This is a brain dump of my task list when bringing up a new server. (For my purposes, a linode running some version of Ubuntu.)
- Create a user account.
- Add user to wheel.
- Set up sudo for wheel.
- Set up ssh authorized-ids.
- Change shell to zsh.
- Copy dot-files.
- SSH config file tweaks.
- Disable SSH root logins.
- Disable SSH password logins (key only).
- Disable access for non-ssh-group users.
- Disable DNS lookups (
- Move sshd listening port to nonstandard high port. Test that logins still work! (I'm not convinced this buys much -- see firewall & fail2ban at number 8 below.)
- Change root password.
- Set the hostname.
- Set up DNS entry(-ies) (forward & reverse).
- Download OS updates. (Configure repos / mirrors as needed first.)
- Activate firewall (ufw).
- Set the time zone
- Set up an offsite backup. (rsnapshot or other)
- Set locale.
- Reboot -- make sure ssh logins work after rebooting, etc. (Easier to fix problems now than when you need to log in at some later time.)
- Install packages for whatever purpose the machine is going to be used. (Apache, git, etc.)
- Portscan the server (externally is preferred) to make sure there are no leaks.
I'll come back to this list occasionally to revise it. Please leave a comment if you think something important is missing...