Here is an example shell script that you can use to quickly and safely configure your newly installed Ubuntu Linux server:
#!/bin/bash # Update the package manager sudo apt-get update # Upgrade all installed packages sudo apt-get upgrade -y # Install necessary packages sudo apt-get install -y git htop unzip fail2ban # Create a new user and add it to the sudo group sudo adduser newuser sudo usermod -aG sudo newuser # Set the server's hostname sudo hostnamectl set-hostname myserver # Configure the firewall sudo ufw allow 22 sudo ufw allow 80 sudo ufw allow 443 sudo ufw enable # Configure SSH for the new user sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config sudo service ssh restart # Enable automatic security updates sudo apt-get install -y unattended-upgrades sudo dpkg-reconfigure -plow unattended-upgrades # Configure Fail2ban sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo systemctl start fail2ban sudo systemctl enable fail2ban # Print a message when the script is finished echo "Server configuration complete!"
This script does the following:
- Updating the package manager
- Upgrading all installed packages
- Installing necessary packages like git, htop and unzip, fail2ban
- Create a new user and add it to the sudo group
- Set the server's hostname
- Configure the firewall
- Configure SSH for the new user
- Enable automatic security updates
- Configure Fail2ban
Please note that this script is just an example and may not include all the necessary configuration steps for your specific server. It's always a good idea to double-check the security settings and adjust them accordingly. Also, it is important to understand the commands and their function before using them in your server.
Fail2ban is a security tool that monitors log files for repeated failed login attempts and blocks the IP addresses that are making these attempts. This script installs and configures fail2ban and sets it to start at boot. The package will monitor the ssh log file by default, and you can configure it to monitor other logs as well.