This is why basic security settings must be configured before you install any site after getting a VPS. This guide walks through the essential first security steps to take after acquiring a new Linux VPS.
First Things to Do After Getting a VPS (Checklist)
| Step | Task |
|---|---|
| 1 | Change the root password |
| 2 | Create a new user |
| 3 | Set up SSH key login |
| 4 | Disable root login |
| 5 | Change the SSH port |
| 6 | Install a firewall |
| 7 | Install Fail2Ban |
| 8 | Enable automatic updates |
| 9 | Create swap space |
| 10 | Configure the system timezone |
| 11 | Install monitoring tools |
| 12 | Configure backups |
These steps take approximately 30β40 minutes in total, but they are critical for server security.
1. Change the Root Password
passwdReason:
- VPS IP addresses are continuously scanned by bots
- The root username is already known
- Attackers only need to guess the password
2. Create a New User
adduser kullaniciadi
usermod -aG sudo kullaniciadiLogging in as root regularly is not secure.
3. Setting Up SSH Key Login
ssh-keygen
ssh-copy-id kullaniciadi@SERVER_IPSSH key login is far more secure than password login.
4. Disabling Root Login
nano /etc/ssh/sshd_configChange the following line:
PermitRootLogin nosystemctl restart sshd5. Changing the SSH Port
nano /etc/ssh/sshd_configPort 2222systemctl restart sshdNew connection:
ssh kullaniciadi@SERVER_IP -p 22226. Firewall Setup (UFW)
apt update
apt install ufw
ufw allow 2222/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable7. Fail2Ban Setup
apt install fail2ban
systemctl enable fail2ban
systemctl start fail2banFail2Ban blocks brute-force attacks.
8. Automatic Security Updates
apt install unattended-upgrades
dpkg-reconfigure unattended-upgrades9. Creating Swap Space
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab10. Server Timezone Configuration
timedatectl set-timezone Europe/IstanbulThis is important for log records.
11. Monitoring Tools
apt install htop
apt install net-tools
htop12. Backup Configuration
Running a server without backups is a major risk. Daily backups should be taken. Backups can be automated with cron.
crontab -eExample daily backup cron:
0 3 * * * tar -czf /backup/site-$(date +\%F).tar.gz /var/wwwSecure VPS Setup Checklist
| Setting | Done? |
|---|---|
| Root password changed | β |
| New user created | β |
| SSH key configured | β |
| Root login disabled | β |
| SSH port changed | β |
| Firewall installed | β |
| Fail2Ban installed | β |
| Auto update enabled | β |
| Swap created | β |
| Monitoring installed | β |
| Backup configured | β |
Conclusion
The biggest mistake after getting a new VPS is leaving the server exposed to the internet without any security configuration.
A VPS without security hardening:
- Can be hacked
- Can be used as a spam bot
- Can be blacklisted
- Can have all data wiped
This is why the first thing to do after setting up a VPS is to complete the basic security hardening steps.