This is a neat little BASH script that should be ran immediately after your VPS boots up the first time. It will help deploy most known best security practices to date. Ultimately, helping you maintain and start off with a secure environment for your VPS!
- Update system packages
- Create a new user with sudo privileges.
- Set up a firewall using UFW to allow only inbound SSH on port 13337 (by default) .
- Disable root login and password authentication via SSH.
- Install and configure Fail2Ban.
- Enable automatic security updates.
Be sure to have a secure way to transfer keys to and from the system. In most cases, it is easiest to use your initial root login credentials to create SSH keys for a new user, and then use ssh-copy-id
to transfer the keys to the new user.
The default port is 13337
, but be sure to change it in the lock-figuration.sh
file if you want to use a different port.
ssh -p <port> -i <private_key_here> user@<server_address>
Let me know if I should add anything else!