Notes:
- change or anything with <...> with the values you want
Use:
sudo useradd <username>
: low level utilitysudo adduser <username>
: user friendly script
Use:
sudo userdel <username>
: low level utilitysudo deluser --remove-home <username>
: user friendly script that removes also the home directory of the user
Create group: sudo groupadd <groupname>
- sudoers:
sudo usermod -aG sudo <username>
- other groups with logged in username:
sudo usermod -aG <groupname> $USER
, where$USER
is the logged in username (check withecho $USER
)
UFW for Uncomplicated FireWall
- Installation:
sudo apt install ufw
- Enable:
sudo ufw enable
- Disable:
sudo ufw disable
- Status:
sudo ufw status
- Verbose Status:
sudo ufw status verbose
- for checking also default rules - Allow port rule:
sudo ufw allow 7822
- Delete rule:
sudo ufw status numbered
Get the rule numberedsudo ufw delete 2
Delete rule #2
- Check logs:
sudo dmesg | grep '\[UFW'
- nano:
sudo apt install nano
sudo apt update
sudo apt install openssh-server
- start|stop|restart|status:
sudo systemctl start|stop|restart|status ssh
Keep the original:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
sudo chmod a-w /etc/ssh/sshd_config.original
- Check configuration:
sudo sshd -t -f /etc/ssh/sshd_config
Some option I configure in ssh_config
- Change the standard port from 22 to something else:
Port 6622
- Pubkey authentication
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/%u/authorized_keys .ssh/authorized_keys
AllowUsers <username1> <username2>
PasswordAuthentication no
- Issue.net:
Banner /etc/issue.net
where I add:
********************************************************************
* *
* This system is for the use of authorized users only. Usage of *
* this system may be monitored and recorded by system personnel. *
* *
* Anyone using this system expressly consents to such monitoring *
* and is advised that if such monitoring reveals possible *
* evidence of criminal activity, system personnel may provide the *
* evidence from such monitoring to law enforcement officials. *
* *
********************************************************************
Then
- test:
sudo sshd -t -f /etc/ssh/sshd_config
- and restart:
sudo systemctl restart sshd.service
Use the official guide and post installation steps
For docker-compose: https://docs.docker.com/compose/install/
sudo curl -L "https://github.com/docker/compose/releases/download/1.28.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
(check the version for newer versions)sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
sudo curl -L https://raw.githubusercontent.com/docker/compose/1.28.5/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
(bash completion)
From https://www.techrepublic.com/article/how-to-fix-the-docker-and-ufw-security-flaw/
Fortunately, there's a way to fix this. Go back to the terminal on your Docker server and issue the command sudo nano /etc/default/docker and add the following line:
DOCKER_OPTS="--iptables=false"
Save and close that file. Restart the docker daemon with the command sudo systemctl restart docker. Now, when you deploy a container, it will no longer alter iptables and will honor UFW.
- What is my IP?:
ip a
- CPU info:
cat /proc/cpuinfo
- Number of processors:
cat /proc/cpuinfo | grep processor
- Memory info:
free -m
- Disk info:
df -h
for human readable sizes
TODO
TODO
- who has logged in:
last