Last active
March 10, 2016 11:58
-
-
Save pkarunyu/da5e7d5d4062c70b6668 to your computer and use it in GitHub Desktop.
New Ubuntu server setup task list
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Server Tasks | |
| 1. Change root password | |
| 2. Change ssh port (assume to be 4444) | |
| nano /etc/ssh/sshd_config(change port to between 1025 and 65536) | |
| PermitRootLogin no | |
| service ssh restart | |
| ssh -p 4444 demo@SERVER_IP_ADDRESS | |
| 3. Add normal user with sudo privileges | |
| adduser username_here | |
| gpasswd -a username_here sudo | |
| 4. Copy ssh key to remote server | |
| cat ~/.ssh/id_rsa.pub (copy output to clipboard) | |
| ssh-rsa long_string_here_ends_with_email_address | |
| su - username_here | |
| mkdir .ssh | |
| chmod 700 .ssh | |
| nano .ssh/authorized_keys (paste ssh key) | |
| chmod 600 .ssh/authorized_keys | |
| exit | |
| 5. setup firewall | |
| # by default, deny all incoming, allow all outgoing | |
| sudo ufw default deny incoming | |
| sudo ufw default allow outgoing | |
| # allow the new ssh port | |
| sudo ufw allow 4444/tcp | |
| # allow port 80 if webserver | |
| sudo ufw allow 80/tcp | |
| sudo ufw allow 443/tcp | |
| # confirm rules added | |
| sudo ufw show added | |
| # effect the rules | |
| sudo ufw enable | |
| 6. Configure timezones, network time and locale | |
| sudo dpkg-reconfigure tzdata | |
| sudo apt-get update | |
| sudo apt-get install ntp | |
| sudo locale-gen en_US.UTF-8 (or sudo locale-gen UTF-8?) | |
| sudo dpkg-reconfigure locales | |
| edit the file /etc/environment add one line with your LANG, like this LC_ALL="en_US.UTF-8" save and reboot | |
| 7. Create swap file, either same or double the installed RAM | |
| sudo fallocate -l 4G /swapfile | |
| sudo chmod 600 /swapfile | |
| sudo mkswap /swapfile | |
| sudo swapon /swapfile | |
| sudo sh -c 'echo "/swapfile none swap sw 0 0" >> /etc/fstab' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
REPOS
if needed
nano /etc/apt/sources.list
kenya specific (add at the top)
deb http://ubuntu.mirror.ac.ke/ubuntu/ trusty main
deb-src http://ubuntu.mirror.ac.ke/ubuntu/ trusty main
deb http://ubuntu-archive.mirror.liquidtelecom.com/ubuntu/ trusty main
deb-src http://ubuntu-archive.mirror.liquidtelecom.com/ubuntu/ trusty main
generic (add at the top)
deb mirror://mirrors.ubuntu.com/mirrors.txt trusty main restricted universe multiverse
deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-updates main restricted universe multiverse
deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-backports main restricted universe multiverse
deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-security main restricted universe multiverse
locate http://us.archive.ubuntu.com/ubuntu and replace it with http://archive.ubuntu.com/ubuntu
update the server
setup automatic updates
dpkg-reconfigure -plow unattended-upgrades
apt-get update
repo keys
add-apt-repository ppa:nilarimogard/webupd8
apt-get update
apt-get install launchpad-getkeys
apt-get upgrade
apt-get dist-upgrade
clamav antivirus
apt-get install clamav clamav-daemon
freshclam
/etc/init.d/clamav-daemon start
clamav antivirus scan and update
crontab –e
47 * * * * freshclam
00 00 * * * clamscan -r --bell -i /