You've just deployed a fresh Linux server. The next 30 minutes are critical — this is when you'll establish the security baseline and basic configuration that everything else builds on. Follow this guide step by step to set up a secure, well-configured server.
Minute 0-5: Connect and Update
Connect via SSH
# Connect to your server (replace with your IP)
ssh root@YOUR_SERVER_IP
# If you get a host key warning on first connect, verify the fingerprint
# then type "yes" to continueUpdate the System
# Ubuntu/Debian
apt update && apt upgrade -y
# AlmaLinux/Rocky
dnf update -yMinute 5-10: Create a Non-Root User
Running everything as root is dangerous — a single mistake can destroy your system. Create a regular user with sudo privileges.
# Create a new user
adduser deploy
# Add to sudo group (Ubuntu/Debian)
usermod -aG sudo deploy
# Or for AlmaLinux/Rocky
usermod -aG wheel deploy
# Test the new user
su - deploy
sudo whoami
# Should output: rootMinute 10-15: Secure SSH
Set Up SSH Keys
# On your LOCAL machine, generate a key pair (if you don't have one)
ssh-keygen -t ed25519 -C "your_email@example.com"
# Copy your public key to the server
ssh-copy-id deploy@YOUR_SERVER_IP
# Test key-based login
ssh deploy@YOUR_SERVER_IPHarden SSH Configuration
# On the server, edit SSH config
sudo nano /etc/ssh/sshd_config
# Make these changes:
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
X11Forwarding no
AllowUsers deploy
# Restart SSH (keep your current session open!)
sudo systemctl restart sshd
# TEST: Open a NEW terminal and verify you can still log in
ssh deploy@YOUR_SERVER_IPMinute 15-20: Set Up the Firewall
# Ubuntu/Debian with UFW
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
# Verify rules
sudo ufw status verbose
# AlmaLinux/Rocky with firewalld
sudo systemctl enable --now firewalld
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
sudo firewall-cmd --list-allMinute 20-25: Configure Basics
Set the Hostname
sudo hostnamectl set-hostname myserver
echo "127.0.0.1 myserver" | sudo tee -a /etc/hostsSet the Timezone
# List available timezones
timedatectl list-timezones | grep America
# Set your timezone
sudo timedatectl set-timezone America/New_York
# Enable NTP time synchronization
sudo timedatectl set-ntp trueInstall Essential Tools
# Ubuntu/Debian
sudo apt install -y curl wget git htop vim unzip net-tools
# AlmaLinux/Rocky
sudo dnf install -y curl wget git htop vim unzip net-toolsMinute 25-30: Set Up Automatic Security Updates
# Ubuntu/Debian — unattended-upgrades
sudo apt install -y unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades
# Verify it's enabled
cat /etc/apt/apt.conf.d/20auto-upgrades
# APT::Periodic::Update-Package-Lists "1";
# APT::Periodic::Unattended-Upgrade "1";
# AlmaLinux/Rocky — dnf-automatic
sudo dnf install -y dnf-automatic
sudo systemctl enable --now dnf-automatic-install.timerPost-Setup Verification Checklist
# Run these checks to verify your setup:
# 1. Can you log in as your non-root user with SSH key?
ssh deploy@YOUR_SERVER_IP
# 2. Is root login disabled?
ssh root@YOUR_SERVER_IP # Should fail
# 3. Is the firewall active?
sudo ufw status # or sudo firewall-cmd --list-all
# 4. Is the system up to date?
sudo apt list --upgradable # Should show nothing
# 5. Is NTP synced?
timedatectl status | grep "synchronized"
# 6. Are automatic updates enabled?
systemctl status unattended-upgrades # Ubuntu
systemctl status dnf-automatic-install.timer # RHELWhat to Do Next
With these basics in place, your next steps should be:
- Install and configure your web server (Nginx or Apache)
- Set up SSL certificates with Let's Encrypt
- Configure automated backups
- Install application-specific software (databases, runtimes)
- Set up monitoring and alerting
Check our other Getting Started guides for detailed walkthroughs of each step.