First things you do on a new server?

Comments

• DP Administrator, The Domain Guy

  December 2025 edited December 2025

  @czed said:

  • Run full update/upgrade

  • Configure automatic security updates

  • Block all non-public ports

  • Whitelist personal IPs for SSH port

  • Disable password login

  • Setup monitoring (Beszel & Uptime Kuma)

  • Reboot

  Anything else?

  I can't believe YABS is not on the list.

  Thanked by 23czed Nadwey mrerenk oloke vastness4594 brauni Murv commercial Noct mandala Protocol903 anakara Xrmaddness barbarza ShalaWorks satorik ebietsy Wolf lala_th DeusVult RickBakkr ni8mares cainyxues
• barbaros Member

  December 2025

  change ssh password to test

  Thanked by 10czed oloke brauni Murv sipe OhJohn zejjnt WebProject pyrolad JasonM
• czed Member

  December 2025

  @DP said:

  @czed said:

  • Run full update/upgrade

  • Configure automatic security updates

  • Block all non-public ports

  • Whitelist personal IPs for SSH port

  • Disable password login

  • Setup monitoring (Beszel & Uptime Kuma)

  • Reboot

  Anything else?

  I can't believe YABS is not on the list.

  My bad. Can't forget the most important part.
• Levi Member

  December 2025

  Change root password to 123456 and then tail -f auth.log and syslog. Very interesting things to see!

  Thanked by 8barbaros gbzret4d yoursunny Murv mandala zejjnt lala_th DeusVult
• zed Member

  December 2025

  while true ; do ./yabs.sh ; done

  Thanked by 1zejjnt
• Neoon Community Contributor, Veteran

  December 2025

  @barbaros said:
  change ssh password to test

  I did that once, not recommended.
  I was to sleepy and some shitty panel wouldn't accept a strong password.

  So I set a simple one, after I woke up, I got a suspension notice.

  Thanked by 7barbaros commercial mandala eb1995 Nepal mrTom ebietsy
• cmeerw Member

  December 2025

  @czed said: Run full update/upgrade

  • re-install from known good source
  • check if provider is messing with the VPS (by overwriting configuration files or trying to force-install software), seeing this quite often for Virtualizor based VPSes

  Thanked by 8tentor RCVmedia yoursunny Murv fluffernutter mandala nikio ume
• gremeyer Member

  December 2025

  Set cpu governor to performance for better performance (dedicated servers only)

  Tune sysctl.conf for better network performance (increase by 2-3x): https://www.enginyring.com/tools/sysctl

  Thanked by 4CloudHopper mandala FairShare iphonephu
• fredo1664 Member

  December 2025

  • dnf update
  • add my SSH keys
  • enable SELinux if for some reason it's not
  • ???
  • YABS
• tfgp99 Member

  December 2025

  change SSH port?
  Never miss YABS man
• gsea4 Member

  December 2025

  My favorite: Idle

  Thanked by 1zejjnt
• CloudHopper Member

  December 2025

  I run an Ansible playbook that performs the following steps:

  - name: Create xxxx user
  - name: Create xxxx  SSH directory
  - name: Copy authorized_keys file with owner and permissions
  - name: Install a list of packages
  - name: Install Auditd Rules
  - name: restart auditd service and issue daemon-reload to pick up config changes
  - name: Upgrade the OS (apt-get dist-upgrade)
  - name: Copy Fail2Ban config file with owner and permissions
  - name: Copy sshd_config fille with owner and permissions
  - name: Restart SSH service and issue daemon-reload to pick up config changes
  - name: Restart Fail2Ban service and issue daemon-reload to pick up config changes
  - name: Enable Fail2Ban service and ensure it is not masked
  - name: Allow access to port XXXX for SSH
  - name: UFW - Enable and deny by default
  - name: Install Crowdsec
  - name: Install Wazuh
  - name: Install Zabbix Agent2
  - name: Copy Zabbix Agent2 config file  with owner and permissions
  - name: Restart Zabbix Agent2 and issue daemon-reload to pick up config changes
  - name: Install Tailscale
  - name: Allow access to port 10050 on Tailscale0 for Zabbix
  

  Thanked by 19barbaros tentor oloke NotFoundException Murv Decicus commercial yoursunny mandala vicaya FairShare satorik fohadeel COLBYLICIOUS ebietsy Zyra iphonephu pyrolad rotkari
• yoursunny Member, IPv6 Advocate

  December 2025

  @gremeyer said:
  Set cpu governor to performance for better performance (dedicated servers only)

  Bro will tell you to set to ondemand instead of performance.

  @FlorinMarian said:

  @yoursunny said:

  @FlorinMarian said:
  Look, just by switching from "powersave" -> "ondemand" the score increased by 41%. We will not switch to Performance mode

  • powersave: always run at lowest possible frequency, severely affecting performance, only useful in a laptop when it's almost out of battery
  • performance: always run at highest possible frequency, wasting energy for no reason, unless you are running an industrial control system that requires predictable performance
  • ondemand (and many others): dynamically adjust frequency according to workload, usually the best choice

  My brother is always right, even if it doesn't work to my advantage all the time

  Thanked by 3Murv FlorinMarian mandala
• remy Member

  December 2025 edited December 2025

  Install from iso & setup luks.

  Thanked by 2tentor mandala
• czed Member

  December 2025

  @tfgp99 said:
  change SSH port?
  Never miss YABS man

  I change SSH port out of habit, but its a false sense of security. It's best to limit SSH traffic to a few trusted IPs.

  Thanked by 1mandala
• plumberg Veteran, Megathread Squad

  December 2025

  Just turn if off and keep it like that

  Thanked by 10barbaros oloke Murv commercial yoursunny mandala OhJohn barbarza COLBYLICIOUS pyrolad
• ralf Member

  December 2025

  Bitch about how slow provisioning was even if the email with details arrived before I'd paid

  Thanked by 5Murv mandala nikio OhJohn COLBYLICIOUS
• nopingpong Member

  December 2025

  Put a pron video in public_html folder to test provider's confidentiality

  Thanked by 9tentor Murv mandala zed hades_corps lukgth sillycat satorik COLBYLICIOUS
• Soli Member

  December 2025 edited December 2025

  Disable password login
  Disable root login
  Change ssh port
  Install fail2ban

  Thanked by 3mandala COLBYLICIOUS linuxglobe
• NotFoundException Member

  December 2025

  @CloudHopper said:
  I run an Ansible playbook that performs the following steps:

  - name: Create xxxx user
  - name: Create xxxx  SSH directory
  - name: Copy authorized_keys file with owner and permissions
  - name: Install a list of packages
  - name: Install Auditd Rules
  - name: restart auditd service and issue daemon-reload to pick up config changes
  - name: Upgrade the OS (apt-get dist-upgrade)
  - name: Copy Fail2Ban config file with owner and permissions
  - name: Copy sshd_config fille with owner and permissions
  - name: Restart SSH service and issue daemon-reload to pick up config changes
  - name: Restart Fail2Ban service and issue daemon-reload to pick up config changes
  - name: Enable Fail2Ban service and ensure it is not masked
  - name: Allow access to port XXXX for SSH
  - name: UFW - Enable and deny by default
  - name: Install Crowdsec
  - name: Install Wazuh
  - name: Install Zabbix Agent2
  - name: Copy Zabbix Agent2 config file  with owner and permissions
  - name: Restart Zabbix Agent2 and issue daemon-reload to pick up config changes
  - name: Install Tailscale
  - name: Allow access to port 10050 on Tailscale0 for Zabbix
  

  Lots of interesting choices here, I noted some, thanks guys.

  I also install Patchmon (https://github.com/PatchMon/PatchMon), without it, I would go crazy with the amount of servers I have.

  Thanked by 3mandala vicaya JohnFilch123
• Murv Member, Megathread Squad

  December 2025

  Go through buyer's remorse for at least a week

  Thanked by 6oloke mandala mrTom zejjnt sillycat plumberg
• NotFoundException Member

  December 2025

  @Murv said:
  Go through buyer's remorse for at least a week

  "Post buy clarity", I heard that somewhere, I think it wasn't server related tho

  Thanked by 4Murv ralf mandala mrTom
• FlorinMarian Member, Host Rep

  December 2025

  @yoursunny said:

  @gremeyer said:
  Set cpu governor to performance for better performance (dedicated servers only)

  Bro will tell you to set to ondemand instead of performance.

  @FlorinMarian said:

  @yoursunny said:

  @FlorinMarian said:
  Look, just by switching from "powersave" -> "ondemand" the score increased by 41%. We will not switch to Performance mode

  • powersave: always run at lowest possible frequency, severely affecting performance, only useful in a laptop when it's almost out of battery
  • performance: always run at highest possible frequency, wasting energy for no reason, unless you are running an industrial control system that requires predictable performance
  • ondemand (and many others): dynamically adjust frequency according to workload, usually the best choice

  My brother is always right, even if it doesn't work to my advantage all the time

  Almost 100% accurate.
  ondemand at home and performance at OVH ^^

  Thanked by 2mandala anubhavhirani
• edoarudo5 Member

  December 2025

  Login for the first time, YABS it and flaunt it immediately on LET. Logout then idle.

  Thanked by 8yoursunny mandala six Cybr ralf mrTom COLBYLICIOUS mrerenk
• nikio Member

  December 2025

  Reinstall with your own iso because who wants to deal with an openssl version from 1996?

  Thanked by 1tentor
• FairShare Member

  December 2025

  My actual steps after buying -
  1. Buyer Remorse
  2. YABS
  3. IDLE until renewal invoice comes on mail
  4. Think about great plans
  5. pay invoice
  6. Idle
  ... and the cycle continues until a better deal is snagged !

  Thanked by 8mrTom yoursunny dedicados vicaya simo themew Murv nullnothere
• dosai Member

  December 2025

  https://www.fuzzygrim.com/posts/secure-vps

  Thanked by 1jnd
• anakara Member

  December 2025

  Run Yabs right away
  And then Idle

  Thanked by 1nghialele
• Platonks Member

  December 2025

  I run my custom bash script (create user sudo, ssh, install/upgrade packages, ...) that basically does kind of what you described; and finally run yabs.
  There are so many ways, I am still finding new ways to make my setup better, but still nothing definitive.
• Turbo_Pascal Member

  December 2025

  This is why I only use shared hosting. So much less crap to worry about.

  Thanked by 2COLBYLICIOUS ElonBezos