To see which ports are being used by your server:
sudo ss -tulnp
Notes:
0.0.0.0:*
→ loopback (safe, local only)[::]:*
→ open to all (public)
Update package lists and upgrade all packages:
sudo apt update && sudo apt upgrade -y
Install and configure unattended upgrades:
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
This ensures security updates are applied automatically.
Use ufw
(Uncomplicated Firewall) to manage firewall rules:
sudo ufw enable
sudo ufw status
sudo ufw allow ssh # allow SSH access
sudo ufw allow 80/tcp # allow HTTP
sudo ufw allow 443/tcp # allow HTTPS
Tip: Always allow SSH before enabling ufw
to avoid locking yourself out.
Check CPU, memory, and disk usage:
top # real-time CPU & memory
htop # interactive, more user-friendly
df -h # disk usage
free -h # memory usage
Install htop
if not available:
sudo apt install htop
Check status, start, stop, or restart services:
sudo systemctl status nginx
sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx
sudo systemctl enable nginx # start on boot
View system logs for troubleshooting:
journalctl -xe # system logs
sudo tail -f /var/log/syslog # live system log
- Disable root login: edit
/etc/ssh/sshd_config
→PermitRootLogin no
- Use key-based authentication instead of passwords
- Change default port for SSH (optional)
Restart SSH after changes:
sudo systemctl restart ssh
Install and enable fail2ban
:
sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
Check status:
sudo fail2ban-client status
Ctrl + R
→ search command history!!
→ repeat last command!<number>
→ run command from history by numbertmux
orscreen
→ keep sessions running after disconnect