Here are some references for various fix ups or tweaks that I apply to  servers with a RunCloud control panel. These are not all done inclusively, depends on the need.

Change root password

You root password initially generated by your host provider might be on the weak side always best to change and strengthen it.

SSH in as root and run:

passwd root

Then you can either type in a new password or paste in a generated one.

SSH

Change the SSH Port from the default 22

nano /etc/ssh/sshd_config

Change to desired port

#Port 22

Restart ssh

service ssh restart

Open new port in RunCloud panel, close old 22 – then redeploy firewall.

Ref

Fail2Ban

If you have changed SSH port and closed port 22 on the firewall – change fail2ban to include new SSH port, while you are at it – give your IP Address a permanent pass…

nano /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 1.2.3.4
bantime = 36000
findtime = 600
maxretry = 5


[sshd]
enabled = true
logpath = %(sshd_log)s
port = 2683
banaction = iptables

Restart fail2ban

service fail2ban restart

Firewall

Check running on server

firewall-cmd --state

Check open ports

firewall-cmd --list-all

Should match with RunCloud panel

How to restart Firewall on Server.

service firewalld restart

Block access to xmlrpc.php and wp-login.php via NGINX

Ref & Ref

Sudo Users

Add new user

adduser [username]

Add/remove users to the sudo group (login as root)

usermod -aG sudo [username]

Remove a user from the sudo group

deluser [username] sudo

Ref

MySQL/MariaDB

Change domain name strings and https prefix

Tweak MySQL Performance Using MySQLTuner

Postfix

Send command line server emails by tweaking Postfix

Server Domain Name

Set a server hostname and FQDN

Malware

Set up a malware scanner LMD

Update the RunCloud Agent

apt update && unattended-upgrade -d
apt upgrade runcloud-agent
service runcloud-agent restart

Leave a Comment