DigitalOcean – Notes

This is my notes on digital ocean.

Click here to register with DigitalOcean and get free USD10 to start using the service.

I used to install Ubuntu 14.04 with LAMP on it. With this also get SFTP ready.

Manage users and groups

Change root password. If logged in as root

  • passwd

Add new user

  • adduser is perl script to simplify original useradd function
  • command – adduser username_here
  • just answer all questions asked
  • This add user function will …
    • Create the user named username.
    • Create the user’s home directory (default is /home/username and copy the files from /etc/skel into it.
    • Create a group with the same name as the user and place the user in it.
    • Prompt for a password for the user.
    • Prompt for additional information on the user.
  • allow user for sudo mode (optional) – usermod -a -G sudo <your username>
  • add user to group – adduser username groupname
  • more on adduser
  • and more

Manage groups for user

  • list group – cat /etc/group
  • add user to group – adduser usrname groupname

Manage services

Connect to server via SSH, in terminal type the following:

  • ssh username@yourdomain_or_ip

To get default MySQL root password, write this in terminal. Remove the file once done change the MySQL root password.

  • cat /etc/motd.tail

To enter mysql console

  • mysql -u root -p

Secure MySQL server. Run following command and answer all the questions.

  • mysql_secure_installation

To change MySQL root password:

  • mysqladmin -u root -p’oldpassword’ password newpass

To only allow certain IP to access directly to database

  • edit file /etc/mysql/my.cnf
  • comment line with IP
  • restart service – service mysql restart
  • enter following command in mysql command line
    • type mysql -u root -p
    • enter password when asked
  • mysql> GRANT ALL ON database_name.* TO IDENTIFIED BY ‘your_password’;
    • is the remote IP to access the server

Enable .htaccess (mod rewrite)

  • enable mod rewrite – sudo a2enmod rewrite
  • update file /etc/apache2/apache2.conf
  • change Override none to Override all for web root directory
  • restart service

To restart services (can also use stop and start)

  • service mysql restart
  • service apache2 restart

Install sendmail service (used by PHP mail function)

  • apt-get install sendmail
  • Run the sendmail config and answer ‘Y’ to everything: sendmailconfig

Server general settings

Change permission for directory (especially for ‘upload’ directory)

  • chmod 755 /path/directorypath

Change the timezone. By default using US time zone

  • sudo dpkg-reconfigure tzdata
  • follow instruction on screen
  • check if the date is correct by typing – date

To turn off server

  • sudo shutdown -h now
  • OR
  • sudo poweroff

Check for disk utilization

  • to check for disk utilization
    • df -h
  • to check for huge files location
    • sudo du -a / | sort -n -r | head -n 10
  • check for huge file (another option)
    • find / -size +50M -ls

Securing the server

To update/upgrade OS

  • aptitude update
  • aptitude upgrade

Disable root login on SSH

  • edit /etc/ssh/sshd_config
  • set PermitRootLogin no
  • restart ssh – service ssh restart

Block IP’s from accessing certain services

Other measures:

  1. Disallow access to server via root username
  2. Disallow access directly to database from outside
  3. Close all unused ports. Left only web, SFTP, MySQL, SSH
  4. auto patch?

To explore

  • using VPN
  • using SSH key
  • creating ftp user to access only certain directory
  • virtual host (multiple domains for a server)
  • security for 777 chmod directory
  • change ssh port to different port (but still below 1024)
  • install fail2ban to protect against brute force attack

Additional tools


Other reading and references

  1. Securing the server (SSH, VPN etc)
  2. Initial setup for Ubuntu 14.04


vi, vim, nano

Click here to register with DigitalOcean and get free USD10 to start using the service.

Leave a Reply

Your email address will not be published. Required fields are marked *