Index of server setup steps:
---
1. **Initial Configuration**
- System Updates
- Creating a New Admin User
- Configuring SSH Access
2. **Securing Access**
- Disable Root SSH Access
- Change Default SSH Port
- Configure Firewall (UFW)
- Install and Configure Fail2Ban
3. **Enabling Multi-Factor Authentication (MFA)**
- Install Google Authenticator
- Configure SSH to Require MFA
4. **SSL/TLS Setup with Let’s Encrypt**
- Install Certbot
- Obtain and Configure SSL Certificates
- Enforce HTTPS with Web Server Configuration
5. **Automating Security Updates**
- Configure Unattended-Upgrades
- Set Notifications for Updates
6. **Additional Hardening**
- Disable Unnecessary Services
- Configure File Permissions
- Set Up System Audit Logging
7. **Monitoring and Logging**
- Install Monitoring Tools
- Configure Log Rotation and Alerts
8. **Backup and Recovery Planning**
- Establish Backup Plan and Frequency
- Test Backup Recovery Procedures
9. **Regular Maintenance and Security Audits**
- Schedule Regular Updates and Audits
- Periodic Security Checks with Audit Tools
Initial Configurationroot@localhost:~# cat /etc/issueUbuntu 24.04.1 LTS \n \lsudo apt-get dist-upgrade
# Setting the server hostnamesudo hostnamectl set-hostname 2600.rsvp-system.orgsudo nano /etc/hosts
# 127.0.0.1 2600.rsvp-system.org 2600sudo systemctl restart systemd-hostnamed
// Reboot as needed.
# Setting an admin user.sudo adduser --shell /bin/bash cactus
# Add the admin user to the server admin Groupsudo usermod -aG sudo cactussu - cactus
sudo nano /etc/ssh/sshd_config
Generate an SSH key on a local Mac terminal and copy it to the serverssh-keygen -t rsa -b 4096 -C "cactus@rsvp-system.org"ssh-copy-id cactus@rsvp-system.org
ssh-copy-id takes your local Public key, and adds it to the authorized keys
on the server. ~/.ssh/authorized_keys
Enable multifactor login, Google Authenticator
sudo apt install libpam-google-authenticator
Logged in as the user:
google-authenticatorsudo nano /etc/pam.d/sshd
# Update packagessudo apt update && sudo apt upgrade -y
# Install Apache, PHP, and additional PHP extensions for Drupalsudo apt install apache2 php libapache2-mod-php php-mysql php-xml php-gd php-mbstring php-curl php-zip php-json -y
# Install MySQL or MariaDB (replace with your preferred database server)sudo apt install mysql-server -ysudo mysql
CREATE DATABASE rsvp_system CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
CREATE USER 'rsvp_system'@'localhost' IDENTIFIED BY 'change-me';
GRANT ALL PRIVILEGES ON rsvp_system.* TO 'rsvp_system'@'localhost';
FLUSH PRIVILEGES; EXIT;sudo apt install certbot python3-certbot-apache