DEV Community

Sospeter Mong'are
Sospeter Mong'are

Posted on

First 10 Things to Do After Accessing Your New Linux Serve

After successfully SSH-ing into your new server (for example 178.18.23.12), here's your step-by-step checklist to properly set it up for production use:


1. Verify Basic System Info

# Check OS version
cat /etc/os-release

# Check disk space
df -h

# Check memory
free -h

# Check CPU
lscpu
Enter fullscreen mode Exit fullscreen mode

Why? Confirm you have the expected resources and OS version.


2. Change Default Passwords IMMEDIATELY

# Change root password (even if using SSH keys)
passwd

# If you created a sudo user:
passwd yourusername
Enter fullscreen mode Exit fullscreen mode

Pro Tip: Use a 20+ character random password stored in a password manager.


3. Create a New Sudo User (Never Use Root Daily)

# Create user
adduser yourusername

# Grant sudo (Debian/Ubuntu)
usermod -aG sudo yourusername

# Grant sudo (CentOS/RHEL)
usermod -aG wheel yourusername
Enter fullscreen mode Exit fullscreen mode

Now log out of root and use this user instead:

exit
ssh yourusername@178.18.243.142
Enter fullscreen mode Exit fullscreen mode

4. Set Up SSH Key Authentication

On your local machine (not the server):

ssh-keygen -t ed25519 -a 100  # Creates ~/.ssh/id_ed25519.pub
ssh-copy-id yourusername@178.18.243.142
Enter fullscreen mode Exit fullscreen mode

Then disable password logins:

sudo nano /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode

Set:

PasswordAuthentication no
PermitRootLogin no
Enter fullscreen mode Exit fullscreen mode

Restart SSH:

sudo systemctl restart sshd
Enter fullscreen mode Exit fullscreen mode

5. Enable Automatic Security Updates

Debian/Ubuntu

sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades
Enter fullscreen mode Exit fullscreen mode

CentOS/RHEL

sudo yum install yum-cron
sudo systemctl enable --now yum-cron
Enter fullscreen mode Exit fullscreen mode

6. Configure a Firewall

UFW (Debian/Ubuntu)

sudo ufw allow 22/tcp   # SSH
sudo ufw allow 80/tcp   # HTTP (if needed)
sudo ufw enable
Enter fullscreen mode Exit fullscreen mode

firewalld (CentOS/RHEL)

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
Enter fullscreen mode Exit fullscreen mode

7. Install Essential Tools

# For Debian/Ubuntu
sudo apt install -y htop nano git curl fail2ban

# For CentOS/RHEL
sudo yum install -y htop nano git curl epel-release
sudo yum install -y fail2ban
Enter fullscreen mode Exit fullscreen mode

8. Set Up Basic Monitoring

Install and Configure Fail2Ban

sudo systemctl enable --now fail2ban
Enter fullscreen mode Exit fullscreen mode

Check Logs Regularly

# Failed SSH attempts
sudo grep "Failed" /var/log/auth.log   # Debian/Ubuntu
sudo grep "Failed" /var/log/secure    # CentOS/RHEL

# Active connections
ss -tulnp
Enter fullscreen mode Exit fullscreen mode

9. Secure Critical Files

# Make sensitive files immutable
sudo chattr +i /etc/passwd /etc/shadow /etc/group /etc/sudoers

# Restrict cron access
sudo rm /etc/cron.deny  # Delete if exists
echo "yourusername" | sudo tee /etc/cron.allow
Enter fullscreen mode Exit fullscreen mode

10. What Next? Depends on Your Use Case

For Web Servers:

sudo apt install nginx    # or apache2
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
Enter fullscreen mode Exit fullscreen mode

For Database Servers:

sudo apt install mysql-server
sudo mysql_secure_installation
Enter fullscreen mode Exit fullscreen mode

For Development:

# Install Docker
curl -fsSL https://get.docker.com | sudo sh
sudo usermod -aG docker yourusername
Enter fullscreen mode Exit fullscreen mode

Bonus: First Night Checklist

✅ All default passwords changed

✅ Root SSH login disabled

✅ SSH keys configured (password auth disabled)

✅ Firewall active with minimal ports open

✅ Automatic updates enabled

✅ Basic monitoring (Fail2Ban) running

✅ Critical files secured

After this: Proceed with your specific application setup (WordPress, Node.js, game server, etc.).


Emergency Reminder

Always keep a backup SSH session open when making critical changes! If you lock yourself out:

  1. Use your hosting provider's VNC console access
  2. For cloud servers (AWS/Azure/GCP), use their rescue mode

Top comments (0)