To see which ports are being used by your server:
sudo ss -tulnpNotes:
0.0.0.0:*→ loopback (safe, local only)[::]:*→ open to all (public)
Update package lists and upgrade all packages:
sudo apt update && sudo apt upgrade -yInstall and configure unattended upgrades:
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgradesThis ensures security updates are applied automatically.
Use ufw (Uncomplicated Firewall) to manage firewall rules:
sudo ufw enable
sudo ufw status
sudo ufw allow ssh # allow SSH access
sudo ufw allow 80/tcp # allow HTTP
sudo ufw allow 443/tcp # allow HTTPSTip: Always allow SSH before enabling ufw to avoid locking yourself out.
Check CPU, memory, and disk usage:
top # real-time CPU & memory
htop # interactive, more user-friendly
df -h # disk usage
free -h # memory usageInstall htop if not available:
sudo apt install htopCheck status, start, stop, or restart services:
sudo systemctl status nginx
sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx
sudo systemctl enable nginx # start on bootView system logs for troubleshooting:
journalctl -xe # system logs
sudo tail -f /var/log/syslog # live system log- Disable root login: edit
/etc/ssh/sshd_config→PermitRootLogin no - Use key-based authentication instead of passwords
- Change default port for SSH (optional)
Restart SSH after changes:
sudo systemctl restart sshInstall and enable fail2ban:
sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2banCheck status:
sudo fail2ban-client statusCtrl + R→ search command history!!→ repeat last command!<number>→ run command from history by numbertmuxorscreen→ keep sessions running after disconnect