So you’ve bought a shiny new VPS or dedicated unmanaged server to cut costs on hosting but don’t know how to begin ? Read this post to make this easier. This tutorial will cover the instructions for a basic setup of a Debian unmanaged VPS or dedicated server. The following are covered in this article
- Configuring the Timezone
- Selecting locales
- Creating a sudo user
- Securing SSH
- Adding firewall rules
The first task is to update the apt database and check if any installed packages can be upgraded.
apt-get update && apt-get upgrade
Configuring the Timezone
The dpkg-reconfigure command is used to reconfigure the timezone
The same dpkg-reconfigure is used to select the locales too.
Creating a sudo user
Using a production server as a root user is the most dangerous thing you can do. So create a normal user and add it to the list of sudoers.
useradd --shell /bin/bash username
Now add the following line to the end of this file
username ALL=(ALL) ALL
To secure SSH the default port 22 has to be changed and root user login via SSH has to be disabled. Open the SSH configuration
and edit the following
change this to any number between 49152 and 65535
Also search for
and change this to
For the changes to take place you have to restart the SSH service. If you’ve been doing all these things via SSH you should add the exit command so that the current SSH session closes.
/etc/init.d/ssh restart && exit
Reconnect to the server as the newly created sudo user through the new port.
ssh username@servername -p 53474
Now whenever you want to execute commands as root add the word “sudo” to the beginning of the command
Adding firewall rules
A server becomes to attack vulnerable if it allows access to all open ports in the system, so configuring the firewall is very crucial. Most new Debian installations have no firewall rules. But it is better to flush all rules. Since you’re logged in as the sudo user add the word sudo before each command
sudo iptables -F
Now lets add the rules
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT ! -i lo -d 127.0.0.1/8 -j REJECT
sudo iptables -N MYRULES
sudo iptables -A INPUT -j MYRULES
sudo iptables -A MYRULES -m state --state NEW -p tcp --dport 53474 -j ACCEPT
sudo iptables -A MYRULES -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo iptables -A MYRULES -m state --state NEW -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -j DROP
You can probably replace “DROP” in the last line with “REJECT” but I personally prefer “DROP” because when you reject packets the system sends the rejected packets back which might , but “DROP” just ignores the packets. The rules above drop icmp packets also which means you won’t get any reply if you ping the server. If you want the the server to reply to incoming pings execute the following command also
sudo iptables -A MYRULES -p icmp -m icmp --icmp-type 8 -j ACCEPT
Anymore rules you want to add can be appended to the MYRULES table. Time to save the rules and make sure they load when the server reboots
iptables-save > /etc/iptables.rules
sudo vi /etc/network/if-pre-up.d/firewall
Add the following lines to this file
/sbin/iptables-restore < /etc/iptables.rules
Save the file and make it executable
sudo chmod +x /etc/network/if-pre-up.d/firewall
This is just the basic setup guide for a Debian server, expect to see more articles on setting up other flavors of Linux and advanced guides on setting up network services. Here is an interactive shell script coded by me which automates all the processes outlined above.
To use this script upload it to your server, login as the root user
chmod +x /path/to/script/unmanaged-debian-server-basic-setup.sh
I tested the script with the following Linux flavors
- Debian 6 (Squeeze): This script works perfectly
- Debian 5 (Lenny): Except setting up locales everything works
- Ubuntu 11.04 (Natty Narwhal): Except locales everything works
This script was tested on a Rackspace cloud server and a Virtual Machine in VMware player. It should work on all VPSes and dedicated servers if you’re facing any problems please write about it in the comment form or contact me.