Created
September 8, 2015 10:01
-
-
Save skatiyar/f862d2dacca22745e9c4 to your computer and use it in GitHub Desktop.
Basic list of commands to setup new server instance. (Tested only for Ubuntu 12.04) (Taken from digitalocean tutorials.)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A small set of commands to do basic server setup | |
| # First and foremost add password to root | |
| sudo passwd root | |
| # Update the dist | |
| sudo apt-get update && sudo apt-get upgrade | |
| # Block rogue connections by | |
| # allowing only ssh, port - 80, 443 | |
| # using Uncomplicated Firewall (ufw) | |
| sudo ufw allow ssh | |
| sudo ufw allow 80/tcp | |
| sudo ufw allow 443/tcp | |
| # Verify the ufw rules added | |
| sudo ufw show added | |
| # Enable the firewall | |
| sudo ufw enable | |
| # Configure server timezone | |
| sudo dpkg-reconfigure tzdata | |
| # Configure local ntp (Network Time Protocol) | |
| sudo apt-get install ntp | |
| # Allocate space for swap | |
| sudo fallocate -l 7G /swapfile | |
| # Change permissions on swapfile | |
| sudo chmod 600 /swapfile | |
| # Make swap | |
| sudo mkswap /swapfile | |
| sudo swapon /swapfile | |
| sudo sh -c 'echo "/swapfile none swap sw 0 0" >> /etc/fstab' | |
| # Create group for working | |
| groupadd groupname | |
| # Add a new user to group | |
| useradd -g groupname username | |
| # Set passwd for user | |
| passwd username | |
| # Check the passwd file for newly created user | |
| # verify its similar to -> | |
| # username:x:1000:1000::/home/username:/bin/bash | |
| # also verify /bin/bash is not /bin/sh | |
| vim /etc/passwd | |
| # Change sudo permissions | |
| # Should be similar to -> | |
| # | |
| # - User privilege specification | |
| # root ALL=(ALL:ALL) ALL | |
| # | |
| # - Members of the admin group may gain root privileges | |
| # %admin ALL=(ALL) ALL | |
| # | |
| # - Allow members of group sudo to execute any command | |
| # %sudo ALL=(ALL:ALL) ALL | |
| # | |
| # - <groupname> permissions | |
| # %groupname ALL=(ALL:ALL) ALL | |
| # | |
| # - See sudoers(5) for more information on "#include" directives: | |
| # - includedir /etc/sudoers. | |
| visudo | |
| # Install nginx for running app servers | |
| sudo apt-get install nginx | |
| # Change your user | |
| su username | |
| # Check if /home has directory /username if not run following | |
| cd /home && sudo mkdir username && sudo chown username:groupname username && cd ~ | |
| # Enable ssh login to user account | |
| mkdir .ssh && vim .ssh/authorized_keys | |
| # Give correct permissions to authorized_keys | |
| # otherwise ssh login wont work for keys | |
| chmod 600 .ssh/authorized_keys | |
| chmod 700 .ssh | |
| # Change ssh config to prevent | |
| # password and root login | |
| # | |
| # Change file values to following | |
| # PermitRootLogin no | |
| # PasswordAuthentication no | |
| vim /etc/ssh/sshd_config | |
| # Restart the service | |
| sudo service ssh restart | |
| # Disable root account | |
| sudo passwd -l root |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment