Recent Changes - Search:
TechNotes /

U1604

  • Create admin user and add to sudoers:
    usermod -aG sudo username
  • Install vim
  • Set vim as the default editor:
    update-alternatives --set editor /usr/bin/vim.basic
  • SSH Security
    • Protocol 2 (disable protocol 1)
    • [where possible] Use pre-shared keys
    • PermitRootLogin no
    • Uncomment: Banner /etc/issue.net (issue.net = Unauthorized access is prohibited.)
    • Move port
  • Set the correct hostname in /etc/hosts and /etc/hostname
  • Configure time
    • Set the timezone: dpkg-reconfigure tzdata
  • Install ntpdate and openntpd
  • Start openntpd:
    /etc/init.d/openntpd start
  • Set the time:
    ntpdate sundial.columbia.edu
  • Set hardware clock to UTC with:
    hwclock --systohc --utc
  • Create ufw firewall
  • Check reputation of assigned IPs:
    http://www.anti-abuse.org/multi-rbl-check-results/?host=x.x.x.x

Configure mail services

  • Install and configure storage-usage.sh
    • Copy to /usr/local/bin
    • Crontab: 10 1 * * 1 /usr/local/bin/storage-usage.sh >/dev/null
  • Install and configure updatecheck.sh
    • Copy to /usr/local/bin
    • Crontab: 15 0 * * * /usr/local/bin/updatecheck.sh >/dev/null
  • Install /usr/local/etc/skel files
    • authorized_keys
    • domain.tld (update with main shared IP)
  • Install /usr/local/bin/createuser.sh
    • Modify line near the end to use the appropriate shared IP by default.
  • Install apache2
    • Install libapache2-mod-php
  • Install PHP
    • php7.0
    • php7.0-cli
    • php-mail-mime
    • php7.0-curl
    • php7.0-gd
    • php-gd
    • php-imagick
    • php7.0-mcrypt
    • php7.0-mysql
    • php7.0-dev
    • php-dev (required for building PECL packages)
    • php-mail
    • Install standard includes
      • FirePHPCore
      • HTMLPurifier
      • phpSniff
      • Smarty
  • Configure PHP (/etc/php/7.0/apache2/php.ini) – Changes:
    • max_execution_time = 600
    • max_input_vars = 4000
    • error_log = /var/log/php/php_errors.log (create /var/log/php)
    • post_max_size = 80M
    • upload_max_filesize = 80M
    • date.timezone = America/Phoenix
  • Enable modules (phpenmod)
    • fileinfo
    • mcrypt
    • curl
    • gd
    • imagick
  • Configure Apache
    • /etc/apache2/apache2.conf
      • Add log format for benchmarking:
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %T" combinedplus
      • IncludeOptional sites-enabled/*.conf > IncludeOptional sites-enabled/*
    • /etc/apache2/conf-enabled/security.conf
      • ServerTokens Prod
      • ServerSignature Off
      • Disable trace to kill a PCI scan warning:
        TraceEnable Off
    • Enable mods (a2enmod)
      • mime
      • rewrite
      • ssl
  • Install MySQL (mysql-server, mysql-client)
    • Add to /etc/mysql/mysql.conf.d/mysqld.cnf:
      sql-mode = ''