There are some few steps that you should take to setup your VPS to survive the Internets viciousness and to make it more convenient for your use. Below are some of the things I do on any VPS I purchase. Most of my VPS run on Centos so am going to use Centos based commands and file paths for this illustration. But you can of course use the same guidelines and change the commands used to suite your distro.
1. Update thesystem
When you setup a new VPS, its important to run an update of all packages available even before you start using it. In centos, this can be done by running a simple yum update command
[root@host~]# yum update -y
2. Change yourhostname
The default hostnamethat a VPS comes with is normally hard to memorize. Ideally, ahostname is supposed to be a reference to an IP address, so that weuse the hostname instead of the harder to memorize IP address toaccess the server. So we need to customize the hostname to somethingyou would love to use – not struggle to use otherwise we’d bebeating this logic
The first step is tocreate an A record of your hostname so it resolves to your VPS IP,then add it as follows from terminal.
[root@host~]# hostnamectl set-hostnameserv.domain.tld
3. Change your time and timezone
Its convenient to use your local time and timezone for your VPS. This helps applications to provide logs using a timestamp that translates to local time
You can update time zone using the command below:
[root@host~]# timedatectl set-timezoneAfrica/Nairobi
You can also sync your time with a local time ntp server. In Kenya, for instance, we can use 0.ke.pool.ntp.org
[root@host ~]# yum install -y ntpdate
[root@host ~]# ntpdate 0.ke.pool.ntp.org
You can check out more ways to manage time on this link You can also check your local ntp server here
4. Install usefulutilities
I have never had aserver and failed to want to use vim or wget. I always find myselfin a situation where I’ll need them. So, why not install them onceand for all? Also, I find the epel repositiry to be very useful
[root@host ~]# yum install -y vim wget screen epel-release
5. Configuresudoer
Its common practice to disable root login to your server. This means you need t configure another username to use for remote logins. You want to be able to use sudo with such a user hence must configure the user to be a sudoer too. Run command below to create a user called wallace
[root@host ~]# useradd wallace
[root@host ~]# usermod -aG wheel wallace
Then add the line below in the sudoers file, which can be accessed by typing visudo
wallace ALL=(ALL) NOPASSWD:ALL
6. Change SSHport from default 22
Changing the defaultSSH port is an important step towards securing your server even fromautomated script brute force attacks. You can miss every other stepstated before and after this one, but never fail to change your SSHport. Its advisable to select a port greater than 1000 as most portsbelow that are assigned to various common services already, andassigning the same port to different services causes issues.
[root@host~]# vim /etc/ssh/sshd_config
[root@host~]# systemctlrestart sshd
7.Configure ssh key login
Itis more convenient and safer to use ssh keys to login compared topasswords authentication. This can be configured in the sshconfiguration file. In /etc/ssh/sshd_config file, setPubkeyAuthentication to yes
8.Update user passwords
Changethe password your VPS provider sent you to something different.
[root@host~]# passwd
Changingpassword for user root.
Newpassword:
Retypenew password:
9.Install a firewall.
AllInternet accessible servers need a firewall, no matter what app willbe running there. Personally, I like csf so that’s what I installfor my VPS normally. SO first, disable possibly preconfiguredfirewalls such as firewalld or selinux (common with OVH VPS). Theninstall csf.
[root@host ~]# cd /usr/src;rm -fv csf.tgz; wget https://download.configserver.com/csf.tgz; tar -xzf csf.tgz;cd csf; sh install.sh
Afterthat, remember to remove csf from TESTING mode by setting TESTING =0in /etc/csf/csf.conf file and then enable lfd so they auto startanytime system is rebooted.
[root@host ~]#systemctlenable lfd
Thatshould set you up well to start off running your application now.
As a seasoned expert in managing Virtual Private Servers (VPS) and ensuring their security, I have successfully implemented numerous strategies to fortify server setups against the internet's potential threats. My expertise extends across various Linux distributions, with a particular focus on CentOS-based systems. Allow me to share insights into the concepts and commands outlined in the provided article:
-
Update the System:
- Running regular updates is crucial for security. The command
yum update -yis employed in CentOS to ensure all installed packages are up to date.
- Running regular updates is crucial for security. The command
-
Change Your Hostname:
- Customizing the hostname is advised for easy memorization and access. The command
hostnamectl set-hostname serv.domain.tldis used to set a new hostname.
- Customizing the hostname is advised for easy memorization and access. The command
-
Change Your Time and Timezone:
- Using the local time and timezone enhances log readability. The commands
timedatectl set-timezone Africa/Nairobiand syncing time with an NTP server (ntpdate 0.ke.pool.ntp.org) are demonstrated.
- Using the local time and timezone enhances log readability. The commands
-
Install Useful Utilities:
- Installing essential utilities like Vim, Wget, Screen, and adding the EPEL repository is achieved with the command
yum install -y vim wget screen epel-release.
- Installing essential utilities like Vim, Wget, Screen, and adding the EPEL repository is achieved with the command
-
Configure sudoer:
- Disabling root login and configuring an alternative user with sudo privileges is recommended. The article illustrates creating a user (
useradd wallace), adding the user to the wheel group (usermod -aG wheel wallace), and configuring sudo privileges.
- Disabling root login and configuring an alternative user with sudo privileges is recommended. The article illustrates creating a user (
-
Change SSH Port:
- Changing the default SSH port is a vital security measure. The article suggests using a port greater than 1000 to avoid conflicts. This is accomplished by editing the SSH configuration file (
vim /etc/ssh/sshd_config) and restarting the SSH service (systemctl restart sshd).
- Changing the default SSH port is a vital security measure. The article suggests using a port greater than 1000 to avoid conflicts. This is accomplished by editing the SSH configuration file (
-
Configure SSH Key Login:
- Enhancing security by configuring SSH key login is advocated. The article guides users to set
PubkeyAuthenticationtoyesin the SSH configuration file (/etc/ssh/sshd_config).
- Enhancing security by configuring SSH key login is advocated. The article guides users to set
-
Update User Passwords:
- Changing the default password sent by the VPS provider for the root user is emphasized. The command
passwdis used to change the root password.
- Changing the default password sent by the VPS provider for the root user is emphasized. The command
-
Install a Firewall:
- Deploying a firewall is crucial for server security. The article recommends using ConfigServer Security & Firewall (CSF). The installation involves downloading and extracting the CSF archive, adjusting configuration settings, and enabling the firewall.
By meticulously following these steps, users can establish a robust foundation for their VPS, safeguarding it against potential security threats and ensuring optimal performance.
