This post is a bit more techy. If that's not something that interests you, sorry...but this is my blog so I get to decide what content is on here. I thought I would write a post detailing the process that I go through when I set up a new linux server (either a remote server or re-installing my Raspberry Pi...which I will actually be doing very soon, probably in less than 6 hours).

First of all, I use debian-based linux distros as it is what I am the most familiar with. I have never used CentOS, Fedora, or Arch. After logging in for the first time, as root, here's what I do:

apt-get update
apt-get upgrade -y
apt-get install build-essential git wget nano ufw dnsutils curl fail2ban logwatch -y
dpkg-reconfigure locales
dpkg-reconfigure tzdata
ufw allow 22/tcp
ufw allow 443/tcp (if I'm going to be setting up a publically accessible web server)
ufw enable

At the minimum, this is the list of software that I make sure are installed. I also setup a firewall as step one of my security procedures. I then setup my non-root user account.

adduser joshua
nano /etc/sudoers
nano /etc/ssh/sshd_config

I give sudo access to the newly created user account. And then part 2 of my security procedures is to lock down ssh. I keep ssh on port ssh, disable root login, and disable password login to login with my ssh key.

Finally, I like to setup a crontab to keep an eye on things with logwatch.

@weekly /usr/sbin/logwatch --output mail --mailto [email protected] --detail high --range '-7 days'

This website and this website have been extremely helpful in helping me setup new servers.


comments powered by Disqus