Ubuntu 24.04.3LTS PHP-default Apache2 MySQL+phpmyadmin # Step 1 sudo -i apt update apt -y upgrade reboot # Step 2 nano /etc/ssh/sshd_config Change `#PasswordAuthentication yes` to `PasswordAuthentication no` Add line `AllowUsers ` # Step 3 ON WINDOWS: Via PowerShell enable OpenSSH in PowerShell: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse ssh-keygen -t ed25519 -C "" use a STRONG PASSPHRASE Hit [Enter] to save keys at DEFAULT location to get your rsa PUBLIC key, do: Press [Windows Logo Key/Start]+R Put in `notepad %USERPROFILE%/.ssh/id_ed25519.pub` hit Enter copy all the text in that file # Technical details: it saves private key at %USERPROFILE%/.ssh/id_ed25519 # private key example: C:\Users\potatouser\.ssh\id_ed25519 # public key example: C:\Users\potatouser\.ssh\id_ed25519.pub ON UBUNTU mkdir ~/.ssh chmod 700 ~/.ssh nano ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys sudo systemctl reload sshd TO CONNECT SSH with Windows PowerShell Powershell is installed by default on Windows 10/11 ssh @ Manage Files with WinSCP: install winscp https://winscp.net/eng/download.php install puttygen https://www.puttygen.com/download.php?val=4 run puttygen Click Load Select private key at %USERPROFILE%/.ssh/id_ed25519 copy and paste the string of text beginning in ssh-ed25519 and paste save public and private key to %USERPROFILE%/.ssh/ under a %USERPROFILE%/.ssh/id_ed25519.ppk (private) and %USERPROFILE%/.ssh/id_ed25519.ppk.pub (public) run winscp click new site protocol: SFTP host name: username: port number: 22 click Advanced on left panel under SSH click Authentication Browse for private key at %USERPROFILE%/.ssh/id_ed25519.ppk ok save # Step 4 sudo apt install -y git # download and install scripts and tools cd ~ git clone https://github.com/PrincessPi3/general-scripts-and-system-ssssssetup.git sudo -i apt install -y apache2 snapd mysql-server byobu nmap screen iotop zip unzip lynx htop php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath unattended-upgrades net-tools python3 python3-pip unison snap install btop # secure mysql mysql_secure_installation # follow directions, defaults are fine just remember what you set as the root password # install and config phpmyadmin apt install -y phpmyadmin ln -s /usr/share/phpmyadmin /var/www/html/pma # phpmyadmin will be accessable from the public internet at http:///pma # ensure your passwords are up to snuff // TODO: prolly should do some other security shit to protect phpmyadmin systemctl restart apache2 systemctl restart mysql # add user to web server group usermod -a -G www-data # unattended upgrades dpkg-reconfigure unattended-upgrades nano /etc/apt/apt.conf.d/50unattended-upgrades change `//Unattended-Upgrade::Automatic-Reboot "false";` to `Unattended-Upgrade::Automatic-Reboot "true";` change `//Unattended-Upgrade::Remove-Unused-Dependencies "false";` to `Unattended-Upgrade::Remove-Unused-Dependencies "true";` change `//Unattended-Upgrade::Mail "root@localhost";` to Unattended-Upgrade::Mail "";` systemctl start unattended-upgrades && systemctl enable unattended-upgrades unattended-upgrade -d -v //test unattended upgrades # uncomplicated firewall setup ufw allow http ufw allow https ufw allow ssh ufw enable reboot // TODO: backups setup needs more work, not working at current // make unison script pls // SKIP backups section for now # backups sudo -i mkdir -p /backups/log mkdir /backups/backups ln -s /var/backups /backups/system cp -r /home//general-scripts-and-system-ssssssetup/customscripts /usr/share chmod +x /usr/share/customscripts/*sh nano /usr/share/customscripts/backup.sh //edit to add dirs to back up sh /usr/share/customscripts/crowdsec.sh screen -R backups sh /usr/share/customscripts/backup.sh Ctrl+A+D sh /usr/share/customscripts/fix_permissions.sh # Step 5 # install some cool securiy tools apt install -y chkrootkit lynis certbot fail2ban crontab -e //instal crons from /home//general-scripts-and-system-ssssssetup/crontab.txt apt install -y tripwire Follow directions and utilize secure passphrase DO NOT LOSE PASSPHRASE # as primary user (NOT root or sudo, run `exit` if in doubt) pip3 install thefuck echo "# user addons" >> ~/.bashrc echo "PATH=~/.local/bin/:$PATH" >> ~/.bashrc echo 'eval "$(thefuck --alias)"' >> ~/.bashrc echo 'HISTTIMEFORMAT="%Y-%m-%d %T "' >> ~/.bashrc source ~/.bashrc Step 6: # optional IF you want to use sudo without password check: sudo visudo for ONE user: select editor of your choice add ` ALL=(ALL) NOPASSWD: ALL` OR for all users in the sudo group comment out the line beginning with %sudo soi it looks like #%sudo add `%sudo ALL=(ALL) NOPASSWD: ALL` on any new line save and exit sudo reboot