Jesin's Blog

Welcome to the Portal of Technology

  • Facebook
  • GitHub
  • Google+
  • RSS
  • Twitter
  • Home
  • Categories
    • Domains
    • Linux
    • Networking
    • PHP
    • Virtualization
    • Web Design
    • Web Servers
    • Windows
  • WordPress Plugins
    • Custom Error Pages
    • HTTP Digest Authentication
    • Mailgun Email Validator
  • Toolbox
    • DNS Lookup Tool
    • htdigest Generator Tool Online
    • htpasswd Generator Tool Online
    • HTTP Headers Lookup Tool
    • MD5 Encryption Tool
    • Open Port Check Tool
    • SHA-1 Encryption Tool
    • URL Encoding/Decoding Tool
  • About Me
  • Contact Me
  • Sitemap
Home ›
Linux ›
How to setup an unmanaged Debian server

How to setup an unmanaged Debian server

October 30, 2011 Linux Jesin A 1 Comment

linux category thumbnail

So you’ve bought a shiny new VPS or dedicated unmanaged server to cut costs on hosting but don’t know how to begin ? Read this post to make this easier.  This tutorial will cover the instructions for a basic setup of a Debian unmanaged VPS or dedicated server. The following are covered in this article

  • Configuring the Timezone
  • Selecting locales
  • Creating a sudo user
  • Securing SSH
  • Adding firewall rules

The first task is to update the apt database and check if any installed packages can be upgraded.

apt-get update && apt-get upgrade

Configuring the Timezone

The dpkg-reconfigure command is used to reconfigure the timezone

dpkg-reconfigure tzdata

Selecting locales

The same dpkg-reconfigure is used to select the locales too.

dpkg-reconfigure locales

Creating a sudo user

Using a production server as a root user is the most dangerous thing you can do. So create a normal user and add it to the list of sudoers.

useradd --shell /bin/bash username
passwd username
visudo

Now add the following line to the end of this file

username ALL=(ALL) ALL

Securing SSH

To secure SSH the default port 22 has to be changed and root user login via SSH has to be disabled. Open the SSH configuration

vi /etc/ssh/sshd_config

and edit the following

Port 22

change this to any number between 49152 and 65535

Port 53474

Also search for

PermitRootLogin yes

and change this to

PermitRootLogin no

For the changes to take place you have to restart the SSH service. If you’ve been doing all these things via SSH you should add the exit command so that the current SSH session closes.

/etc/init.d/ssh restart && exit

Reconnect to the server as the newly created sudo user through the new port.

ssh username@servername -p 53474

Now whenever you want to execute commands as root add the word “sudo” to the beginning of the command

Adding firewall rules

A server becomes to attack vulnerable if it allows access to all open ports in the system, so configuring the firewall is very crucial. Most new Debian installations have no firewall rules. But it is better to flush all rules. Since you’re logged in as the sudo user add the word sudo before each command

sudo iptables -F

Now lets add the rules

sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT ! -i lo -d 127.0.0.1/8 -j REJECT
sudo iptables -N MYRULES
sudo iptables -A INPUT -j MYRULES
sudo iptables -A MYRULES -m state --state NEW -p tcp --dport 53474 -j ACCEPT
sudo iptables -A MYRULES -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo iptables -A MYRULES -m state --state NEW -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -j DROP

You can probably replace “DROP” in the last line with “REJECT” but I personally prefer “DROP” because when you reject packets the system sends the rejected packets back which might , but “DROP” just ignores the packets. The rules above drop icmp packets also which means you won’t get any reply if you ping the server. If you want the the server to reply to incoming pings execute the following command also

sudo iptables -A MYRULES -p icmp -m icmp --icmp-type 8 -j ACCEPT

Anymore rules you want to add can be appended to the MYRULES table. Time to save the rules and make sure they load when the server reboots

iptables-save > /etc/iptables.rules
sudo vi /etc/network/if-pre-up.d/firewall

Add the following lines to this file

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.rules

Save the file and make it executable

sudo chmod +x /etc/network/if-pre-up.d/firewall

Conclusion

This is just the basic setup guide for a Debian server, expect to see more articles on setting up other flavors of Linux and advanced guides on setting up network services. Here is an interactive shell script coded by me which automates all the processes outlined above.

Download unmanaged Debian VPS/Dedicated server basic setup script

To use this script upload it to your server, login as the root user

chmod +x /path/to/script/unmanaged-debian-server-basic-setup.sh
/path/to/script/unmanaged-debian-server-basic-setup.sh

I tested the script with the following Linux flavors

  • Debian 6 (Squeeze): This script works perfectly
  • Debian 5 (Lenny): Except setting up locales everything works
  • Ubuntu 11.04 (Natty Narwhal): Except locales everything works

This script was tested on a Rackspace cloud server and a Virtual Machine in VMware player. It should work on all VPSes and dedicated servers if you’re facing any problems please write about it in the comment form or contact me.

Related posts:

How to save IPtables rules in Debian windows category thumbnailHow to use PuTTY to create a SSH Tunnel linux category thumbnailSetting up a PPTP VPN Server on Debian/Ubuntu linux category thumbnailSSH configure key based authentication linux category thumbnailConfigure Apache Web Server Load Balancing

Tags: debian, linux

Comments

  1. kparker says

    July 24, 2017 at 7:22 am

    You must have created the script on windows. I downloaded on Ubuntu and it had window line endings which caused the bang to not correctly locate the bash engine resource. Anyone attempting to use the script will need to resolve that issue for it to execute.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get a wealth of information delivered to your inbox. Subscribe and never miss a single article.

  • Tutorials and howtos
  • Code, scripts and commands
  • Online Tools

* No spam, unsubscribe anytime

Hire Me

  • SSL installation and hardening (A+ on Qualys SSL test)
  • Apache & Nginx configuration
  • Email deliverability improvement (10/10 on Mail Tester & MailGenius)
  • WordPress customization, optimization and migration
  • and much more…

    Tools

    • DNS Lookup Tool
    • htdigest Generator Tool Online
    • htpasswd Generator Tool Online
    • HTTP Headers Lookup Tool
    • MD5 Encryption Tool
    • Open Port Check Tool
    • SHA-1 Encryption Tool
    • URL Encoding/Decoding Tool

    Nav

    • Home
    • About Me
    • Contact Me
    • Privacy Policy
    • Sitemap
    Vultr SSD VPS

    Creative Commons License
    Jesin's Blog by Jesin A is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
    Based on a work at websistent.com.