Bringing up a New Cloud Server

This is a brain dump of my task list when bringing up a new server. (For my purposes, a linode running some version of Ubuntu.)

  1. Create a user account.
    1. Add user to wheel.
    2. Set up sudo for wheel.
    3. Set up ssh authorized-ids.
    4. Change shell to zsh.
    5. Copy dot-files.
  2. SSH config file tweaks.
    1. Disable SSH root logins.
    2. Disable SSH password logins (key only).
    3. Disable access for non-ssh-group users.
    4. Disable DNS lookups (UseDNS no).
    5. Other?
  3. Move sshd listening port to nonstandard high port. Test that logins still work! (I'm not convinced this buys much -- see firewall & fail2ban at number 8 below.)
  4. Change root password.
  5. Set the hostname.
  6. Set up DNS entry(-ies) (forward & reverse).
  7. Download OS updates. (Configure repos / mirrors as needed first.)
  8. Activate firewall (ufw).
  9. Set the time zone (dpkg-reconfigureĀ tzdata).
  10. Set up an offsite backup. (rsnapshot or other)
  11. Set locale.
  12. Reboot -- make sure ssh logins work after rebooting, etc. (Easier to fix problems now than when you need to log in at some later time.)
  13. Install packages for whatever purpose the machine is going to be used. (Apache, git, etc.)
  14. Portscan the server (externally is preferred) to make sure there are no leaks.

I'll come back to this list occasionally to revise it. Please leave a comment if you think something important is missing...

Posted on 2011-07-21 by brian in misc .
Comments on this post are closed. If you have something to share, please send me email.