service
systemctl disable telnet
yum install openscap-scanner scap-security-guide
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml
yum install aide
aide --init # Initialize the database
aide --check # Perform a file integrity check
ssh-keygen -t rsa -b 4096 # Generate a strong key pair
/etc/ssh/sshd_config and set:PermitRootLogin no
/etc/ssh/sshd_config:Port 2222 # or another port
systemctl start firewalld # Start the firewall
firewall-cmd --add-service=http # Allow HTTP
firewall-cmd --reload # Apply changes