Additional Recommendations for New Servers - Debian 7
Time: 10 minutes
After you’ve set up your server, there a few other steps we recommend to ensure its security make sure your server’s secure and works like you’d expect.
These steps are optional, but they’re the kind of things that seasoned admins always take care of.
Set up a basic firewall
Creating a firewall protects your server from malicious traffic that can lead to security issues or degraded performance due to floods of traffic, such as DDoS attacks.
Install UFW firewall
- Install the UFW firewall:
sudo apt-get install ufw
Create firewall rules
By default, firewalls block all traffic, so you have to define exceptions to that, that is: the traffic you want to let in.
- Create an exception so you can connect to your server through SSH:
sudo ufw allow 22/tcp
Note: If you've changed your default SSH port, replace 22 with your port number.
- Open any of the following ports based on what services you need:
You want to enable... Run this command Web server (HTTP) trafficsudo ufw allow 80/tcp Web server & SSL (HTTPS) trafficsudo ufw allow 443/tcp Outgoing email (SMTP)sudo ufw allow 25/tcp
- Review your exceptions:
sudo ufw show listeningThe
ufw show listeningcommand lists your configured firewall rules in human-readable format, even when your firewall is inactive.
Enable the firewall
Now that you've created your rules, you need to turn the firewall on.
- If the
ufw show listeningcommand lists all the rules you want, enable your firewall:sudo ufw enable
- At the prompt, enter y to continue. This entry applies your exceptions, blocks all other traffic, and configures your firewall to start automatically at startup.
If you configure additional services later, make sure to open their respective ports.
Synchronize Network Time Protocol (NTP)
When different computer or server programs with out-of-sync clocks communicate with each other, switching between these systems can cause the time to jump back and forth. This can cause undesirable effects such as incorrect timestamps on emails or logs.
Fortunately, you can solve this problem simply by using Network Time Protocol (NTP) synchronization.
Configure time zone
- Set your server's time zone by reconfiguring the
tzdata(time zone database) is a public-domain time zone database maintained by a global network of NTP servers.sudo dpkg-reconfigure tzdataThe package configuration window displays.
- Use the Up and Down arrow keys on the keyboard to find your geographic area (which are continents and oceans). Find the region/geographic area of your server, and then select OK.
Warning: For North America, select America (the second option). Note that US (the option before None of the above) stands for "Use System V style time zones," not for "United States."
- In the next menu, select the city or region of your time zone, and then select OK. Your system updates to your selected timezone:
Local time is now: Mon Jul 10 13:00:10 PST 2015.
Universal Time is now: Mon Jul 10 20:00:10 UTC 2015.
Configure NTP synchronization
Next, configure your NTP. NTP is an Internet protocol that synchronizes time of computer clocks across the Internet and helps to determine when events happened between systems. A client requests the current time from an NTP server and then uses the server's response to set its own clock. Afterward, your computer is accurately synced with networked time servers.
- Install the NTP daemon:
sudo apt-get install ntp
NTP synchronization is now active on your server. Your system adjusts the time throughout the day to match up with global NTP servers.
If you like this configuration, you can take a server snapshot to use as a guide for setting up future installations.
Also, consider adding swap space. Adding swap space is an easy way to increase cloud server performance and is particularly helpful if you host databases on your system.