Hardware and OS
Once my new toy arrived, I named him Jarvis and installed Ubuntu 12.04 server edition including the DNS, OpenSSH, SMTP, and LAMP packages.
I’m picky about my personal environment. Everything from keybindings to colors has to be just right for me to feel at home.
- ran my dotfiles bootstrap script
- created the best message of the day (motd) ever with this tutorial
- in order to do that I needed to install hddtemp, lm-sensors (and configure it with
sudo sensors-detect, fortune (fortune-mod on Ubuntu), and cowsay
I’m hosting out of my apartment with an IP that’s potentially dynamic. I went with ZoneEdit as my dynamic DNS provider ($1/mo/domain) and installed Ubuntu’s ddclient which periodically updates ZoneEdit with its IP.
Ubuntu 12.04 gives me the option to encrypt my home directory. For a while I didn’t understand why
I couldn’t SSH into Jarvis. Then I figured out that the machine wasn’t be able to read my
.ssh/authorized_keys files since they were encrypted. So I moved my authorized_keys from the
.ssh/authorized_keys path to an unencrypted area
- copied over my usual .ssh/config and .ssh/authorized_keys file
- generated a public key pair
- modified /etc/ssh/sshd_config: change default port, no root login, key only auth, etc
- installed denyhosts according to Securing Your Server with Denyhosts
- copied over my previous collection of blacklisted hosts to /etc/hosts.deny
- added iptable rules according to Securing SSH with iptables and installed iptables-persistent to persist them after reboot
People who’ve tried to hack me but failed.
sshd: 220.127.116.11 sshd: 18.104.22.168 sshd: 22.214.171.124 sshd: 126.96.36.199 sshd: 188.8.131.52 sshd: 184.108.40.206 sshd: 220.127.116.11 sshd: 18.104.22.168 sshd: 22.214.171.124 sshd: 126.96.36.199 sshd: 188.8.131.52 sshd: 184.108.40.206 sshd: 220.127.116.11 sshd: 18.104.22.168 sshd: 22.214.171.124 sshd: 126.96.36.199 sshd: 188.8.131.52 sshd: 184.108.40.206 sshd: 220.127.116.11 sshd: 18.104.22.168 sshd: 22.214.171.124 sshd: 126.96.36.199 sshd: 188.8.131.52 sshd: 184.108.40.206 sshd: 220.127.116.11 sshd: 18.104.22.168 sshd: 22.214.171.124 sshd: 126.96.36.199 sshd: 188.8.131.52 sshd: 184.108.40.206 sshd: 220.127.116.11 sshd: 18.104.22.168
I installed nginx with the commands below (also in the Ars article).
install python-software-properties add-apt-repository ppa:nginx/development aptitude upgrade add-apt-repository ppa:nginx/development