My server setup: Ranvir Singh and Linux containers

Over the next few weeks, we're going to be exploring how a few of our team members set up brand-new servers of their own. These aren't meant to be tutorials, but rather fun investigations into the near-infinite ways we can accomplish the same task. If you'd like to be featured in a future edition, feel free to let me know: [email protected].

---

We all have our particular setups, applications we install, and services we run to keep our servers well-organized and secure. Today, I wanted to talk about a few things I do when starting with a new server.

Updates and security

The first thing I presume we all do is run apt update && apt upgrade -y, or a similar command for the package manager on your distro. After this, I try my luck with apt autoremove which, gets rid of some the unwanted files and packages that I won’t need. Notice how I didn’t mention sudo in the above commands… that’s because when I first log in to my VPS, I’m logged in as the omnipotent root user. What’s worse is that I’m logged in as root user over SSH! Not good. So, my next step involves changing a few things about my server:

1. Create a new user with root privileges.
2. Make sure that the new user can log in over SSH using a public-private key pair.
3. Make sure that root user can’t login over SSH.
4. Block unnecessary ports.

The order of this checklist is essential!

1. Create a new user

All this involves is:

$ adduser USER
$ usermod -aG sudo USER

The first command creates the user named USER, prompts me for a new UNIX password plus a few details that you can skip through. The second command adds (appends) this user to the elite sudo group. I usually test this user by running login USER followed by the password I selected. I test the sudo capability by running a simple command like sudo apt update. Sometimes I want to use sudo without entering the password every time. To do this, I open the sudoers file using the visudo command (similar to the