Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# Update the system's packages
apt-get update
apt-get upgrade
# Set up the `deploy` user
useradd deploy
mkdir /home/deploy
mkdir /home/deploy/.ssh
chmod 700 /home/deploy/.ssh
usermod -s /bin/bash deploy
# Set up ssh key access for `deploy` user
touch /home/deploy/.ssh/authorized_keys
# MANUAL STEP: edit `/home/deploy/.ssh/authorized_keys` to contain the public key you'd like to use for logging `deploy` in" key
chmod 400 /home/deploy/.ssh/authorized_keys
chown deploy:deploy /home/deploy -R
# MANUAL STEP: `passwd deploy` to configure a password for this user
# MANUAL STEP: `visudo` and add these lines:
# root ALL=(ALL) ALL
# %sudo ALL=(ALL:ALL) ALL`
# Add `deploy` to the `sudo` group
usermod -aG sudo deploy
# Configure ssh
vim /etc/ssh/sshd_config
# PermitRootLogin no
# PasswordAuthentication no
# AllowUsers deploy@(your-VPN-or-static-IP)
# AddressFamily inet
# set up a firewall
apt-get install ufw
sudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443
sudo ufw disable
sudo ufw enable
# Auto upgrades
apt-get install unattended-upgrades
vim /etc/apt/apt.conf.d/10periodic
# MANUAL STEP: Update this file to match this:
# APT::Periodic::Update-Package-Lists "1";
# APT::Periodic::Download-Upgradeable-Packages "1";
# APT::Periodic::AutocleanInterval "7";
# APT::Periodic::Unattended-Upgrade "1";
vim /etc/apt/apt.conf.d/50unattended-upgrades
# MANUAL STEP: Update this file to match this:
# fail2ban
apt-get install fail2ban
# 2-factor auth
apt-get install libpam-google-authenticator
su deploy
google-authenticator
# Logwatch
apt-get install logwatch
# Node
curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -
sudo apt-get install -y nodejs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment