Skip to main content

Steps to follow after Linux Server installation

The Basics


When you first begin to access your fresh new server, there are a few early steps you should take to make it more secure. Some of the first tasks required on a linux server can include setting up a new user, providing them with the proper privileges, and configuring SSH. 

Step One—Root Login

Once you know your IP address and root password, login as the main user, root.

It is not encouraged to use root on a linux server on a regular basis, and this tutorial will help you set up an alternative user to login with permanently.
# ssh root@123.45.67.890

The terminal will show:
The authenticity of host '69.55.55.20 (69.55.55.20)' can't be established.
ECDSA key fingerprint is 79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0.
Are you sure you want to continue connecting (yes/no)?

Go ahead and type yes, and then enter your root password.


Step Two—Change Your Password


Currently your root password is the default one that was sent to you when you registered your droplet. The first thing to do is change it to one of your choice.
# passwd

Step Three— Create a New User

After you have logged in and changed your password, you will not need to login again as root. In this step we will make a new user and give them all of the root capabilities.

You can choose any name for your user. Here I’ve suggested adminuser
# adduser adminuser

After you set the password, you do not need to enter any further information about the new user. You can leave all the lines blank if you wish

Step Four— Root Privileges

As of yet, only root has all of the administrative capabilities. We are going to give the new user the root privileges. 

When you perform any root tasks with the new user, you will need to use the phrase “sudo” before the command. This is a helpful command for 2 reasons: 

1) it prevents the user making any system-destroying mistakes 
2) it stores all the commands run with sudo to the file ‘/var/log/secure' which can be reviewed later if needed. 

Let’s go ahead and edit the sudo configuration. This can be done through the default editor, which in Ubuntu is called ‘nano’
# visudo

Find the section called user privilege specification. 


It will look like this:
# User privilege specification
root    ALL=(ALL:ALL) ALL

Under there, add the following line, granting all the permissions to your new user:
adminuser    ALL=(ALL:ALL) ALL

Type ‘cntrl x’ to exit the file.

Press Y to save; press enter, and the file will save in the proper place.

Step Five— Configure SSH (OPTIONAL)

Now it’s time to make the server more secure. These steps are optional. Please keep in mind that changing the port and restricting root login may make logging in more difficult in the future. If you misplace this information, it could be nearly impossible. 

Open the configuration file
# vim /etc/ssh/sshd_config

Find the following sections and change the information where applicable:
Port 25000
Protocol 2
PermitRootLogin no

We’ll take these one by one.

Port: Although port 22 is the default, you can change this to any number between 1025 and 65536. In this example, I am using port 25000. Make sure you make a note of the new port number. You will need it to log in in the future. This change will make it more difficult for unauthorized people to log in. 


PermitRootLogin: change this from yes to no to stop future root login. You will now only be logging on as the new user.

Add these lines to the bottom of the document, 
replacing *adminuser* in the AllowUsers line with your username. (AllowUsers will limit login to only the users on that line. To avoid this, skip this line):
UseDNS no
AllowUsers adminuser


Save and Exit

Comments

Popular posts from this blog

Shell Script: Find Number Of Arguments Passed

Many times , when we create shell scripts we try to do repetitive tasks through functions. Some functions take arguments & we have to check the no. of arguments that are passed to it.

Each bash shell function has the following set of shell variables:
[a] All function parameters or arguments can be accessed via $1, $2, $3,..., $N. [b] $* or $@ holds all parameters or arguments passed to the function. [c] $# holds the number of positional parameters passed to the function. [d] An array variable called FUNCNAME ontains the names of all shell functions currently in the execution call stack. ExampleCreate a shell script as follows: #!/bin/bash # Purpose: Demo bash function # ----------------------------- ## Define a function called test() test(){   echo "Function name:  ${FUNCNAME}"   echo "The number of positional parameter : $#"   echo "All parameters or arguments passed to the function: '$@'"   echo }
## Call or invoke the function ## ## Pass the parameters or a…

AMD Radeon™ HD 7670M on Ubuntu 12.04

Update:  Recently I install kubuntu 13.10 and there is no problem with graphics. It just works  fine out of the box.
I've seen many blog posts on how to make AMD HD7670M work on Ubuntu 12.04, specially when its in switchable graphics board like Dell Inspiron 15R 5520. I tried many things to make it work so that I could use the cinnamon desktop on ubuntu & other things too.. But to my surprise even the drivers from AMD site didn't work.
Then I tried a combination of those blog posts I read & somehow I became successful in running the full graphics including compiz settings inside My Ubuntu Machine.
Following are the steps I followed & it worked...
1. Create a backup of your xorg configuration file:
sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.BAK
2. Remove/purge current fglrx and fglrx-amdcccle :
sudo apt-get remove --purge fglrx*
3. Install the driver:
sudo apt-get install fglrx fglrx-amdcccle
4. Install additional components for advanced graphics:
sudo apt-get install xvba-…

CentOS / Redhat : Configure CentOS as a Software Router with two interfaces

Linux can be easily configured to share an internet connection using iptables. All you need to have is, two network interface cards as follows:
a) Your internal (LAN) network connected via eth0 with static ip address 192.168.0.1
b) Your external WAN) network is connected via eth1 with static ip address 10.10.10.1  ( public IP provided by ISP ) Please note that interface eth1 may have public IP address or IP assigned by ISP. eth1 may be connected to a dedicated DSL / ADSL / WAN / Cable router: Step # 1: Enable Packet ForwardingLogin as the root user. Open /etc/sysctl.conf file # vi /etc/sysctl.conf
Add the following line to enable packet forwarding for IPv4: net.ipv4.conf.default.forwarding=1
Save and close the file. Restart networking: # service network restart
Step # 2: Enable IP masquerading
In Linux networking, Network Address Translation (NAT) or Network Masquerading (IP Masquerading) is a technique of transceiving network traffic through a router that involves re-writing the source and/or d…