This is my notes on digital ocean.
Click here to register with DigitalOcean and get free USD10 to start using the service.
I used to install Ubuntu 14.04 with LAMP on it. With this also get SFTP ready.
Manage users and groups
Change root password. If logged in as root
- passwd
Add new user
- adduser is perl script to simplify original useradd function
- command – adduser username_here
- just answer all questions asked
- This add user function will …
- Create the user named username.
- Create the user’s home directory (default is /home/username and copy the files from /etc/skel into it.
- Create a group with the same name as the user and place the user in it.
- Prompt for a password for the user.
- Prompt for additional information on the user.
- allow user for sudo mode (optional) – usermod -a -G sudo <your username>
- add user to group – adduser username groupname
- more on adduser
- and more
Manage groups for user
- list group – cat /etc/group
- add user to group – adduser usrname groupname
Manage services
Connect to server via SSH, in terminal type the following:
- ssh username@yourdomain_or_ip
To get default MySQL root password, write this in terminal. Remove the file once done change the MySQL root password.
- cat /etc/motd.tail
To enter mysql console
- mysql -u root -p
Secure MySQL server. Run following command and answer all the questions.
- mysql_secure_installation
To change MySQL root password:
- mysqladmin -u root -p’oldpassword’ password newpass
To only allow certain IP to access directly to database
- edit file /etc/mysql/my.cnf
- comment line with IP 127.0.0.1
- restart service – service mysql restart
- enter following command in mysql command line
- type mysql -u root -p
- enter password when asked
- mysql> GRANT ALL ON database_name.* TO user@xx.xxx.xx.xx IDENTIFIED BY ‘your_password’;
- xx.xxx.xx.xx is the remote IP to access the server
Enable .htaccess (mod rewrite)
- enable mod rewrite – sudo a2enmod rewrite
- update file /etc/apache2/apache2.conf
- change Override none to Override all for web root directory
- restart service
To restart services (can also use stop and start)
- service mysql restart
- service apache2 restart
Install sendmail service (used by PHP mail function)
- apt-get install sendmail
- Run the sendmail config and answer ‘Y’ to everything: sendmailconfig
Server general settings
Change permission for directory (especially for ‘upload’ directory)
- chmod 755 /path/directorypath
Change the timezone. By default using US time zone
- sudo dpkg-reconfigure tzdata
- follow instruction on screen
- check if the date is correct by typing – date
To turn off server
- sudo shutdown -h now
- OR
- sudo poweroff
Check for disk utilization
- to check for disk utilization
- df -h
- to check for huge files location
- sudo du -a / | sort -n -r | head -n 10
- check for huge file (another option)
-
find / -size +50M -ls
-
Securing the server
To update/upgrade OS
- aptitude update
- aptitude upgrade
Disable root login on SSH
- edit /etc/ssh/sshd_config
- set PermitRootLogin no
- restart ssh – service ssh restart
Block IP’s from accessing certain services
- list – iptables -L
- DO tutorial on Iptables
Other measures:
- Disallow access to server via root username
- Disallow access directly to database from outside
- Close all unused ports. Left only web, SFTP, MySQL, SSH
- auto patch?
To explore
- using VPN
- using SSH key
- creating ftp user to access only certain directory
- virtual host (multiple domains for a server)
- security for 777 chmod directory
- change ssh port to different port (but still below 1024)
- install fail2ban to protect against brute force attack
Additional tools
- Ansible.com
- Docker.com
Other reading and references
Editors
vi, vim, nano
Click here to register with DigitalOcean and get free USD10 to start using the service.