Sysadmin Cheat Sheet

Create New User

Create USER without password and no stupid questions:

adduser --disabled-password --gecos "" USER

1	adduser --disabled-password --gecos "" USER

Authorise Public SSH Key

Become the USER for which you want to add the pubkey (may be root):

sudo su root

1	sudo su root

Then authorize Olof:

function authorize_olof {
    mkdir -p "${HOME}/.ssh"
    chmod 700 "${HOME}/.ssh"
    touch "${HOME}/.ssh/authorized_keys"
    chmod 600 "${HOME}/.ssh/authorized_keys"
    sed -i "/AAAAB3NzaC1yc2EAAAABJQAAAQEApbK6jeGuWjPQp0chsiN78AAz/d" "${HOME}/.ssh/authorized_keys"
    echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEApbK6jeGuWjPQp0chsiN78AAz/kam3Qkxtpixh+jXJnFyH9fpN21wI4Ad40QaF6rwHVpgAp5wArnIn+J6TnPYwKUHZuPgRtaY4kJH4RvWyPO7p+S4runrtuJpB65bOwTXNAcmps3ybl0d87uYxHW+kFGqCn0YrUQRxrjSU7e5OfQuOXYN4ZjbnPY8V7J9Mwo6oKaouSQ1nBbGL48hyYMhXow5IrFc09Uf64UsbAvsWRNikQlzRQ8vwUGU5WNGpv/je/lsZZ5XPY6fDWQiqvcpEI0hGtmbz/hELM9Bn8Q2WfEUFltpsolOoIz0/wi87Qs1CCLL4weCzQNWf0vqreEDXw== olof@oloflarsson.se" | tee -a "${HOME}/.ssh/authorized_keys"
}
authorize_olof

function authorize_olof {

mkdir -p "${HOME}/.ssh"

chmod 700 "${HOME}/.ssh"

touch "${HOME}/.ssh/authorized_keys"

chmod 600 "${HOME}/.ssh/authorized_keys"

sed -i "/AAAAB3NzaC1yc2EAAAABJQAAAQEApbK6jeGuWjPQp0chsiN78AAz/d" "${HOME}/.ssh/authorized_keys"

echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEApbK6jeGuWjPQp0chsiN78AAz/kam3Qkxtpixh+jXJnFyH9fpN21wI4Ad40QaF6rwHVpgAp5wArnIn+J6TnPYwKUHZuPgRtaY4kJH4RvWyPO7p+S4runrtuJpB65bOwTXNAcmps3ybl0d87uYxHW+kFGqCn0YrUQRxrjSU7e5OfQuOXYN4ZjbnPY8V7J9Mwo6oKaouSQ1nBbGL48hyYMhXow5IrFc09Uf64UsbAvsWRNikQlzRQ8vwUGU5WNGpv/je/lsZZ5XPY6fDWQiqvcpEI0hGtmbz/hELM9Bn8Q2WfEUFltpsolOoIz0/wi87Qs1CCLL4weCzQNWf0vqreEDXw== olof@oloflarsson.se" | tee -a "${HOME}/.ssh/authorized_keys"

}

authorize_olof

Swedish Time Zone

Automatic:

timedatectl set-timezone Europe/Stockholm

1	timedatectl set-timezone Europe/Stockholm

Interactive:

dpkg-reconfigure tzdata

1	dpkg-reconfigure tzdata

Verify:

date '+%Y-%m-%d %H:%M:%S'

1	date '+%Y-%m-%d %H:%M:%S'

Stop SSH Cry Wolf

Add to ~/.ssh/config

Host *
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null
    LogLevel ERROR

Host *

StrictHostKeyChecking no

UserKnownHostsFile /dev/null

LogLevel ERROR

Bound Ports Security Audit

List the currently bound ports on the server:

netstat -plunt

1	netstat -plunt

Fix Postfix master process bound to 0.0.0.0:25 for Local Address:

postconf -e inet_interfaces=loopback-only
service postfix restart

1 2	postconf -e inet_interfaces=loopback-only service postfix restart

Install PHP Composer

Composer has some undocumented requirements:

apt install php-xml git curl

1	apt install php-xml git curl

This command installs composer system wide:

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php --install-dir=/usr/local/bin --filename=composer
php -r "unlink('composer-setup.php');"

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

php composer-setup.php --install-dir=/usr/local/bin --filename=composer

php -r "unlink('composer-setup.php');"

Verify:

composer --help

1	composer --help

Enforce HTTPS in .htaccess:

# BEGIN Force HTTPS
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
# BEGIN Force HTTPS

# BEGIN Force HTTPS

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

</IfModule>

# BEGIN Force HTTPS

Enable PHP Errors in .htaccess:

php_flag display_startup_errors on
php_flag display_errors on

1 2	php_flag display_startup_errors on php_flag display_errors on