TickYouOff
Sign in
Back
🐧

Linux Server Setup

Hard 19 items · 1 hour
testuser's avatar
testuser Published 2 weeks ago
Technical

A practical step-by-step checklist for setting up a fresh Linux VPS. Perfect for developers, sysadmins, or anyone deploying a new Ubuntu/Debian server who wants secure defaults and basic hardening.

Progress
0 / 19
  1. Log in as root via SSH — SSH to the server using its IP: ssh root@SERVER_IP (or use provided console access).
  2. Change the root password — Run passwd to set a strong, unique root password or rely on keys.
  3. Update package list and upgrade installed packages — Run apt update && apt upgrade -y to apply latest security fixes.
  4. Create a new sudo user — Use adduser username to create an account for daily admin tasks.
  5. Set a strong password for the new user — Choose a long, unique password or rely on SSH keys for the account.
  6. Add the new user to the sudo group — Run usermod -aG sudo username so the account can use sudo.
  7. Set up SSH key authentication for the new user — Add your public key to /home/username/.ssh/authorized_keys with correct permissions.
  8. Verify SSH key login as the new user — Test ssh username@SERVER_IP -i ~/.ssh/id_rsa and confirm shell access.
  9. Disable root SSH login and password authentication — Edit /etc/ssh/sshd_config: set PermitRootLogin no and PasswordAuthentication no; reload sshd.
  10. Configure UFW firewall — Use UFW to limit inbound access to only required services.
  11. Allow OpenSSH through UFW — Run ufw allow OpenSSH before enabling the firewall to avoid lockout.
  12. Allow HTTP and HTTPS through UFW — Run ufw allow 80/tcp and ufw allow 443/tcp for web services.
  13. Enable UFW and verify status — Run ufw enable then ufw status verbose to confirm rules.
  14. Install and enable fail2ban — apt install fail2ban; enable and start the service to ban repeated login failures.
  15. Set timezone and locale — Use timedatectl set-timezone REGION and configure locale for correct logs.
  16. Enable unattended security upgrades — Install unattended-upgrades and configure automatic security updates.
  17. Create a swapfile — Add swap if the VM lacks it or needs more virtual RAM.
  18. Allocate and secure the swapfile — fallocate -l 1G /swapfile; chmod 600 /swapfile (adjust size as needed).
  19. Make the file swap, enable it, and add to fstab — Run mkswap, swapon and add an fstab entry; optionally set vm.swappiness.
Sign in to save
📝 My Notes