Tweaking RunCloud Servers After Deployment
Here are some references for various fix ups or tweaks that I apply to servers with the RunCloud control panel. These are not all done inclusively, it depends on the need.
Change root password
The root password initially generated by your host provider might be on the weaker side always best to change and strengthen it.
SSH in as root and run:
passwd root
Then you can either type in a new password or paste in a generated one.
SSH
Change the SSH Port from the default 22
nano /etc/ssh/sshd_config
Uncomment and change to desired port
Port 2200
Restart ssh
service ssh restart
Open new port in RunCloud panel, close old 22 – then redeploy firewall.
Fail2Ban
If you have changed SSH port and closed port 22 on the firewall – change fail2ban to include new SSH port, while you are at it – give your IP Address a permanent pass…
nano /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 1.2.3.4
bantime = 36000
findtime = 600
maxretry = 5
[sshd]
enabled = true
logpath = %(sshd_log)s
port = 2200
banaction = iptables
Restart fail2ban
service fail2ban restart
Firewall
Check running on server
firewall-cmd --state
Check open ports
firewall-cmd --list-all
Should match with RunCloud panel
How to restart Firewall on Server.
service firewalld restart
Block access to xmlrpc.php and wp-login.php via NGINX
Sudo Users
Add new user
adduser [username]
Add/remove users to the sudo group (login as root)
usermod -aG sudo [username]
Remove a user from the sudo group
deluser [username] sudo
MySQL/MariaDB
Change domain name URLs and https prefix
Tweak MySQL Performance Using MySQLTuner
Add Monit to restart MariaDB should it fail due to resource issues
Emails/Postfix
Send command line server emails by tweaking Postfix
Server Domain Name
Set a server hostname and FQDN
Malware
Set up a malware scanner LMD
Update the RunCloud Agent NGINX
apt update && unattended-upgrade -d apt upgrade runcloud-agent service runcloud-agent restart
Update the RunCloud Agent OpenLiteSpeed
apt update && unattended-upgrade -d apt upgrade runcloud-agent-lsws service runcloud-agent restart
Thanks for the helpful info.
Do you need to run LMD if there’s no mail server on the VM and only ssh login allowed?
I’m new to this.