-
determine network manager
- may replace others with NetworkManager?
-
setup DHCP
-
setup DNS manager config
- may replace others with systemd-resolved?
-
setup mDNS if needed
-
cleanup per-link settings in network manager you may set
-
upload your ssh public key
-
check default sshd configs
- remove additional default configs(e.g. cloud-init)
- prevent root login or password login
- disable X11 forwarding
-
setup timezone
-
double-check NTP server
- setup time synchronized config
- set NTP server to time.cloudflare.com with NTS if needed
-
optimize fstab mount options
-
set the production user password
-
lock the root account if needed
-
install and setup tuned
-
remove default firewall daemon if have
-
install and setup firewalld
-
check fwupd
-
update system
-
reboot
Last active
September 28, 2025 20:45
-
-
Save SourLemonJuice/ee18a35a66b15cb579e8c96aba8313dd to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment