Introduction

Securing stock CentOS

Setup AWS Security Groups

Setup CentOS 7.4

CMSMS Tweaks

Setting up AWS Security Groups

We need to setup a Security Group in the AWS console. Create a new security group with the following ports open to all sources (0.0.0.0/0):

  • HTTP 80
  • HTTPS 443
  • DNS (UDP) 53
  • DNS (TCP) 53

If you intend to send and receive email also add the following:

  • POP3 110
  • POP3S 995
  • IMAP 143
  • IMAPS 993
  • SMTP 25
  • SMTPS 465

You may want to limit access to the following ports to only those IPs who need to access the admin panel.

  • Custom TCP 10000 - 10009
  • Custom TCP 20000

You will also need to allow access to port 22 for SSH access, although it is not a good idea to open this to everyone. Instead, limit access to your own IP address.

Once you have created the Security Group apply it to the instance.