Close Menu

    Initial Server Setup with Debian 10/9/8

    By 4 Mins Read

    We have launched a new Debian Linux instance to run it as a production server for our new applications. This is a good practice to perform an initial server setup with the Debian Linux system. Which will enhance the primary server security and usability for your new server.

    This guide includes the following steps:

    1. Update and Upgrade a Debian System
    2. Create A Sudo User in Debian
    3. Setup Hostname in a Debian System
    4. Secure SSH Server
    5. Configuring FirewallD

    Let’s begin with the initial server setup on the Debian Linux system.

    1. Upgrade Debian

    After login into the Debian server, the first task is to upgrade the current packages of the Debian system. Because It may be the server is built with the old image file. The Debian team keeps working to enhance server security and provide updated packages regularly.

    First, update the Apt cache on your system.

    sudo apt update

    Then, run the upgrade command to actually upgrade packages.

    sudo apt upgrade

    It’s also a good choice to run the dist-upgrade for a newly installed system.

    sudo apt dist-upgrade

    Press ‘Y’ for any confirmation prompted to complete the packages installation.

    Initial server setup Debian - Upgrade Packages

    Also, execute the following command to remove packages no longer required. This is also helpful to remove files of the old kernel versions.

    sudo apt autoremove

    2. Create A Sudo User

    Some of the hosting providers like DigitalOcean launches instances with root account only. This is not a good practice to keep using a production instance using the superuser account. We strongly recommend creating a new user with Sudo privileges and use that to accessing your Debian instance.

    Assuming you are already logged in a root account. Run the following command to create a new User on Debian:

    sudo adduser tecadmin

    Initial serer setup debian - create sudo user

    The newly created account is a regular user. You will require the administrative privileges to perform multiple tasks. Grant the administrative privileges to this user by adding them in sudo group. To add user to sudo group, type:

    sudo usermod -a -G sudo tecadmin

    Now, you can switch to a newly created account for further instructions.

    sudo su - tecadmin

    3. Configure System’s Hostname

    A hostname of a system is the name of the instance used as an identity for computer networks. It helps users and network machine to easily recognize a machine within a network in a human-readable format.

    Its an good practice to set a proper hostname for your instance. In the system terminal type hostnamectl and hit enter:

    hostnamectl

    This will give you details about system details including hostname. Even you can type hostname command to view systems hostname.

    Next, change the system hostname to

    sudo hostnamectl set-hostname debian10

    Once you updated the Systems’ hostname, you need to change to a new shell to activate in the current session. After changing the current shell, the shell prompt will be changed to a new hostname.

    hostname

    Initial Server Setup Debian - Change Hostname

    4. Securing SSH

    SSH (Secure Shell) is the protocol used to connect remote servers. We recommended configuring the OpenSSH server to listen on a non-standard port. Which provides you another layer of security from hackers.

    To change the default port and disable root login, edit OpenSSH configuration file /etc/ssh/sshd_config and do the following changes.

    • Change Default Port – It will be good to change default ssh port as default ports are always on attackers.
       Port 2232
    • Disable Root SSH Login – Also you would like to disable root login via ssh.
       PermitRootLogin no

    Save the configuration file and restart the OpenSSH service to apply changes.

    sudo systemctl restart ssh

    5. Configuring Firewall (FirewallD)

    The Default Debian server edition does not have a firewall installed on it. You can simply run the following command to install required packages from default repositories.

    sudo apt install firewalld -y

    On successful installation, firewall service will to auto started and enabled on your system.

    The default firewall allows SSH to the remote users. But if the SSH port is changed, you can add a rule to allow SSH access on another port.

    sudo firewall-cmd --permanent --add-port=2232/tcp

    You can directly provide a service name like “http” or “https” to allow. The firewalld reads /etc/services file to determine the corresponding port of the service.

    sudo firewall-cmd --permanent --add-service=http 
sudo firewall-cmd --permanent --add-service=https

    After making any changes to your firewall, make sure to reload changes using the following command.

    sudo firewall-cmd --reload

    To view, all the allowed ports and services use the following command.

    sudo firewall-cmd --permanent --list-all

    Output:

    public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: cockpit dhcpv6-client http https ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

    Conclusion

    In this guide, we have gone through the initial server setup of a Debian Linux system. Once you successfully finished all the initial server setup configurations, your system is ready to use.

    Share.

    Related Posts

    View 3 Comments

    3 Comments

    1. Anders Jackson on

      Not that it is any faults. But I preferes to change the files directly (like /etc/hostname).

      I also preferes to use ufw(8) as firewall, as it is easy to manage and support routing and tunneling and both IPv4 and IPv6 out of the box.

      Reply
    Leave A Reply


    Manage Preferences