Create New User
Create USER without password and no stupid questions:
1 |
adduser --disabled-password --gecos "" USER |
Authorise Public SSH Key
Become the USER for which you want to add the pubkey (may be root):
1 |
sudo su root |
Then authorize Olof:
1 2 3 4 5 6 7 8 9 |
function authorize_olof { mkdir -p "${HOME}/.ssh" chmod 700 "${HOME}/.ssh" touch "${HOME}/.ssh/authorized_keys" chmod 600 "${HOME}/.ssh/authorized_keys" sed -i "/AAAAB3NzaC1yc2EAAAABJQAAAQEApbK6jeGuWjPQp0chsiN78AAz/d" "${HOME}/.ssh/authorized_keys" echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEApbK6jeGuWjPQp0chsiN78AAz/kam3Qkxtpixh+jXJnFyH9fpN21wI4Ad40QaF6rwHVpgAp5wArnIn+J6TnPYwKUHZuPgRtaY4kJH4RvWyPO7p+S4runrtuJpB65bOwTXNAcmps3ybl0d87uYxHW+kFGqCn0YrUQRxrjSU7e5OfQuOXYN4ZjbnPY8V7J9Mwo6oKaouSQ1nBbGL48hyYMhXow5IrFc09Uf64UsbAvsWRNikQlzRQ8vwUGU5WNGpv/je/lsZZ5XPY6fDWQiqvcpEI0hGtmbz/hELM9Bn8Q2WfEUFltpsolOoIz0/wi87Qs1CCLL4weCzQNWf0vqreEDXw== olof@oloflarsson.se" | tee -a "${HOME}/.ssh/authorized_keys" } authorize_olof |
Swedish Time Zone
Automatic:
1 |
timedatectl set-timezone Europe/Stockholm |
Interactive:
1 |
dpkg-reconfigure tzdata |
Verify:
1 |
date '+%Y-%m-%d %H:%M:%S' |
Stop SSH Cry Wolf
Add to ~/.ssh/config
1 2 3 4 |
Host * StrictHostKeyChecking no UserKnownHostsFile /dev/null LogLevel ERROR |
Bound Ports Security Audit
List the currently bound ports on the server:
1 |
netstat -plunt |
Fix Postfix master process bound to 0.0.0.0:25 for Local Address:
1 2 |
postconf -e inet_interfaces=loopback-only service postfix restart |
Install PHP Composer
Composer has some undocumented requirements:
1 |
apt install php-xml git curl |
This command installs composer system wide:
1 2 3 |
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php composer-setup.php --install-dir=/usr/local/bin --filename=composer php -r "unlink('composer-setup.php');" |
Verify:
1 |
composer --help |
Enforce HTTPS in .htaccess:
1 2 3 4 5 6 7 |
# BEGIN Force HTTPS <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule> # BEGIN Force HTTPS |
Enable PHP Errors in .htaccess:
1 2 |
php_flag display_startup_errors on php_flag display_errors on |