Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

What do you do upon first getting a new server? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

What do you do upon first getting a new server?

2»

Comments

  • mustafamw3mustafamw3 Member, Patron Provider

    Change ssh port

    Thanked by 1plumberg
  • raindog308raindog308 Administrator, Veteran
    edited October 2020

    @plumberg said: What do you do upon first getting a new server?

    Post on LET complaining about the provider.

    Thanked by 6webcraft skorous TimboJones 1nf themew wdmg
  • plumbergplumberg Veteran

    @PUSHR_Victor said:
    • Curse unattended upgrades if enabled
    • If installing OS myself, curse IPMI as it always has some problem. Throw a tantrum at how no one can do IPMI right obviously. Curse Java and everyone who uses it.
    • Add to monitoring and DNS
    • Start auto configuration scripts and open a beer.
    • Curse auto configuration for no real reason but being slow sometimes.
    • Check that SSH keys work properly
    • Confirm proper operation
    • Start cache fill procedures, monitor them, move on.

    Auto configuration scripts to do what? Thnx

  • plumbergplumberg Veteran

    @dodheimsgard said:
    I change root password to root or password and wait for abuse emails.

    Kool

  • Shot2Shot2 Member

    Take note of any peculiar setting (e.g. network details), then reinstall a minimal Debian thanks

  • PUSHR_VictorPUSHR_Victor Member, Host Rep
    edited November 2020

    @plumberg said:

    Auto configuration scripts to do what? Thnx

    In our case they install and configure Nginx and it's server blocks, do some edits to limits.conf and sysctl, change the hostname and edit the hosts file, install additional packets needed for some auxiliary functions and scripts, sync SSL certs, create a few custom directories and aid in cache fills by temporarily introducing and revoking the server from the DNS to achieve gradual cache fill without overloading customers' origins and our own storage.

  • SirFoxySirFoxy Member

    ask for a refund

    Thanked by 10PUSHR_Victor plumberg raindog308 TimboJones yoursunny 1nf themew AmirGT wdmg JohnFilch123
  • plumbergplumberg Veteran

    @SirFoxy said:
    ask for a refund

    No idling?

    Thanked by 1webcraft
  • plumbergplumberg Veteran

    @PUSHR_Victor said:

    @plumberg said:

    Auto configuration scripts to do what? Thnx

    In our case they install and configure Nginx and it's server blocks, do some edits to limits.conf and sysctl, change the hostname and edit the hosts file, install additional packets needed for some auxiliary functions and scripts, sync SSL certs, create a few custom directories and aid in cache fills by temporarily introducing and revoking the server from the DNS to achieve gradual cache fill without overloading customers' origins and our own storage.

    Wow. Thnx for sharing

    Thanked by 1NewToTheGame
  • JohnGJohnG Member
    edited November 2020

    Changing the SSH port seems popular. Isn’t sshd pretty much the most hardened software out there already? Isn’t disabling password authentication (require public keys) good enough? (with fail2ban or similar)

  • raindog308raindog308 Administrator, Veteran

    @JohnG said: Changing the SSH port seems popular. Isn’t sshd pretty much the most hardened software out there already? Isn’t disabling password authentication (require public keys) good enough? (with fail2ban or similar)

    Yes. All changing the ssh port accomplishes is reducing the amount of log spam you get from skiddies. For that alone, I think it's worth it, but to each his own.

  • SirFoxySirFoxy Member

    @plumberg said:

    @SirFoxy said:
    ask for a refund

    No idling?

    no sir I rather skip straight to buyers remorse

    Thanked by 1plumberg
  • yoursunnyyoursunny Member, IPv6 Advocate
    edited November 2020

    I keep a .txt on my initial setup procedure of each VPS, so that they can be repeated as necessary. Here are two samples:

    VZ7, Debian 10 template

    echo 'APT::Install-Recommends "no";
APT::Install-Suggests "no";' >/etc/apt/apt.conf.d/80recommends
echo deb http://deb.debian.org/debian buster-backports main >/etc/apt/sources.list.d/buster-backports.list
apt-mark auto $(apt-mark showmanual)
apt update
apt install apt-transport-https bind9-host curl git htop initramfs-tools initscripts iputils-ping locales net-tools openssh-server patch resolvconf screen software-properties-common sudo systemd-sysv tcpdump telnet traceroute vim wget zip
apt autoremove --purge
apt full-upgrade

vi /etc/ssh/sshd_config
  PasswordAuthentication no

vi /etc/systemd/journald.conf
  SystemMaxUse=50M

    KVM, Debian 10 ISO install, select "SSH server" and "system utilities" during installation

    apt install sudo
/usr/sbin/usermod -a -G sudo sunny

sudo apt purge nano
sudo apt install vim

sudo visudo
  %sudo   ALL=(ALL:ALL) NOPASSWD: ALL

sudo vi /etc/ssh/sshd_config
  PasswordAuthentication no

sudo vi /etc/systemd/journald.conf
  SystemMaxUse=50M

    If there's more than 10GB disk, I may partition as 6GB root, some swap, and rest at /home (I keep website content in /home/web). Otherwise, it's single partition.

    SSH public key was uploaded via ssh-copy-id command, then I run ssh command and perform the above steps. I don't change SSH port number. Obfuscation is not security.

    Thanked by 1themew
  • serveradministratorserveradministrator Member
    edited November 2020

    I change the ssh ip to randomly generated IPv6 address (with key) and then take my time setting up my server.

    Thanked by 1plumberg
  • webdevwebdev Member

    install firewall then ssh

    Thanked by 1plumberg
  • eva2000eva2000 Veteran

    @plumberg said: what do you usually run on the server as soon as its deployed?

    Simple for me, just install my Centmin Mod LEMP stack where majority of what I use to do manually is done automatically for me :smiley: From rough calculation, it saves me between 1-6 hrs of manual system admin work each time (depending on default install choices) ^_^

    Thanked by 1plumberg
  • CabbageCabbage Member

    YABS, then install docker.

  • SteveMCSteveMC Member

    @mrsky said: Can you explain how you do it? 🤗🤗

    /proc/cpuinfo
    /proc/meminfo
    df
    smartctl
    sfill
    smartctl

    @DataRecovery said: Proper DIY drive health test indeed involves a full write test.

    When I fill the disk(s) this is also to get ride of potential recoverable data from previous user. I am paranoiac and I don't want to get into troubles because of previous user's data. This is why I use sfill.

    @DataRecovery said: But to do such test properly you need to have the target drive connected as a secondary one in a working machine. Hence you need to have two drives in the system.

    I am at OVH/SYS/KS, so I am using their rescue mode.

    Thanked by 1mrsky
  • vyas11vyas11 Member
    edited November 2020

    Disinfect it with sanitizers. We live in covid era.

    ——-

    Alrite enough of fun in the October Sun. Off on a LE Break.

    Thanked by 2plumberg yoursunny
  • scookescooke Member

    @valk said:
    Erm, configure a MOTD and run my ansible , set up an A record for the server on my domain then uhhhh idk I'll idling on it somehow, nothing to do more I guess?

    I've only recently discovered MOTDs and like to customize mine like crazy. Super handy.

  • plumbergplumberg Veteran

    @scooke said:

    @valk said:
    Erm, configure a MOTD and run my ansible , set up an A record for the server on my domain then uhhhh idk I'll idling on it somehow, nothing to do more I guess?

    I've only recently discovered MOTDs and like to customize mine like crazy. Super handy.

    What is MOTDs? // ERM? Thnx

  • scookescooke Member

    @plumberg said:

    @scooke said:

    @valk said:
    Erm, configure a MOTD and run my ansible , set up an A record for the server on my domain then uhhhh idk I'll idling on it somehow, nothing to do more I guess?

    I've only recently discovered MOTDs and like to customize mine like crazy. Super handy.

    What is MOTDs? // ERM? Thnx

    Message of the Day, sometimes when you log into a VPS you get a bunch of info, like the server info. Well, you can add tons of extra info to that blurb, like weather, usage, almost any kind of info you want to see. Here are two links to give you a better idea. Just don't forget to do your actual work!

    http://mewbies.com/how_to_customize_your_console_login_message_tutorial.htm
    https://www.reddit.com/r/unixporn/comments/6qwrfm/share_your_linux_motds_and_ascii_banners/

    Thanked by 2plumberg webcraft
  • plumbergplumberg Veteran

    @scooke said:

    @plumberg said:

    @scooke said:

    @valk said:
    Erm, configure a MOTD and run my ansible , set up an A record for the server on my domain then uhhhh idk I'll idling on it somehow, nothing to do more I guess?

    I've only recently discovered MOTDs and like to customize mine like crazy. Super handy.

    What is MOTDs? // ERM? Thnx

    Message of the Day, sometimes when you log into a VPS you get a bunch of info, like the server info. Well, you can add tons of extra info to that blurb, like weather, usage, almost any kind of info you want to see. Here are two links to give you a better idea. Just don't forget to do your actual work!

    http://mewbies.com/how_to_customize_your_console_login_message_tutorial.htm
    https://www.reddit.com/r/unixporn/comments/6qwrfm/share_your_linux_motds_and_ascii_banners/

    Awesome. Thanks for sharing

  • TimboJonesTimboJones Member

    @yoursunny said:
    I keep a .txt on my initial setup procedure of each VPS, so that they can be repeated as necessary. Here are two samples:

    VZ7, Debian 10 template

    echo 'APT::Install-Recommends "no";
APT::Install-Suggests "no";' >/etc/apt/apt.conf.d/80recommends
echo deb http://deb.debian.org/debian buster-backports main >/etc/apt/sources.list.d/buster-backports.list
apt-mark auto $(apt-mark showmanual)
apt update
apt install apt-transport-https bind9-host curl git htop initramfs-tools initscripts iputils-ping locales net-tools openssh-server patch resolvconf screen software-properties-common sudo systemd-sysv tcpdump telnet traceroute vim wget zip
apt autoremove --purge
apt full-upgrade

vi /etc/ssh/sshd_config
  PasswordAuthentication no

vi /etc/systemd/journald.conf
  SystemMaxUse=50M

    KVM, Debian 10 ISO install, select "SSH server" and "system utilities" during installation

    apt install sudo
/usr/sbin/usermod -a -G sudo sunny

sudo apt purge nano
sudo apt install vim

sudo visudo
  %sudo   ALL=(ALL:ALL) NOPASSWD: ALL

sudo vi /etc/ssh/sshd_config
  PasswordAuthentication no

sudo vi /etc/systemd/journald.conf
  SystemMaxUse=50M

    If there's more than 10GB disk, I may partition as 6GB root, some swap, and rest at /home (I keep website content in /home/web). Otherwise, it's single partition.

    SSH public key was uploaded via ssh-copy-id command, then I run ssh command and perform the above steps. I don't change SSH port number. Obfuscation is not security.

    Use sed instead of vi.

  • msallak1msallak1 Member

    Protec : https://digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04

  • rcy026rcy026 Member

    Disable root login
    Custom motd
    Setup VPN
    Only allow ssh via VPN
    2FA authentication
    Copy my backup and monitoring scripts and add them to cron
    Then I run whatever service I got the box for, or I simply let it idle.

    Thanked by 1plumberg
  • chihcherngchihcherng Veteran

    @plumberg said:
    Whats the benefit of using high precision timestamps for rsyslog?

    It's easier for me to perform calculations on high precision timestamps because they're composed of digits only and there's no year in rsyslog's traditional format.

    Thanked by 1plumberg
  • yoursunnyyoursunny Member, IPv6 Advocate

    @TimboJones said:

    @yoursunny said:


    vi /etc/ssh/sshd_config
  PasswordAuthentication no

vi /etc/systemd/journald.conf
  SystemMaxUse=50M

    Use sed instead of vi.

    I copy-paste the commands, one line at a time, into the serial console, so I use vi.

    When I need to setup 32 virtual machines quickly (provided to students of computer networking class), I have sed and awk; it's a little tricky dealing with sudoers file though.

    Thanked by 1plumberg
  • NeoonNeoon Community Contributor, Veteran

    Checking the Spec's, happens that you get scammed.
    Checking the Drives
    Benchmark + Network tests
    Deploying all the script shit, you usually deploy
    PRODUCTiON READYNESS, kek

    Thanked by 1plumberg
Sign In or Register to comment.