After receiving a new server, perform a few basic hardening steps before deploying production workloads.
- Update the operating system packages.
- Create a non-root sudo user for daily administration.
- Install SSH keys and disable password login if possible.
- Enable a firewall such as
ufw,firewalld, or nftables. - Keep only required ports open to the Internet.
- Configure automatic security updates or a regular patching schedule.
- Set up monitoring and backups before storing important data.
