![Apple Shares New Mother's Day Ad: 'A Gift for Mom' [Video]](https://www.iclarified.com/images/news/97267/97267/97267-640.jpg)
![Apple Developing New Chips for Smart Glasses, Macs, AI Servers [Report]](https://www.iclarified.com/images/news/97269/97269/97269-640.jpg)
![Apple Shares Official Trailer for 'Stick' Starring Owen Wilson [Video]](https://www.iclarified.com/images/news/97264/97264/97264-640.jpg)
 Evolved as a Predominant Framework for Ransomware Attacks.webp?#)
_Aleksey_Funtap_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
_Sergey_Tarasov_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![[DEALS] The Premium Python Programming PCEP Certification Prep Bundle (67% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
-Mafia-The-Old-Country---The-Initiation-Trailer-00-00-54.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
First 10 Things to Do After Accessing Your New Linux Serve
After successfully SSH-ing into your new server (for example 178.18.23.12), here's your step-by-step checklist to properly set it up for production use: 1. Verify Basic System Info # Check OS version cat /etc/os-release # Check disk space df -h # Check memory free -h # Check CPU lscpu Why? Confirm you have the expected resources and OS version. 2. Change Default Passwords IMMEDIATELY # Change root password (even if using SSH keys) passwd # If you created a sudo user: passwd yourusername Pro Tip: Use a 20+ character random password stored in a password manager. 3. Create a New Sudo User (Never Use Root Daily) # Create user adduser yourusername # Grant sudo (Debian/Ubuntu) usermod -aG sudo yourusername # Grant sudo (CentOS/RHEL) usermod -aG wheel yourusername Now log out of root and use this user instead: exit ssh yourusername@178.18.243.142 4. Set Up SSH Key Authentication On your local machine (not the server): ssh-keygen -t ed25519 -a 100 # Creates ~/.ssh/id_ed25519.pub ssh-copy-id yourusername@178.18.243.142 Then disable password logins: sudo nano /etc/ssh/sshd_config Set: PasswordAuthentication no PermitRootLogin no Restart SSH: sudo systemctl restart sshd 5. Enable Automatic Security Updates Debian/Ubuntu sudo apt install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades CentOS/RHEL sudo yum install yum-cron sudo systemctl enable --now yum-cron 6. Configure a Firewall UFW (Debian/Ubuntu) sudo ufw allow 22/tcp # SSH sudo ufw allow 80/tcp # HTTP (if needed) sudo ufw enable firewalld (CentOS/RHEL) sudo firewall-cmd --permanent --add-service=ssh sudo firewall-cmd --reload 7. Install Essential Tools # For Debian/Ubuntu sudo apt install -y htop nano git curl fail2ban # For CentOS/RHEL sudo yum install -y htop nano git curl epel-release sudo yum install -y fail2ban 8. Set Up Basic Monitoring Install and Configure Fail2Ban sudo systemctl enable --now fail2ban Check Logs Regularly # Failed SSH attempts sudo grep "Failed" /var/log/auth.log # Debian/Ubuntu sudo grep "Failed" /var/log/secure # CentOS/RHEL # Active connections ss -tulnp 9. Secure Critical Files # Make sensitive files immutable sudo chattr +i /etc/passwd /etc/shadow /etc/group /etc/sudoers # Restrict cron access sudo rm /etc/cron.deny # Delete if exists echo "yourusername" | sudo tee /etc/cron.allow 10. What Next? Depends on Your Use Case For Web Servers: sudo apt install nginx # or apache2 sudo ufw allow 80/tcp sudo ufw allow 443/tcp For Database Servers: sudo apt install mysql-server sudo mysql_secure_installation For Development: # Install Docker curl -fsSL https://get.docker.com | sudo sh sudo usermod -aG docker yourusername Bonus: First Night Checklist ✅ All default passwords changed ✅ Root SSH login disabled ✅ SSH keys configured (password auth disabled) ✅ Firewall active with minimal ports open ✅ Automatic updates enabled ✅ Basic monitoring (Fail2Ban) running ✅ Critical files secured After this: Proceed with your specific application setup (WordPress, Node.js, game server, etc.). Emergency Reminder Always keep a backup SSH session open when making critical changes! If you lock yourself out: Use your hosting provider's VNC console access For cloud servers (AWS/Azure/GCP), use their rescue mode
After successfully SSH-ing into your new server (for example 178.18.23.12), here's your step-by-step checklist to properly set it up for production use:
1. Verify Basic System Info
# Check OS version
cat /etc/os-release
# Check disk space
df -h
# Check memory
free -h
# Check CPU
lscpu
Why? Confirm you have the expected resources and OS version.
2. Change Default Passwords IMMEDIATELY
# Change root password (even if using SSH keys)
passwd
# If you created a sudo user:
passwd yourusername
Pro Tip: Use a 20+ character random password stored in a password manager.
3. Create a New Sudo User (Never Use Root Daily)
# Create user
adduser yourusername
# Grant sudo (Debian/Ubuntu)
usermod -aG sudo yourusername
# Grant sudo (CentOS/RHEL)
usermod -aG wheel yourusername
Now log out of root and use this user instead:
exit
ssh yourusername@178.18.243.142
4. Set Up SSH Key Authentication
On your local machine (not the server):
ssh-keygen -t ed25519 -a 100 # Creates ~/.ssh/id_ed25519.pub
ssh-copy-id yourusername@178.18.243.142
Then disable password logins:
sudo nano /etc/ssh/sshd_config
Set:
PasswordAuthentication no
PermitRootLogin no
Restart SSH:
sudo systemctl restart sshd
5. Enable Automatic Security Updates
Debian/Ubuntu
sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades
CentOS/RHEL
sudo yum install yum-cron
sudo systemctl enable --now yum-cron
6. Configure a Firewall
UFW (Debian/Ubuntu)
sudo ufw allow 22/tcp # SSH
sudo ufw allow 80/tcp # HTTP (if needed)
sudo ufw enable
firewalld (CentOS/RHEL)
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
7. Install Essential Tools
# For Debian/Ubuntu
sudo apt install -y htop nano git curl fail2ban
# For CentOS/RHEL
sudo yum install -y htop nano git curl epel-release
sudo yum install -y fail2ban
8. Set Up Basic Monitoring
Install and Configure Fail2Ban
sudo systemctl enable --now fail2ban
Check Logs Regularly
# Failed SSH attempts
sudo grep "Failed" /var/log/auth.log # Debian/Ubuntu
sudo grep "Failed" /var/log/secure # CentOS/RHEL
# Active connections
ss -tulnp
9. Secure Critical Files
# Make sensitive files immutable
sudo chattr +i /etc/passwd /etc/shadow /etc/group /etc/sudoers
# Restrict cron access
sudo rm /etc/cron.deny # Delete if exists
echo "yourusername" | sudo tee /etc/cron.allow
10. What Next? Depends on Your Use Case
For Web Servers:
sudo apt install nginx # or apache2
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
For Database Servers:
sudo apt install mysql-server
sudo mysql_secure_installation
For Development:
# Install Docker
curl -fsSL https://get.docker.com | sudo sh
sudo usermod -aG docker yourusername
Bonus: First Night Checklist
✅ All default passwords changed
✅ Root SSH login disabled
✅ SSH keys configured (password auth disabled)
✅ Firewall active with minimal ports open
✅ Automatic updates enabled
✅ Basic monitoring (Fail2Ban) running
✅ Critical files secured
After this: Proceed with your specific application setup (WordPress, Node.js, game server, etc.).
Emergency Reminder
Always keep a backup SSH session open when making critical changes! If you lock yourself out:
- Use your hosting provider's VNC console access
- For cloud servers (AWS/Azure/GCP), use their rescue mode
