Create New User
Create USER without password and no stupid questions:
|
1 |
adduser --disabled-password --gecos "" USER |
Authorise Public SSH Key
Become the USER for which you want to add the pubkey (may be root):
|
1 |
sudo su USER |
Then curl it in from GitHub:
|
1 |
mkdir -p ~/.ssh && chmod 700 ~/.ssh && touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && curl https://github.com/oloflarsson.keys | tee -a ~/.ssh/authorized_keys |
Swedish Time Zone
Automatic:
|
1 |
timedatectl set-timezone Europe/Stockholm |
Interactive:
|
1 |
dpkg-reconfigure tzdata |
Verify:
|
1 |
date '+%Y-%m-%d %H:%M:%S' |
Stop SSH Cry Wolf
Add to ~/.ssh/config
|
1 2 3 4 |
Host * StrictHostKeyChecking no UserKnownHostsFile /dev/null LogLevel ERROR |
Bound Ports Security Audit
List the currently bound ports on the server:
|
1 |
netstat -plunt |
Fix Postfix master process bound to 0.0.0.0:25 for Local Address:
|
1 2 |
postconf -e inet_interfaces=loopback-only service postfix restart |
Install PHP Composer
Composer has some undocumented requirements:
|
1 |
apt install php-xml git curl |
This command installs composer system wide:
|
1 2 3 |
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php composer-setup.php --install-dir=/usr/local/bin --filename=composer php -r "unlink('composer-setup.php');" |
Verify:
|
1 |
composer --help |
Enforce HTTPS in .htaccess:
|
1 2 3 4 5 6 7 |
# BEGIN Force HTTPS <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule> # BEGIN Force HTTPS |
Enable PHP Errors in .htaccess:
|
1 2 |
php_flag display_startup_errors on php_flag display_errors on |