🖥️ Linux Server Initial Setup Guide
This guide walks you through the essential steps for setting up a new Linux server, focusing on security and best practices.
Prerequisites
- A fresh Linux server (Ubuntu 22.04 LTS recommended)
- Root or sudo access
- SSH client
Step 1: Update System Packages
Always start by updating your system:
# Update package lists
sudo apt update
# Upgrade installed packages
sudo apt upgrade -y
# Install essential tools
sudo apt install -y curl wget git vim htopStep 2: Create a Non-Root User
Never use the root account for daily operations:
# Create new user
sudo adduser devops
# Add to sudo group
sudo usermod -aG sudo devops
# Switch to new user
su - devopsStep 3: Configure SSH Security
Edit the SSH configuration for enhanced security:
sudo vim /etc/ssh/sshd_configApply these settings:
# Disable root login
PermitRootLogin no
# Disable password authentication (after setting up SSH keys)
PasswordAuthentication no
# Change default port (optional)
Port 2222
# Limit login attempts
MaxAuthTries 3Restart SSH service:
sudo systemctl restart sshdStep 4: Set Up Firewall (UFW)
# Install UFW
sudo apt install ufw
# Default policies
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow SSH
sudo ufw allow 2222/tcp
# Allow HTTP/HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Enable firewall
sudo ufw enable
# Check status
sudo ufw status verboseStep 5: Install Fail2Ban
Protect against brute-force attacks:
# Install fail2ban
sudo apt install fail2ban
# Create local config
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# Start and enable
sudo systemctl start fail2ban
sudo systemctl enable fail2banStep 6: Configure Automatic Updates
# Install unattended-upgrades
sudo apt install unattended-upgrades
# Enable automatic updates
sudo dpkg-reconfigure -plow unattended-upgradesSummary Checklist
| Task | Status |
|---|---|
| System updated | ✅ |
| Non-root user created | ✅ |
| SSH hardened | ✅ |
| Firewall configured | ✅ |
| Fail2ban installed | ✅ |
| Auto-updates enabled | ✅ |
🔐 Security Note: Always keep your server updated and regularly audit your security configurations.