Quickstart Linux VPS

1. **** Quickstart Linux VPS ****
2.  
3. - Preparation
4. apt-get update && apt-get install nano mc htop -y
5.  
6. - Install Fail2Ban to block (SSH) bruteforce attempts
7. - Source: https://www.rapidseedbox.com/kb/secure-vps-fail2ban
8.  
9. apt-get update && apt-get install fail2ban -y
10.  
11. update-rc.d fail2ban defaults
12.  
13. nano   /etc/fail2ban/jail.d/apache.conf
14.  
15. [apache-auth]
16. enabled = true
17.  
18. [apache-badbots]
19. enabled = true
20.  
21. [apache-noscript]
22. enabled = true
23.  
24. [apache-overflows]
25. enabled = true
26.  
27. [apache-nohome]
28. enabled = true
29.  
30. [apache-botsearch]
31. enabled = true
32.  
33. [apache-fakegooglebot]
34. enabled = true
35.  
36. [apache-modsecurity]
37. enabled = true
38.  
39. [apache-shellshock]
40. enabled = true
41.  
42. nano   /etc/fail2ban/jail.d/sshd.conf
43.  
44. [sshd]
45. enabled = true
46.  
47. [sshd-ddos]
48. enabled = true
49.  
50. fail2ban-client status
51.  
52. - Firewall UFW
53. sudo apt-get install ufw
54.  
55. ufw allow 53
56. ufw allow 123/udp
57. ufw allow 68/udp
58. ufw allow 22
59. ufw allow 80
60. ufw allow 443
61. ufw allow out 53
62. ufw allow out 80
63. ufw allow out 443
64.  
65. sudo ufw default deny outgoing
66. sudo ufw default deny incoming
67.  
68. sudo ufw enable
69.  
70. - Add new user with sudo permissions
71.  
72. apt-get install sudo
73. adduser freek
74. adduser freek sudo
75.  
76. - Schedule automatic updates
77. https://241931348f64b1d1.wordpress.com/2016/09/27/how-to-schedule-automatic-updates-on-ubuntu-server-16-04/
78.  
79. - Harden server
80. https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics