Start with a fully up to date server
sudo apt update && sudo apt dist-upgrade -y
Turn on security auto-updates
It takes just 1 command to make your system so much more secure for free, automatically, forever:
sudo dpkg-reconfigure -plow unattended-upgrades
If you are using a password and not a SSH key, be sure to enforce a strong root password!
fail2ban does is it blocks any IP addresses that enters the wrong login password more than 3 times for 10 minutes.
apt-get install fail2ban
I believe the default config is sufficient so i will not edit anything about it.
Install Docker / Git
This installs docker community edition – the free version of docker.
wget -qO- https://get.docker.com/ | sh
After docker is installed you should see something similar to:
Client: Version: 18.09.5 API version: 1.39 Go version: go1.10.8 Git commit: e8ff056 Built: Thu Apr 11 04:44:15 2019 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 18.09.5 API version: 1.39 (minimum version 1.12) Go version: go1.10.8 Git commit: e8ff056 Built: Thu Apr 11 04:10:53 2019 OS/Arch: linux/amd64 Experimental: false If you would like to use Docker as a non-root user, you should now consider adding your user to the "docker" group with something like: sudo usermod -aG docker tbp Remember that you will have to log out and back in for this to take effect! WARNING: Adding a user to the "docker" group will grant the ability to run containers which can be used to obtain root privileges on the docker host. Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface for more information.
To test that your docker instance is working properly just run
sudo docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 1b930d010525: Pull complete Digest: sha256:92695bc579f31df7a63da6922075d0666e565ceccad16b59c3374d2cf4e8e50e Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/
Util: install Glances
Glances is a very nice and improved version of
top (and somewhat resource heavier than its counterpart). Whenever i think my sever is slower than usual i just start
glances and see everything going on with my system.
wget -O- https://bit.ly/glances | /bin/bash