New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Change ssh port
Post on LET complaining about the provider.
Auto configuration scripts to do what? Thnx
Kool
Take note of any peculiar setting (e.g. network details), then reinstall a minimal Debian thanks
In our case they install and configure Nginx and it's server blocks, do some edits to limits.conf and sysctl, change the hostname and edit the hosts file, install additional packets needed for some auxiliary functions and scripts, sync SSL certs, create a few custom directories and aid in cache fills by temporarily introducing and revoking the server from the DNS to achieve gradual cache fill without overloading customers' origins and our own storage.
ask for a refund
No idling?
Wow. Thnx for sharing
Changing the SSH port seems popular. Isn’t sshd pretty much the most hardened software out there already? Isn’t disabling password authentication (require public keys) good enough? (with fail2ban or similar)
Yes. All changing the ssh port accomplishes is reducing the amount of log spam you get from skiddies. For that alone, I think it's worth it, but to each his own.
no sir I rather skip straight to buyers remorse
I keep a
.txt
on my initial setup procedure of each VPS, so that they can be repeated as necessary. Here are two samples:VZ7, Debian 10 template
KVM, Debian 10 ISO install, select "SSH server" and "system utilities" during installation
If there's more than 10GB disk, I may partition as 6GB root, some swap, and rest at
/home
(I keep website content in/home/web
). Otherwise, it's single partition.SSH public key was uploaded via
ssh-copy-id
command, then I runssh
command and perform the above steps. I don't change SSH port number. Obfuscation is not security.I change the ssh ip to randomly generated IPv6 address (with key) and then take my time setting up my server.
install firewall then ssh
Simple for me, just install my Centmin Mod LEMP stack where majority of what I use to do manually is done automatically for me From rough calculation, it saves me between 1-6 hrs of manual system admin work each time (depending on default install choices) ^_^
YABS, then install docker.
/proc/cpuinfo
/proc/meminfo
df
smartctl
sfill
smartctl
When I fill the disk(s) this is also to get ride of potential recoverable data from previous user. I am paranoiac and I don't want to get into troubles because of previous user's data. This is why I use sfill.
I am at OVH/SYS/KS, so I am using their rescue mode.
Disinfect it with sanitizers. We live in covid era.
——-
Alrite enough of fun in the October Sun. Off on a LE Break.
I've only recently discovered MOTDs and like to customize mine like crazy. Super handy.
What is MOTDs? // ERM? Thnx
Message of the Day, sometimes when you log into a VPS you get a bunch of info, like the server info. Well, you can add tons of extra info to that blurb, like weather, usage, almost any kind of info you want to see. Here are two links to give you a better idea. Just don't forget to do your actual work!
http://mewbies.com/how_to_customize_your_console_login_message_tutorial.htm
https://www.reddit.com/r/unixporn/comments/6qwrfm/share_your_linux_motds_and_ascii_banners/
Awesome. Thanks for sharing
Use sed instead of vi.
Protec : https://digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04
Disable root login
Custom motd
Setup VPN
Only allow ssh via VPN
2FA authentication
Copy my backup and monitoring scripts and add them to cron
Then I run whatever service I got the box for, or I simply let it idle.
It's easier for me to perform calculations on high precision timestamps because they're composed of digits only and there's no year in rsyslog's traditional format.
I copy-paste the commands, one line at a time, into the serial console, so I use vi.
When I need to setup 32 virtual machines quickly (provided to students of computer networking class), I have sed and awk; it's a little tricky dealing with sudoers file though.
Checking the Spec's, happens that you get scammed.
Checking the Drives
Benchmark + Network tests
Deploying all the script shit, you usually deploy
PRODUCTiON READYNESS, kek