If you start running a new server you have some simple and basic stuff to do every time. Here is a short checklist for the really beginning.
Server Access / SSH Configuration
- Login as root-user via SSH
- Create a new user using adduser username (don’t use useradd in Ubuntu/Debian, otherwise eg. your home directory is missing!)
- Add the new user to the sudoers: [root@remotehost~]# echo ‚username ALL=(ALL) ALL‘ >> /etc/sudoers
- Enable certificate login for the new user: [me@localhost~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub username@remotehost
- Disable password login for root user: [username@remote~]$ vi /etc/ssh/sshd_config
- edit the line #PermitRootLogin yes to PermitRootLogin no
- restart ssh daemon: /etc/init.d/sshd restart or service ssh restart
- Optional disable password login for your user (be sure you’ve got good backups of your ssh keys!).
- Install Unattended Upgrades to make Debian/Ubuntu do automatic updates every day
- Make sure to enable (/comment out) the stable package ressources in /etc/apt/apt.conf.d/50unattended-upgrades
- I’d suggest only comment out packages from the proposed-updates: „o=Debian,a=proposed-updates“;
Of course you can and should do a lot more, but this should just be a short checklist about strengthen the access-control of your server.