The first thing I do when I launch a VM is to secure the OS.
To do so, I created a script that automates the process.
There are two versions of the script.
The first one is for the cloud providers that give a root user as the first user (DigitalOcean), and the second one is for the cloud providers that give a user with sudo privileges (AWS, Azure, GCP).
Both scripts do:
- Update and upgrade packages
- Disable root login and enforce key-based authentication
- Configure secure SSH cipher settings
- Install UFW, Enable firewall (ufw) & allow OpenSSH
- Install and configure fail2ban to prevent brute-force attacks
- Set up automatic security updates
The script for the root user does:
- Add a new user
- Give sudo privilege to new user
- Copy the SSH key from root to new user
You can find both scripts on my GitHub