Change the timezone
user@mysrv:~# sudo timedatectl set-timezone Europe/BelgradAdd new user with sudo access
user@mysrv:~# sudo adduser username
user@mysrv:~# sudo usermod -aG sudo usernameIf you have to installed docker, you need to add new user to the docker group
user@mysrv:~# sudo usermod -aG dokcer usernameChange default ssh port and disable login for root via ssh
user@mysrv:~# sudo cat > /etc/ssh/sshd_config.d/99-hardening.conf <<'EOF'
PermitRootLogin no
Port 2222
EOF
user@mysrv:~# sudo iptables -A INPUT -p tcp -m multiport --dports 2222 -j ACCEPT
user@mysrv:~# sudo sshd -t && sudo systemctl reload ssh || sudo systemctl restart sshInstall and configure fail2ban for safe ssh port
user@mysrv:~# sudo apt install -y fail2ban
cat > /etc/fail2ban/jail.d/defaults-debian.conf <<'EOF'
[sshd]
enabled = true
bantime = 36000
findtime = 3600
maxretry = 3
backend=systemd
port=ssh,2222
EOF
systemctl enable fail2ban
systemctl start fail2banSave iptables ruls
user@mysrv:~# sudo apt install -y iptables-persistent
user@mysrv:~# sudo netfilter-persistent saveGet snap packets and remove it
user@mysrv:~# sudo snap list
core20 20251031 2686 latest/stable canonical✓ base
lxd 5.0.5-68251b5 36918 5.0/stable/… canonical✓ -
snapd 2.73 25935 latest/stable canonical✓ snapd
user@mysrv:~# sudo snap remove --purge lxd
user@mysrv:~# sudo snap remove --purge core20
user@mysrv:~# sudo snap remove --purge snapd
user@mysrv:~# sudo snap list
No snaps are installed yet. Try 'snap install hello-world'.
user@mysrv:~# sudo systemctl stop snapd
user@mysrv:~# sudo systemctl disable snapd
user@mysrv:~# sudo systemctl mask snapd
user@mysrv:~# sudo apt purge --autoremove snapd -y
user@mysrv:~# sudo apt-mark hold snapdTo disable ipv6 add ipv6.disable=1 to /etc/default/grub, example
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=Ubuntu
GRUB_DISABLE_SUBMENU="true"
GRUB_TERMINAL="console serial"
GRUB_TERMINAL_INPUT="console serial"
GRUB_TERMINAL_OUTPUT="console serial"
GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200"
GRUB_DISABLE_RECOVERY="true"
GRUB_DISABLE_LINUX_UUID="true"
#GRUB_DISABLE_OS_PROBER=false
GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0 biosdevname=0 console=tty0 console=ttyS0,115200n8 ipv6.disable=1"
GRUB_CMDLINE_LINUX="apparmor=0 ipv6.disable=1"Apply, reboot and check
user@mysrv:~# sudo update-grub
user@mysrv:~# sudo reboot
user@mysrv:~# cat /sys/module/ipv6/parameters/disable
1
Комментариев нет:
Отправить комментарий