Tweaking RunCloud Servers After Deployment

Here are some references for various fix ups or tweaks that I apply to servers with the RunCloud control panel. These are not all done inclusively, it depends on the need.

Change root password

The root password initially generated by your host provider might be on the weaker side always best to change and strengthen it.

SSH in as root and run:

passwd root

Then you can either type in a new password or paste in a generated one.

SSH

Change the SSH Port from the default 22

nano /etc/ssh/sshd_config

Uncomment and change to desired port

Port 2200

Restart ssh

service ssh restart

Open new port in RunCloud panel, close old 22 – then redeploy firewall.

Ref

 

Fail2Ban

If you have changed SSH port and closed port 22 on the firewall – change fail2ban to include new SSH port, while you are at it – give your IP Address a permanent pass…

nano /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 1.2.3.4
bantime = 36000
findtime = 600
maxretry = 5


[sshd]
enabled = true
logpath = %(sshd_log)s
port = 2200
banaction = iptables

Restart fail2ban

service fail2ban restart

 

Firewall

Check running on server

firewall-cmd --state

Check open ports

firewall-cmd --list-all

Should match with RunCloud panel

How to restart Firewall on Server.

service firewalld restart

Block access to xmlrpc.php and wp-login.php via NGINX

Ref & Ref

 

Sudo Users

Add new user

adduser [username]

Add/remove users to the sudo group (login as root)

usermod -aG sudo [username]

Remove a user from the sudo group

deluser [username] sudo

Ref

 

MySQL/MariaDB

Change domain name URLs and https prefix

Tweak MySQL Performance Using MySQLTuner

Add Monit to restart MariaDB should it fail due to resource issues

 

Emails/Postfix

Send command line server emails by tweaking Postfix

 

Server Domain Name

Set a server hostname and FQDN

 

Malware

Set up a malware scanner LMD

 

Update the RunCloud Agent NGINX

apt update && unattended-upgrade -d
apt upgrade runcloud-agent
service runcloud-agent restart

Update the RunCloud Agent OpenLiteSpeed

apt update && unattended-upgrade -d
apt upgrade runcloud-agent-lsws
service runcloud-agent restart

1 Comments

  1. James on November 10, 2023 at 2:51 am

    Thanks for the helpful info.
    Do you need to run LMD if there’s no mail server on the VM and only ssh login allowed?
    I’m new to this.

Leave all Comment