### Ubuntu update packages ###
sudo bash
apt-get update
apt-get upgrade -y
apt dist-upgrade -y
### Ubuntu install unattended-upgrades ###
sudo bash
apt install unattended-upgrades -y
dpkg-reconfigure --priority=low unattended-upgrades
### Ubuntu create user ###
sudo bash
adduser <myuser>
### Ubuntu sudo group ###
usermod -aG sudo <myuser>
### Create KeyPairs instead of Passwords on your workstation ###
mkdir ~/.ssh && chmod 700 ~/.ssh #####On your workstation not server####
ssh-keygen -b 4096
### Copy public key to server ###
ssh-copy-id <myuser>@myserver
### /etc/ssh/sshd_config settings to consider changing ###
Port 22
AddressFamily inet
PermitRootLogin no
PasswordAuthentication no
### Restart sshd ###
sudo systemctl restart sshd
I was working this and I found this great video by NetworkChuck's! Please visit his site and like/subscribe to his pages. I am a big fan of his.
STEP 1 - Enable Automatic Updates
Manual Updates:
apt update apt dist-upgrade
Automatic Updates:
apt install unattended-upgrades dpkg-reconfigure --priority=low unattended-upgrades
STEP 2 - Create a Limited User Account
Create a User:
adduser {username}
Add user to the sudo group:
usermod -aG sudo {username}
STEP 3 - Passwords are for SUCKERS!
Create the Public Key Directory on your Linux Server
mkdir ~/.ssh && chmod 700 ~/.ssh
Create Public/Private keys on your computer
ssh-keygen -b 4096
Upload your Public key to the your Linux Server (Windows)
scp $env:USERPROFILE/.ssh/id_rsa.pub {username}@{server ip}:~/.ssh/authorized_keys
Upload your Public key to the your Linux Server (MAC)
scp ~/.ssh/id_rsa.pub {username}@{server ip}:~/.ssh/authorized_keys
Upload your Public key to the your Linux Server (LINUX)
ssh-copy-id {username}@{server ip}
STEP 4 - Lockdown Logins
Edit the SSH config file
sudo nano /etc/ssh/sshd_config
STEP 5 - FIREWALL IT UP
See open ports
sudo ss -tupln
Install UFW
apt install ufw
See UFW status
sudo ufw status
Allow port through firewall
sudo ufw allow {port number}
Enable Firewall
sudo ufw enable
Reload Firewall
sudo ufw reload
Drop pings
Edit the UFW config file
sudo nano /etc/ufw/before.rules
Add this line of config:
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP