Debian 8 Initial Setup

Server: Debian 8.5, Life expectancy up to 2020.

VPS/Cloud Hosting: Digital Ocean

Client: Windows 7

Related Readings

Parent Document:
Complete Walk-through to Create a WordPress Production Platform.

Previous Document:
Spawn a VPS server

Next Document:
Installing LEMP on Debian 8

Walkthrough

1. Create 1GB swap (2x RAM)

cd /var
touch swap.img
chmod 600 swap.img
sudo dd if=/dev/zero of=/var/swap.img bs=1024k count=1000
sudo mkswap /var/swap.img
sudo swapon /var/swap.img
sudo su
echo "/var/swap.img    none    swap    sw    0    0" >> /etc/fstab
exit
sudo sysctl -w vm.swappiness=30
Check swap
free
Check vm swappiness
sudo sysctl -a | grep vm.swappiness
Turn off swap:
swapoff /var/swap.img

 2.

  1. Connect using Bitvise SSH Client as root
  2. Update the new installation
    apt-key update
    apt-get update
    apt-get upgrade
  3. Install standard software
    apt-get install rsync mc unzip
  4. Add new user for actingroot (bold here means you should pick other secret name, this name will be used instead of the well known name of root for security)
    adduser actingroot
    

    [Enter] 5 times then [y]

    usermod -a -G sudo actingroot
  5. Give actingroot SSH key access from root
    (Copy /.ssh folder from /root to /home/actingroot)

    rsync -recursive /root/.ssh /home/actingroot
    chown -R actingroot:root /home/actingroot/.ssh
  6. Change SSH Port for better security
    Edit standard ssh port 22 to any unused number (10000 – 60000).
    Check the port not used here.

    nano /etc/ssh/sshd_config
    (Find: Port 22)
    Port 22222

    (Control-x, y, Enter) to save and exit nano.

    systemctl restart ssh
    exit

    (Enter, you’re disconnected from the console)

  7. Test connect with SSH using the new actingroot user
    On Bitvise SSH Client
    [Logout] – [Yes]
    Change the port from 22 to 22222
    Authentication – Change the username from root to actingroot
    [Login] – [Accept and save]
    You should be able to login with actingroot without having to enter user/password.
  8. Forbid SSH root login for better security
    You wont be able to login with root after this. You should login as actingroot and use “sudo” in front of all root command. Password will be requested to do sudo.

    sudo nano /etc/ssh/sshd_config
    

    Find: PermitRootLogin yes

    PermitRootLogin no

    (Control-x, y, Enter) to save and exit nano.

    sudo systemctl restart ssh
  9. Create Public Keyring folder and file (useful for downloading source, etc)
    mkdir ~/.gnupg
    sudo cp /usr/share/keyrings/debian-archive-keyring.gpg ~/.gnupg/trustedkeys.gpg
  10. Install NTP
    sudo apt-get install ntp
    sudo nano /etc/ntp.conf
  11. Set server host timezone
    sudo dpkg-reconfigure tzdata

    Alternative way:

    timedatectl list

    Press space for next page, note the chosen timezone: Asia/Jakarta

    sudo timedatectl set-timezone Asia/Jakarta
    sudo timedatectl set-ntp 1
    sudo timedatectl status
    sudo hwclock --show
  12. Set shell profile timezone
    tzselect

    Write down / copy your timezone line for .profile: Asia/Jakarta

    Update .profile timezone

    cd ~
    nano .profile
    TZ='Asia/Jakarta'; export TZ

    [Control-x], [y], [enter] to save and exit nano.

  13. Check services
    sudo service --status-all
  14. Done, check performance
    top
    free
    vmstat

 

Next: Installing LEMP on Debian 8

 

Drafts:

  1. Check your browser IP on google search: my IP address
    sudo apt-get install ufw
    sudo ufw disable
    sudo ufw default deny incoming
    sudo ufw default allow outgoing
    sudo ufw allow from yourbrowserIP/24 to any port 22222
    sudo ufw allow proto tcp from any to any port 80,443
    sudo ufw status
    sudo ufw status numbered
    sudo ufw insert 1 deny from iptoblock/24
    sudo ufw enable
    sudo ufw reload
    
    
  2. DRAFT ???Install fail2ban ???
    sudo apt-get install fail2ban
  3. Drop IP spammer
    sudo nano /var/log/nginx/access.log
    (list IP to block)

    sudo iptables -A INPUT -s IPtoblock/24 -j DROP
    (to end blocking:)
    sudo iptables -D INPUT -s IPtoblock/24 -j DROP

 

 

Advertisements

3 thoughts on “Debian 8 Initial Setup”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s