There are some few steps that you should take to setup your VPS to survive the Internets viciousness and to make it more convenient for your use. Below are some of the things I do on any VPS I purchase. Most of my VPS run on Centos so am going to use Centos based commands and file paths for this illustration. But you can of course use the same guidelines and change the commands used to suite your distro.
1. Update the system
When you setup a new VPS, its important to run an update of all packages available even before you start using it. In centos, this can be done by running a simple yum update command
~]# yum update -y
2. Change your hostname
The default hostname that a VPS comes with is normally hard to memorize. Ideally, a hostname is supposed to be a reference to an IP address, so that we use the hostname instead of the harder to memorize IP address to access the server. So we need to customize the hostname to something you would love to use – not struggle to use otherwise we’d be beating this logic
The first step is to create an A record of your hostname so it resolves to your VPS IP, then add it as follows from terminal.
3. Change your time and timezone
Its convenient to use your local time and timezone for your VPS. This helps applications to provide logs using a timestamp that translates to local time
You can update time zone using the command below:
You can also sync your time with a local time ntp server. In Kenya, for instance, we can use 0.ke.pool.ntp.org
[[email protected] ~]# yum install -y ntpdate
[[email protected] ~]# ntpdate 0.ke.pool.ntp.org
4. Install useful utilities
I have never had a server and failed to want to use vim or wget. I always find myself in a situation where I’ll need them. So, why not install them once and for all? Also, I find the epel repositiry to be very useful
[[email protected] ~]# yum install -y vim wget screen epel-release
5. Configure sudoer
Its common practice to disable root login to your server. This means you need t configure another username to use for remote logins. You want to be able to use sudo with such a user hence must configure the user to be a sudoer too. Run command below to create a user called wallace
[[email protected] ~]# useradd wallace
[[email protected] ~]# usermod -aG wheel wallace
Then add the line below in the sudoers file, which can be accessed by typing visudo
wallace ALL=(ALL) NOPASSWD:ALL
6. Change SSH port from default 22
Changing the default SSH port is an important step towards securing your server even from automated script brute force attacks. You can miss every other step stated before and after this one, but never fail to change your SSH port. Its advisable to select a port greater than 1000 as most ports below that are assigned to various common services already, and assigning the same port to different services causes issues.
7. Configure ssh key login
It is more convenient and safer to use ssh keys to login compared to passwords authentication. This can be configured in the ssh configuration file. In /etc/ssh/sshd_config file, set PubkeyAuthentication to yes
8. Update user passwords
Change the password your VPS provider sent you to something different.
password for user root.
9. Install a firewall.
All Internet accessible servers need a firewall, no matter what app will be running there. Personally, I like csf so that’s what I install for my VPS normally. SO first, disable possibly preconfigured firewalls such as firewalld or selinux (common with OVH VPS). Then install csf.
[[email protected] ~]# cd /usr/src;
rm -fv csf.tgz; wget https://download.configserver.com/csf.tgz; tar -xzf csf.tgz;cd csf; sh install.sh
After that, remember to remove csf from TESTING mode by setting TESTING =0 in /etc/csf/csf.conf file and then enable lfd so they auto start anytime system is rebooted.
[[email protected] ~]#
That should set you up well to start off running your application now.