Just a small checklist on the things I like to do when installing and configuring a new Linux server. YMMV.
Install tools
apt-get install joe mc sl # sl is very important
Provision hard disk
joe /etc/fstab # add new hard disk, options=defaults, 0 0 is good at the end
fdisk /dev/xvdg # format the AWS storage space
mkfs -t ext4 /dev/xvdg1
mount -a
Set up user accounts
adduser mgefvert
adduser mgefvert admin # enables sudo
mkdir /home/mgefvert/.ssh
joe /home/mgefvert/.ssh/authorized_keys # add the relevant ssh key file
chown -R mgefvert.mgefvert /home/mgefvert/.ssh
chmod -R 700 /home/mgefvert/.ssh
chmod -R 600 /home/mgefvert/.ssh/authorized_keys
Global profile
joe /etc/profile # Add the following:
alias rmbak='rm *~'
PS1='\n\[\e[1;37;41m\] \[\e[0m\] ${debian_chroot:+($debian_chroot)}\u@\h \w \$ '
mail -s "`hostname`: Login as `whoami`" admin@example.com <<< "The user `whoami` just logged in on '`hostname`' from $SSH_CLIENT"
Set security
apt-get install
sshd
ufw # unless managed by external firewall
denyhosts # unless we've locked down through the firewall
apt-transport-https
needrestart
Services
apt-get install
mysql-server
apache2
certbot
php
php-fpm
docker
exim4
Configure email
mail sent by smarthost; no local mail
mail name: example.com (=domain name)
list of ip addresses: 127.0.0.1, ::1
other destinations:
visible domain for local users: example.com
outgoing smarthost: smtp.gmail.com::587
minimal dns: no
small config files: no
sudo joe /etc/exim4/passwd.client
*.google.com:admin@example.com:password
*.gmail.com:admin@example.com:password
Monitoring
Add and configure
- zabbix-agent
- zabbix-proxy