Giter Club home page Giter Club logo

devops-notes's Introduction

devops-notes

On a fresh server

Create a new user

adduser <name>

Put them in sudoers:

gpasswd -a <name> sudo

Locally, generate a new keypair

ssh-keygen -t rsa -b 4096 -C "[email protected]"
eval "$(ssh-agent -s)" # start ssh agent
ssh-add ~/.ssh/<private key file>

Add the generated public key to authorized_keys

su - demo # Assuming you are still logged in as root
mkdir .ssh
chmod 700 .ssh
vim .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

Disable root login

vim /etc/ssh/sshd_config
#find the PermitRootLogin 
PermitRootLogin no

Restart ssh

service ssh restart

UFW(Firewall) Basic Setup

Allow ssh

sudo ufw allow ssh

If its on a different port

sudo ufw allow 4444/tcp

Enable IPv6

sudo vim /etc/default/ufw

Find and change to IPV6=yes

Stats

sudo ufw status verbose

UFW Defaults

sudo ufw default deny incoming
sudo ufw default allow outgoing

UFW has some default aliases

sudo ufw allow http
sudo ufw allow https
sudo ufw allow ftp

Port Ranges

sudo ufw allow 6000:6007/udp
sudo ufw allow 6000:6007/tcp

Spefic ips

sudo ufw allow from 15.15.15.51
sudo ufw allow from 15.15.15.51 to any port 22

Subnets

sudo ufw allow from 15.15.15.0/24
sudo ufw allow from 15.15.15.0/24 to any port 22

Network interfaces

ip addr # list the network interfaces
# Eg
# 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
sudo ufw allow in on eth0 to any port 80
sudo ufw allow in on eth1 to any port 3306

Denying Just replace allow with deny lol

Deleting Rules You can delete things by number

sudo ufw status numbered # list by number
sudo ufw delete 2

Or by rule

sudo ufw delete allow 80

references:

https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04 https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/#platform-linux https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-ubuntu-14-04-servers https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-14-04

devops-notes's People

Contributors

robotmayo avatar

Stargazers

avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.