gefvert.org

Provisioning a New Linux Server

2020-10-01

Just a small checklist on the things I like to do when installing and configuring a new Linux server. YMMV.

Install tools

apt-get install joe mc sl    # sl is very important

Provision hard disk

joe /etc/fstab             # add new hard disk, options=defaults, 0 0 is good at the end
fdisk /dev/xvdg            # format the AWS storage space
mkfs -t ext4 /dev/xvdg1
mount -a

Set up user accounts

adduser mgefvert
adduser mgefvert admin     # enables sudo
mkdir /home/mgefvert/.ssh
joe /home/mgefvert/.ssh/authorized_keys      # add the relevant ssh key file
chown -R mgefvert.mgefvert /home/mgefvert/.ssh
chmod -R 700 /home/mgefvert/.ssh
chmod -R 600 /home/mgefvert/.ssh/authorized_keys

Global profile

joe /etc/profile       # Add the following:
alias rmbak='rm *~'
PS1='\n\[\e[1;37;41m\]  \[\e[0m\] ${debian_chroot:+($debian_chroot)}\u@\h \w \$ '
mail -s "`hostname`: Login as `whoami`" admin@example.com <<< "The user `whoami` just logged in on '`hostname`' from $SSH_CLIENT"

Set security

apt-get install
    sshd
    ufw          # unless managed by external firewall
    denyhosts    # unless we've locked down through the firewall
    apt-transport-https
    needrestart

Services

apt-get install 
    mysql-server
    apache2
    certbot
    php
    php-fpm
    docker
    exim4

Configure email

mail sent by smarthost; no local mail
mail name: example.com (=domain name)
list of ip addresses: 127.0.0.1, ::1
other destinations:
visible domain for local users: example.com
outgoing smarthost: smtp.gmail.com::587
minimal dns: no
small config files: no

sudo joe /etc/exim4/passwd.client
    *.google.com:admin@example.com:password
    *.gmail.com:admin@example.com:password

Monitoring

Add and configure

  • zabbix-agent
  • zabbix-proxy