Config Server

Helpful Instructions to Configuring an Ubuntu Server
Alternatives To Config Server
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
7 days ago53October 09, 2021464gpl-3.0Go
一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
Coredns11,079815317 days ago272February 06, 2023116apache-2.0Go
CoreDNS is a DNS server that chains plugins
Ssh25,2483,1821,31321 days ago103June 19, 202382mitJavaScript
SSH2 client and server modules written in pure JavaScript for node.js
React Redux Realworld Example App5,183
2 years ago88mitJavaScript
Exemplary real world application built with React + Redux
3 months ago19gpl-3.0PHP
HTPC/Homelab Services Organizer - Written in PHP
Vantage3,45847356 years ago51June 02, 201615mitJavaScript
Distributed, realtime CLI for live Node apps.
3 months ago75mitJavaScript
server for
Web Socket Js2,704
46 years agoApril 03, 201429bsd-3-clauseJavaScript
HTML5 Web Socket implementation powered by Flash
Py Kms1,883
5 months ago24unlicensePython
KMS Server Emulator written in Python
Start Server And Test1,4607511,62310 days ago68February 27, 202373mitJavaScript
Starts server, waits for URL, then runs test command; when the tests end, shuts down server
Alternatives To Config Server
Select To Compare

Alternative Project Comparisons

Config Server

This is a guide to install a server for an Ubuntu 14 LTS server. You could likely use different versions.

Table of Contents

#Security These are necessities to keep your server secure. Not everything will be covered but some of the most important.

###Update With any new installation you want to update!

sudo apt-get update
sudo apt-get upgrade -y

###Firewall UFW UFW is the uncomplicated firewall.

sudo ufw enable
sudo ufw allow 80
sudo ufw allow 443
sudo ufw allow ssh
sudo ufw allow 911 <or any number>

See your Firewall Rules:

sudo ufw status verbose

###SSH and Users You should first create a non-root user. Since default logins are root on port 22:

sudo useradd -m -s /bin/bash user1
passwd user1

We need user1 him to be a super-user (su). Add your in visudo:

$ visudo
# User privilege specification
root    ALL=(ALL:ALL) ALL
user1   ALL=(ALL:ALL) ALL

#####Change Default SSH Port To change the default port of 22 to something else of your choice:

$ sudo vim /etc/ssh/sshd_config
Port 22              # Change to: 1234
PermitRootLogin yes  # Change to: no

Reload SSH Configuration:

sudo service ssh reload

#####Make Sure You can Login Test your new user by keeping your current terminal connected and opening a second terminal:

ssh user1@ip_address -p1234

Also make sure you can use sudo, so type su -

#####User SSH Login

As your new user (user1), if you want to login with an SSH key, make sure you have a key on your local machine.

ssh-keygen -t rsa -b 4096 -C "[email protected]"

Create your remote SSH folder and authorized_keys. Paste your id_rsa.pubto authorized_host:

mkdir ~/.ssh
vim /etc/authorized_keys

Your local ~/.ssh/ must match the remote ~/.ssh/authorized_keys. Make sure it's on one line!

#####SSH File Permissions Here are the permissions for your files (local and remote).

chmod 700 ~/.ssh &&\
chmod 600 ~/.ssh/authorized_keys &&\
chmod 644 ~/.ssh/ &&\
chmod 600 ~/.ssh/id_rsa

Don't keep your id_rsa private key on the remote host, all you need to login is the authorized_keys file. Only host your private key for a locked down user for deployments.

#####Quick SSH Login On your local machine edit or create an ssh config for quick connection:

$ vim ~/.ssh/config
Host myhost
Port 1234
User user1

You should now be able to connect with:

ssh myhost

###Fail2Ban Bans IPs that attempt too many password failures, searching for exploits and the like. The default configuration is good.

sudo apt-get install fail2ban


sudo apt-get install chkrootkit rkhunter

Edit the chkrootkit configuration:

sudo vim /etc/chkrootkit.conf

We will run both weekly; However we need to change the configuration:


For your reference, rkhunter's configuration file is located here: /etc/default/rkhunter

Rename the rkhunter's update job with a different name before moving the other items to the weekly CRON:

sudo mv /etc/cron.weekly/rkhunter /etc/cron.weekly/rkhunter_update

Next move the daily CRON to the weekly:

sudo mv /etc/cron.daily/chkrootkit /etc/cron.weekly
sudo mv /etc/cron.daily/rkhunter /etc/cron.weekly

###Unattended Upgrades Keep security updates on a cron.

sudo apt-get install unattended-upgrades

Edit the periodic updated file:

sudo vim /etc/apt/apt.conf.d/10periodic

Update your values to something like this:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

###Apache2 Mod-Evasive This is useful for DDOS attacks. First install the needed packages.

sudo apt-get install apache2 apache2-utils libapache2-mod-evasive

Create the log directory.

sudo mkdir /var/log/mod_evasive
sudo chown www-data:www-data /var/log/mod_evasive

Edit the configuration file:

sudo vim /etc/apache2/mods-available/mod_evasive.conf

Uncomment everything except DOSSystemCommand and add your email after DOSEmailNotify.

Reload Apache:

sudo a2enmod evasive
sudo service apache2 reload

#Packages The location for aptitude apt package sources is:

/etc/apt/sources.list     # This is one long file of defaults
/etc/apt/sources.list.d/  # These are separate files for things like PPA adding

If you choose to manually add a package I would recommend adding it to the /etc/apt/sources.list.d/your-source.list directory, that way you can just delete it and sudo apt-get update if you don't want it -- rather than editing the main sources.list file.

###Common Items These are some common packages you can use. If you prefer nginx over apache then install that instead.

sudo apt-get install\
git htop xclip\
python-dev python-pip\
php5 php5-dev\
apache2 apache2-utils

###Enable PPA Repositories This should exist by default, but if it doesn't install it:

sudo apt-get install python-software-properties

#Commands These are commands for reference.

###SSH Welcome Message When you login to your SSH, you can add a custom welcome banner that looks cool:

sudo vim /etc/ssh/sshd_config
Banner /etc/banner

Then create the file and add anything you want:

sudo vim /etc/banner

Here is an example:

   __ _____ _____ _____ _____ 
 __|  | __  |   __|  _  |     |
|  |  |    -|   __|     | | | |
Server 01               Welcome

I used a text to ASCII generator for that. Then restart and it will appear next time you login!

sudo service ssh restart


Search for a filename from system path

$ find / --name filename

Search the contents of a file

$ cat filename | grep "text-to-find-here"

Search within files in the current directory

$ grep -Ril "text-to-find-here" .

R (recursive)
i (case insensitive)
l (show the file name, not the result itself)

##User Management

See the user defaults, and add a user with the defaults:

useradd -D
useradd user2

useradd -m user2                # Create Home, Default Shell
useradd -m -s /bin/bash user2   # Set Shell, Create Home

passwd user2                     # Change Passwd
userdel user2                     # Delete User

cat /etc/passwd # See Users
cat /etc/group # See Groups

Manually Add sudo (Super User)

$ visudo
user2 ALL=(ALL) ALL

Change a users shell

sudo chsh -s /bin/bash user2

Add Existing user to Existing Group

usermod -a -G www-data user2

##SFTP User For SFTP Access you should create a group an ddo the following:

sudo groupadd sftp_users
sudo usermod -G sftp_users user2

For a webserver, you should add the webserver group AS WELL

sudo usermod -G www-data user2

Edit your SSHD config and append to the end of the file

$ sudo vim /etc/ssh/sshd_config
Match group filetransfer
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

Restart SSH

sudo service ssh restart

#Manage Network Scripts You can add your own startup/shutdown scripts and the like in folders in this area:


Just make sure to chmod +x

##Checking Ports Beginner commands to

apt-get install nmap

There are many ways to check open ports:

sudo ufw status
sudo nmap -sT -O localhost

Other ways to check ports

netstat -anp | grep 222
lsof -i | grep 222
telnet localhost 222

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that notice appear in all copies.

©2016 MIT License | Jesse Boyer |

Popular Server Projects
Popular Port Projects
Popular Networking Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.