[LINUX] Security settings required after launching an EC2 instance

After logging in to EC2 with SSH, we will summarize the minimum required settings.

User settings

Add user, set password

#Add user and set password
sudo useradd hogehoge
sudo passwd hogehoge

Add to wheel group

Check the created user's directory

#Add to wheel group
sudo usermod -aG wheel hogehoge

#Confirmation of users belonging to wheel
less /etc/group | grep wheel

Public key setting

#Public key copy and permission settings
sudo cp -R ~/.ssh/ /home/hogehoge/.ssh
sudo chown -R hogehoge:hogehoge /home/hogehoge/.ssh
sudo chmod -R go-rwx /home/hogehoge/.ssh

SSH settings

Prohibit ssh directly to ec2-user

sudo echo "DenyUsers ec2-user" >> /etc/ssh/sshd_config
sudo systemctl restart sshd

Change SSH port

sudo vi /etc/ssh/sshd_config

#Fixed default Listen Port
# Port 22
Port 12345

Restart sshd

sudo systemctl restart sshd

** * Please open the specified port in AWS Security Group **

Security patch autorun settings

There are pros and cons, but set up to run yum update on a regular basis.

sudo yum install yum-cron

#Backup of configuration file
sudo cp /etc/yum/yum-cron.conf /etc/yum/yum-cron.conf.backup

#Rewrite with sed command
sudo sed -i "s/^update_cmd.*$/update_cmd = security/g" /etc/yum/yum-cron.conf
sudo sed -i "s/^apply_updates.*$/apply_updates = yes/g" /etc/yum/yum-cron.conf

# yum-Settings for cron startup and automatic startup
#Start-up
sudo systemctl start yum-cron

#Auto start settings
sudo systemctl enable yum-cron

#Check status
systemctl status yum-cron

Change time zone

timedatectl status
sudo timedatectl set-timezone Asia/Tokyo

Recommended Posts

Security settings required after launching an EC2 instance
Creating an AWS EC2 EC2 Instance (Amazon Linux AMI) 2
How to terminate an AWS EC2 instance (remove security G and delete key pair)
code-server online environment (3) Launch an EC2 instance with Boto3
Deployment procedure on AWS (2) Server (EC2 instance) environment settings