https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers
$ sudo nano /etc/apt/sources.list
// add this to file to
$ deb http://ftp.debian.org/debian jessie main
$ deb-src http://ftp.debian.org/debian jessie main
$ deb http://ftp.debian.org/debian jessie-updates main
$ deb-src http://ftp.debian.org/debian jessie-updates main- ip command: It is used to show or manipulate routing, devices, policy routing and tunnels.
- netstat command: It is used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
- ifconfig command: It is used to display or configure a network interface.
$ ip link show
- lo: Loopback interface.
- eth0: First Ethernet network interface.
- wlan0: First Wireless network interface.
- ppp0: First Point to Point Protocol network interface which can be used by dial up modem, PPTP vpn connection, or 3G wireless USB modem./li>
- vboxnet0, vmnet1, vmnet8: Virtual machine interface working in bridge mode or NAT mode.
$ netstat -i
$ apt install sudo -y
$ adduser yourusername
$ usermod -aG sudo yourusername
// check if sudo is listed @
$ visudo
$ deb http://packages.dotdeb.org jessie all
$ deb-src http://packages.dotdeb.org jessie all
$ deb http://www.deb-multimedia.org/ wheezy main non-free
// or you can use
$ deb http://www.deb-multimedia.org jessie main non-free
$ deb-src http://www.deb-multimedia.org jessie main non-free
$ apt-get install deb-multimedia-keyring
- Reference https://www.cyberciti.biz/faq/howto-install-setup-nginx-on-debian-linux-9
- Setup Nginx
- HTTPS
$ sudo apt-get install nginx
$ ps aux | grep nginx
$ pgrep nginx
// Use the netstat command as follows to verify that port 80 is open
$ netstat -tulpn | grep :80
// To enable Nginx on boot run the following systemctl command
$ sudo systemctl enable nginx
// Restart Nginx
$ sudo systemctl restart nginx
// Stop nginx server command
$ sudo systemctl stop nginx
// Start nginx server command
$ sudo systemctl start nginx
// Find status of nginx server command
$ sudo systemctl status nginx
// Or find your public IP address using the ip command/ifconfig command
$ ip a
$ ifconfig eth0
// Configure Nginx web server
// By default all HTML/css/images files are stored in /var/www/html/ directory.
// This is known as the root of your web server. It is defined in /etc/nginx/sites-enabled/default config file.
// You can edit it with either vim command/nano command
$ sudo nano /etc/nginx/sites-enabled/default
// Header underscore add
underscores_in_headers on;
// The /etc/nginx/nginx.conf is your main nginx config file and /etc/nginx/sites-enabled/default is default config file.
$ sudo nano /etc/nginx/nginx.conf
// Creating your own config file
// First create a user named cbzwww for www.cyberciti.biz domain using the useradd command
$ sudo useradd -c "cyberciti.biz user" -d /home/nginx-www.cyberciti.biz -s /usr/sbin/nologin -m cbzwww
// To lock the password for the cbzwww account, enter:
$ sudo passwd -l cbzwww
// Verify it
$ ls -l /home/
// To create a Virtual Hosts named www.cyberciti.biz, enter;
$ sudo nano /etc/nginx/sites-available/www.cyberciti.biz.conf
// Append the basic config
server {
listen 80;
listen [::]:80;
server_name www.cyberciti.biz;
root /home/nginx-www.cyberciti.biz;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
// Save and close the file. You must create a soft link as follows
$ sudo ln -s /etc/nginx/sites-available/www.cyberciti.biz.conf /etc/nginx/sites-enabled/www.cyberciti.biz.conf
// Finally test and reload server
$ sudo nginx -t
$ sudo systemctl reload nginx
// Now create a test file at
// Save and close the file. Set correct permissions using chmod command and chown command:
$ sudo nano /home/nginx-www.cyberciti.biz/index.html
$ sudo chown cbzwww:cbzwww /home/nginx-www.cyberciti.biz/index.html
$ sudo chmod 0444 /home/nginx-www.cyberciti.biz/index.html
$ ls -l /home/nginx-www.cyberciti.biz/index.html$ sudo apt-get install software-properties-common
For PHP 7.2 refers to this link.
$ sudo apt-get purge php.*
// fetch and install GnuPG key
$ wget https://www.dotdeb.org/dotdeb.gpg
$ sudo apt-key add dotdeb.gpg
$ gpg --keyserver keys.gnupg.net --recv-key 89DF5277
$ gpg -a --export 89DF5277 | sudo apt-key add -
$ apt-get install sudo
$ nano /etc/sudoers
add line user ALL=(ALL) ALL
$ apt-get clean
$ apt-get update
$ apt-get upgrade
$ apt-get remove ffmpeg
$ apt-get install build-essential libmp3lame-dev libvorbis-dev libtheora-dev libspeex-dev yasm pkg-config libfaac-dev libopenjpeg-dev libx264-dev
https://www.globo.tech/learning-center/install-mongodb-debian-9
$ apt-get install apache2
// you can run the following command to reveal your VPS's IP address
$ ifconfig eth0 | grep inet | awk '{ print $2 }'
$ apt-get install mysql-server
$ mysql_secure_installation
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y
$ apt-get install php7-* php-pear
$ apt-get install php-mysql
$ sudo apt-get install snmp
$ sudo systemctl restart apache2
$ nano /var/www/info.php
<?php phpinfo(); ?>
$ sudo apt-get install phpmyadmin
$ sudo nano /etc/apache2/apache2.conf
Include /etc/phpmyadmin/apache.conf
$ sudo systemctl restart apache2
$ chown -R www-data:www-data /path/to/www/application-folder
$ chmod -R g+rw /path/to/www
$ chmod -R 755 /path/to/www
$ sudo groupadd www
$ sudo usermod -a -G www ec2-user
$ sudo chown -R root:www /var/www
$ sudo chmod 2775 /var/www
$ find /var/www -type d -exec sudo chmod 2775 {} +
$ find /var/www -type f -exec sudo chmod 0664 {} +
$ apt-get install deb-multimedia-keyring
$ apt-get install libav-tools
$ apt-get install ffmpeg
https://www.assetbank.co.uk/support/documentation/install/ffmpeg-debian-squeeze/ffmpeg-debian-jessie
$ mkdir software
$ cd software
$ wget http://ffmpeg.org/releases/ffmpeg-2.7.2.tar.bz2
$ cd ..
$ mkdir src
$ cd src
$ tar xvjf ../software/ffmpeg-2.7.2.tar.bz2
$ cd ffmpeg-2.7.2
$ ./configure --enable-gpl --enable-postproc --enable-swscale --enable-avfilter --enable-libmp3lame --enable-libvorbis --enable-libtheora --enable-libx264 --enable-libspeex --enable-shared --enable-pthreads --enable-libopenjpeg --enable-libfaac --enable-nonfree
$ make
$ make install
Run "/sbin/ldconfig" as root.
$ cd /tmp/
$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
$ php -r "if (hash_file('SHA384', 'composer-setup.php') === '669656bab3166a7aff8a7506b8cb2d1c292f042046c5a994c43155c0be6190fa0355160742ab2e1c88d40d5be660b410') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
$ sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
$ composer --version
// disable
$ sudo a2dismod php5
// enable
$ sudo a2enmod php7.0
// restart apache
// install
$ apt install vsftpd ftp
// configure
$ nano /etc/vsftpd.conf
// add this configuration
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
write_enable=YES
pam_service_name=ftp
allow_writeable_chroot=YES
// optional configuration
userlist_file=/etc/vsftpd.userlist
userlist_enable=YES
// restart
$ systemctl restart vsftpd
// add ftp user
$ adduser {username}
// change the user directory to /var/www
$ usermod --home /var/www/ {username}
// permissions
$ chmod a-w /var/www
For Debian 9 follow the steps below:
https://www.server-world.info/en/note?os=Debian_9&p=mariadb&f=2
$ apt install php-mcrypt
$ systemctl restart apache2
$ apt install phpmyadmin
// force phpMyAdmin to use SSL
// edit the config
$ nano /etc/phpmyadmin/config.inc.php
// update or edit
// $cfg['ForceSSL'] = 'true';
$ systemctl restart apache2
$ mysql -u root -p
// create new admin user for phpmyadmin
// CREATE USER 'your-username'@'localhost' IDENTIFIED BY 'your-password';
// GRANT ALL PRIVILEGES ON *.* TO 'your-username'@'localhost';
// FLUSH PRIVILEGES;
// folder permissions
$ chown -R {username} /var/www/html
$ chmod 757 -R /var/www/html
https://www.linode.com/docs/websites/hosting-a-website
https://www.linode.com/docs/security/use-public-key-authentication-with-ssh
https://www.vultr.com/docs/how-to-setup-fail2ban-on-debian-9-stretch
https://thomas-leister.de/en/mailserver-debian-stretch
https://www.linode.com/docs/email/clients/install-squirrelmail-on-ubuntu-16-04-or-debian-8
https://www.linode.com/docs/development/nodejs/how-to-install-nodejs-and-nginx-on-debian
https://www.vultr.com/docs/add-secondary-ipv4-address
https://www.linode.com/docs/security/scanning-your-linode-for-malware
https://www.upcloud.com/support/scanning-debian-8-0-server-for-malware
https://linuxconfig.org/how-to-install-a-lamp-server-on-debian-9-stretch-linux
https://linuxhostsupport.com/blog/how-to-install-wordpress-with-php-7-1-and-nginx-on-a-debian-9-vps
https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot
https://linuxconfig.org/how-to-configure-ftp-server-on-debian-9-stretch-linux