In short, I think there should be a “comprehensive” mean to get your server/box up and running from “zero to 100” so you can “get down to business” so to speak… So I made this up so I can get hopefully soon to receiving 6 cores/12 threads machine’s very basics up and running in minutes instead of hour(s). So I thought it might helps you do the same!
I have used the following sources coupled with my personal experiences with running boxes/VPSes mainly for gaming purposes…
16 Commands to Check Hardware Information on Linux - BinaryTides, https://www.redhat.com/sysadmin/eight-ways-secure-ssh, https://www.linode.com/docs/guides/securing-your-server/, https://www.tecmint.com/tuned-automatic-performance-tuning-of-centos-rhel-servers/ and https://haydenjames.io/linux-performance-almost-always-add-swap-space/
Setting aside as little as an hour should be plenty, being deaf and blind even so I got it done in within the hour.
Below are the steps I believe one should probably starts with when it comes to SSH security (“config” means you need to input said configurations)…
#Backup SSH configurations cp /etc/ssh/sshd_config ~/sshd_config_original #Configuring SSH banner for unauthorized notifiying nano /etc/issue.net "Warning! Authorized use only. This server is the property of MyCompanyName.com" #Enter SSH configuration nano /etc/ssh/sshd_config #Then find line reading "# no default banner path" and configures Banner /etc/issue.net #Restart SSH systemctl restart sshd #Enter SSH configuration nano /etc/ssh/sshd_config #Find line reading "PermitEmptyPasswords" and change it to... "PermitEmptyPasswords no" #Restart SSH systemctl restart sshd #Create sudo user to replace "root" user for logins adduser example_user #Then that same user to the sudo "group" adduser example_user sudo #Exit current "root" session exit #Test login with limited user ssh example_user@YOURIP #Make sure you can still sudo to "root" still sudo su #Not allowing "root" to login through the network nano /etc/ssh/sshd_config "PermitRootLogin no" #Restricting WHO can login, I would put it near the above configuration AllowUsers example_user #Putting sshd behind a non-standardized port "#Run SSH on a non-standard port #Port 22 Port yourporthereabove1024" #Restarts SSH systemctl restart sshd #Configuring Keypair on Linux PC ssh-keygen #Pass key to machine now ssh-copy-id -p configuredport example_user@YOURIP #Testing ssh key connection ssh example_user@IP #Final configuration for SSH Security nano /etc/ssh/sshd_config "PasswordAuthentication no" #Restart SSH once more systemctl restart sshd
Next if you got a dedicated server, it might pays to make sure you actually got what the quote/agreements said what you would be working with…
#Checking General Hardware Configurations sudo lshw -short #Others may be needed for instance drives' details see https://www.binarytides.com/linux-commands-hardware-info/
Finally these are OS configurations that I always do before I install everything else (firewall, game panel, etc)
#Update OS sudo apt update && sudo apt upgrade -y #Install and Setup Automatic Updates sudo apt-get install unattended-upgrades sudo nano /etc/apt/apt.conf.d/50unattended-upgrades sudo nano /etc/apt/apt.conf.d/20auto-upgrades "APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "7"; APT::Periodic::Unattended-Upgrade "1";" #Check Network Services sudo ss -atpu #Remove any Excess Services sudo apt purge package_name #Install Tuned sudo apt-get install tuned tuned-utils tuned-utils-systemtap #Tuned Setup sudo systemctl enable tuned sudo systemctl start tuned sudo systemctl status tuned #To see profiles (really there actually quite a few out there now of days with good descriptors) sudo tuned-adm list #Then proceed accordingly sudo tuned-adm profile yourchoosenprofile sudo tuned-adm active #Conversative Swap Setup (for optimized performance where RAM isn't limited) sudo nano /etc/sysctl.conf "vm.swappiness= 10 vm.vfs_cache_pressure=50" #(if causing excessive RAM usages) Disabling Journaling, set to none for storage sudo nano /etc/systemd/journald.conf #Restarts the Journaling sudo systemctl restart systemd-journald.service #Set Timezone sudo timedatectl set-timezone America/New_York
Hope this helps you guys get up and running more consistently and quicker so you can get down to business sooner than later!