Here are some references for various fix ups or tweaks that I apply to  servers with a RunCloud control panel. These are not all done inclusively, depends on the need.

SSH

Change the SSH Port from the default 22

nano /etc/ssh/sshd_config

Change to desired port

#Port 22

Open new port RunCloud panel, close old 22 – redeploy firewall.

Ref

Fail2Ban

If you have changed SSH port and closed port 22 on the firewall – change fail2ban to include new SSH port, while you are at it – give your IP Address a permanent pass…

nano /etc/fail2ban/ jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 1.2.3.4
bantime = 36000
findtime = 600
maxretry = 5


[sshd]
enabled = true
logpath = %(sshd_log)s
port = 2683
banaction = iptables

Restart fail2ban

service fail2ban restart

Firewall

Check running on server

firewall-cmd --state

Check open ports

firewall-cmd --list-all

Should match with RunCloud panel

How to restart Firewall on Server.

service firewalld restart

Block access to xmlrpc.php and wp-login.php via NGINX

Ref & Ref

Sudo Users

Add new user

adduser [username]

Add/remove users to the sudo group (login as root)

usermod -aG sudo [username]

Remove a user from the sudo group

deluser [username] sudo

Ref

MySQL/MariaDB

Change domain name strings and https prefix

Tweak MySQL Performance Using MySQLTuner

Postfix

Send command line server emails by tweaking Postfix

Server Domain Name

Set a server hostname and FQDN

Malware

Set up a malware scanner LMD

Leave a Comment