How to Setup Linux Server(VPS)?

shivangpatel | April 29, 2021, 5:48 p.m. | Linux,

1. Prepare Server OS

Installing updates is the very first task to prepare your servers. New updates give you the latest os level features, security updates, previous versions bug fixing, etc. After login, you need to fire these commands one by one ( your command starting just after # sign ). That’s it!

# apt update

# apt upgrade

# apt dist-upgrade

# apt install unattended-upgrades apt-listchanges

# dpkg-reconfigure -plow unattended-upgrades

2. Change ROOT passkey

When you purchase your VPS, the seller gives you your root password. So, we need to change it and make a new one your own. The root password must be a combination of alphanumerics, special characters, and enough long to not easy to guess or crack ( not only root but any newly created users and database ).   

# passwd    

After entering the above command, follow instructions on the terminal.

3. Create a new user with root privileges

New user? Yes new user for accessing VPS. For security purposes, It’s not safe to remote login with the root user.

To create a new user
# adduser NEWUSER

Generally, the minimal server doesn’t have sudo a package. So, we need to install it.
 # apt-get install sudo

Create a group of your user
# groups NEWUSER

Add your new user to sudo privileges.
# adduser NEWUSER sudo

Timedatectl - For time date setting

4. Fail2ban - Prepare for D-DOS

# apt-get install fail2ban

5. Configure SSH

# vi /etc/ssh/sshd_config   

Change port number. The default port number is 22. Make sure the new port number should be different from the existing ports used by current services.
Disable ROOT user login : PermitRootLogin no

# service ssh restart

6. Firewall Install and Setup

For firewall installation.
# apt install ufw

Set default incoming/outgoing rules.
# ufw default deny incoming
# ufw default allow outgoing

Setup some primary rules to allow some basic necessary ports.
# ufw allow 80/tcp
# ufw allow YOUR_NEW_SSH_PORT_NUMBER/tcp
# ufw allow out 53,80,443/tcp
# ufw allow out 53,80,443/udp

All basic rules added for now. Now activate your firewall.
# ufw enable

To check the current status of the firewall.
# ufw status verbose

7. Database Setup

Install MySQL
For MySQL installation, fire below commands one by one. You will needed your user password for it. During the installation, you need to enter database password for mysql’s root user and it must be strong enough.  
    $ sudo apt update
    $ sudo apt install mysql-server

Secure MySQL
Securing mysql is a necessary when your database on live server. So, for that you need to fire below command and follow the instructions. During this step, you must have root passkey. You don’t need to change your pass key unless it will showing as a weak password as per your chosen password strength.
 $ mysql_secure_installation
Remove all temporary users and databases. And set root password.

To check mysql server status…
$ systemctl status mysql.service

Now you have root passkey & set mysql_native_password for root :
$ sudo mysql
Mysql > SELECT user,authentication_string,plugin,host FROM mysql.user;
Mysql > ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'root';
Mysql > FLUSH PRIVILEGES;
Mysql > SELECT user,authentication_string,plugin,host FROM mysql.user;

Configure MySQL
First thing, Login in it as a root user. Fire below command and then enter passkey for database root user( passkey that you already setup during mysql installation ).
$ mysql -u root -p

Mysql > CREATE USER 'shivang'@'%' IDENTIFIED BY 'Shivang@123';

Mysql > GRANT ALL PRIVILEGES ON *.* TO 'user123'@'localhost' WITH GRANT OPTION;

Now, first thing to do is, create new database for your own. Then create new user for database and give that user to necessary permissions.
    mysql> create database dbnew;
    mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, DROP ,ALTER ROUTINE, EVENT, TRIGGER ON *.* TO 'snorlax'@'localhost';

*.* = databasename.tablenames

Looks like everything is setup, so exit.
mysql> \q

Login back as a new user and choose database first and then create a test table.
mysql> mysql -u username -p;
mysql> use dbnew;
mysql> create table testable; 

    
Disable ONLY_FULL_GROUP_BY, you need to add one line in mysql configuration file.
    $ sudo vi /etc/mysql/my.cnf

   Edit below lines….
 # Only allow connections from localhost
[mysqld]
bind-address = 127.0.0.1
sql_mode = "STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"

Now, restart your server or restart mysql service.
$ sudo /etc/init.d/mysql restart

For stored procedure
mysql > GRANT ALTER ROUTINE, CREATE ROUTINE, EXECUTE ON *.* TO 'snorlax'@'localhost' ;

Some basic MySQL commands.
    mysql> \c                             - Clear screen command.
    mysql> \q                             - Exit from sql prompt.
    mysql> show databases;  - Displaying available database.
    mysql> use dbname;            - Use particular database.
    mysql> show tables;          - List out available table in default database.

CREATE USER 'user_name'@'localhost' IDENTIFIED BY 'user_passwd';
create database dbname;
GRANT ALL PRIVILEGES ON dbname.* TO 'user_name'@'localhost' WITH GRANT OPTION;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, DROP ,ALTER ROUTINE, EVENT, TRIGGER ON dbname.* TO 'user_name'@'localhost';

Load all timezone data :     

$ mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql -p