Basics & UFW

Install basic packages and UFW on server

Update system

Execute some updates and install vim editor

sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y

Packages

Common

zip and unzip to compress and decompress files
curl to download files
git to manage repositories
vim to edit files
ssh to connect to server
lsb-release to get information about distribution
ca-certificates to manage certificates
apt-transport-https to use https in apt
software-properties-common to manage software

sudo apt install -y \
  zip \
  unzip \
  curl \
  git \
  vim \
  ssh \
  lsb-release \
  ca-certificates \
  apt-transport-https \
  software-properties-common \
  htop \
  p7zip-full \
  neofetch

Handle images

These tools are used to optimize images.

INFO

If your server is not used to host images, you can skip this step.

sudo apt install -y \
  jpegoptim \
  optipng \
  pngquant \
  optipng \
  gifsicle \
  webp

Conversion

These tools are used to convert images and videos.

ffmpeg to convert videos
imagemagick to convert images

sudo apt install -y \
  ffmpeg \
  imagemagick

Server monitoring

INFO

You can install all packages or only some of them.

Base packages

procps : provides ps, vmstat, uptime, top for basic stats
util-linux : dmesg, lsblk, lscpu for system logs and hardware info
sysstat : iostat, mpstat, pidstat, sar for disk/CPU stats
iproute2 : ip, ss, nstat, tc, recommended network tools
numactl : numastat for NUMA stats

sudo apt install -y procps util-linux sysstat iproute2 numactl

Network tools

tcpdump : network sniffer
nicstat : network interface stats
ethtool : interface info

sudo apt install -y tcpdump nicstat ethtool

Profiling and tracing tools

linux-tools-common et linux-tools-$(uname -r) : perf, turbostat
bpfcc-tools (ou bcc) : a suite of powerful eBPF tools
bpftrace : a dynamic eBPF scripting tool
trace-cmd : command line tool for ftrace

sudo apt install -y linux-tools-common linux-tools-$(uname -r) bpfcc-tools bpftrace trace-cmd

Equipment-specific tools

GPU Intel : intel-gpu-tools
GPU NVIDIA : nvidia-smi

UFW (Firewall)

Install firewall

sudo apt install ufw -y

Set default rules

sudo ufw allow ssh
sudo ufw allow 80
sudo ufw allow 443

Enable firewall

sudo ufw enable

Show rules

sudo ufw show added
sudo ufw status

If works, disallow ssh connection with root.

sudo vim /etc/ssh/sshd_config

Find PermitRootLogin line and replace yes to no and restart sshd daemon. Disconnect yourself with exit and you won't able to connect with root, connect with custom user now.

diff

-#Port 22
+Port 22 # l. 14 to change port

-PermitRootLogin yes
+PermitRootLogin no # l. 33 to disable root login

-PasswordAuthentication yes
+PasswordAuthentication no # l. 57 to disable password auth

-KbdInteractiveAuthentication yes
+KbdInteractiveAuthentication no # l. 62 to disable password auth

sudo systemctl restart sshd.service

Change SSH port

Change port in sshd config

sudo vim /etc/ssh/sshd_config

Port 22

Port 1234

Allow new port in firewall

sudo ufw allow 1234/tcp

Remove old port

sudo ufw delete allow 22/tcp

Check new rules

sudo ufw status

Restart sshd daemon

sudo systemctl restart sshd.service

Basics & UFW ​

Update system ​

Packages ​

Common ​

Handle images ​

Conversion ​

Server monitoring ​

UFW (Firewall) ​

Change SSH port ​