Skip to content

Instantly share code, notes, and snippets.

@ammarfaizi2

ammarfaizi2/0-prepare-your-linux-server.md

Forked from ianmustafa/0-prepare-your-linux-server.md
Created March 2, 2018 12:58
Show Gist options
  • Save ammarfaizi2/cb7eaa71d6ef7cfe2756e10d1de5c212 to your computer and use it in GitHub Desktop.
Save ammarfaizi2/cb7eaa71d6ef7cfe2756e10d1de5c212 to your computer and use it in GitHub Desktop.
Download ZIP
Prepare your Linux Server
Raw
0-prepare-your-linux-server.md

Prepare Your Linux Server

What Does This Really Do?

Basically we set up the timezone and locale, and only allow for SSH root login without password, by using SSH authentication key. We also add a basic Vim conviguration inside .vimrc by adding line numbers by default.

Then we update the repository and the system, and also add basic tools like nano, curl, tmux, even vim itself doesn't included by the system. zsh and git is prequisites for oh-my-zsh, which basically is zsh on steroids. We also add htop and mytop for system monitoring.

Last but not least, we add ntp for time synchronization and ufw or firewalld to configure firewall easily without touching IPTABLES, except for CentOS 6 which has no support for firewalld, so we set up a basic IPTABLES instead.

And there you go.

Raw
1-ubuntu-16.04.md

Ubuntu Server 16.04 (Xenial Xerus)

  • After login to the server for the first time (after rebuild):
$ dpkg-reconfigure tzdata && locale-gen en_US.UTF-8 && echo -e "LC_ALL=en_US.UTF-8\nLC_CTYPE=en_US.UTF-8\nLANG=en_US.UTF-8" >> /etc/environment
$ echo -e "set number\nset relativenumber" > /root/.vimrc && sed -i '/^PermitRootLogin/c\PermitRootLogin without-password' /etc/ssh/sshd_config
$ reboot
  • After reboot:
$ apt update && apt upgrade -y && apt install -y ufw ntp nano vim curl tmux zsh git htop mytop httpie software-properties-common
  • Install oh-my-zsh, change theme to ys and add debian plugin.
  • Configure ufw:
$ ufw allow ssh && ufw allow http && ufw allow https && ufw enable
Raw
2-centos-7.md

CentOS 7

  • After login to the server for the first time (after rebuild):
$ timedatectl set-timezone Asia/Jakarta && localedef -i en_US -f UTF-8 en_US.UTF-8 && localectl set-locale LC_CTYPE=en_US.utf8 && localectl set-locale LC_CTYPE=en_US.utf8
$ echo -e "set number\nset relativenumber" > /root/.vimrc && sed -i '/^PermitRootLogin/c\PermitRootLogin without-password' /etc/ssh/sshd_config
$ reboot
  • After reboot:
$ yum update -y && yum install -y nano vim tmux zsh git epel-release && yum install -y firewalld ntp htop mytop httpie
  • Install oh-my-zsh, change theme to ys and add yum plugin.
  • Configure firewalld:
$ systemctl start firewalld && firewall-cmd --permanent --add-service=ssh && firewall-cmd --permanent --add-service=http && firewall-cmd --permanent --add-service=https && firewall-cmd --reload && systemctl enable firewalld
  • Configure ntp:
$ systemctl start ntpd && systemctl enable ntpd
Raw
3-centos-6.md

CentOS 6

  • After login to the server for the first time (after rebuild):
$ rm -f /etc/localtime && ln -s /usr/share/zoneinfo/Asia/Jakarta /etc/localtime && localedef -i en_US -f UTF-8 en_US.UTF-8 && echo -e "LC_ALL=en_US.UTF-8\nLC_CTYPE=en_US.UTF-8" >> /etc/environment
$ echo -e "set number\nset relativenumber" > /root/.vimrc && sed -i '/^PermitRootLogin/c\PermitRootLogin without-password' /etc/ssh/sshd_config
$ reboot
  • After reboot:
$ yum update -y && yum install -y nano vim tmux zsh git epel-release && yum install -y ntp htop mytop python-pip && pip install httpie
  • Install oh-my-zsh, change theme to ys and add yum plugin.
  • Configure IPTABLES:
$ iptables -F &&iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP && iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP && iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
$ iptables -A INPUT -i lo -j ACCEPT && iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT && iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT && iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
$ iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT && iptables -P OUTPUT ACCEPT && iptables -P INPUT DROP && iptables-save | tee /etc/sysconfig/iptables && service iptables restart
  • Configure ntp:
$ chkconfig ntpd on && service ntpd start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment