Linux Server Initial Setup Checklist: 10 Steps Before You Go Live

Why First-Time Setup Matters

A fresh Linux server is a blank slate — and also a potential security risk. Default configurations are designed for convenience, not security or performance. Running through a proper initial setup checklist before deploying any application can prevent the vast majority of common problems down the road.

This guide covers the essential steps for any new Linux VPS or dedicated server, regardless of distribution (the commands shown target Debian/Ubuntu unless noted).

Step 1: Update the System

Before anything else, bring the system fully up to date to patch known vulnerabilities and get the latest package versions.

sudo apt update && sudo apt upgrade -y

On RHEL/CentOS systems, use dnf update -y instead.

Step 2: Create a Non-Root User

Operating as root is dangerous — a single typo can be catastrophic. Create a regular user and grant it sudo privileges.

adduser deployer
usermod -aG sudo deployer

Step 3: Set Up SSH Key Authentication

Password-based SSH logins are vulnerable to brute-force attacks. Switch to key-based authentication immediately.

1. Generate a key pair on your local machine: ssh-keygen -t ed25519
2. Copy your public key to the server: ssh-copy-id deployer@your-server-ip
3. Test login with the key before disabling passwords

Step 4: Harden SSH Configuration

Edit /etc/ssh/sshd_config and apply these settings:

• PermitRootLogin no — disables direct root SSH login
• PasswordAuthentication no — forces key-based auth only
• Port 2222 (optional) — moving off port 22 reduces automated scan noise
• MaxAuthTries 3 — limits brute-force attempts

Reload SSH after changes: sudo systemctl reload sshd

Step 5: Configure a Firewall

Use UFW (Uncomplicated Firewall) to allow only necessary traffic:

sudo ufw allow OpenSSH
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

Step 6: Install Fail2Ban

Fail2Ban monitors log files and automatically bans IPs that show malicious behavior such as repeated failed SSH logins.

sudo apt install fail2ban -y
sudo systemctl enable fail2ban

Step 7: Configure the Hostname and Timezone

Set a meaningful hostname and the correct timezone so logs are readable:

sudo hostnamectl set-hostname web-server-01
sudo timedatectl set-timezone America/New_York

Step 8: Set Up Automatic Security Updates

Install unattended-upgrades to automatically apply security patches without manual intervention:

sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades

Step 9: Configure Swap Space (For Low-RAM VPS)

If your VPS has 1–2 GB of RAM, adding swap prevents out-of-memory crashes during traffic spikes:

sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

Add /swapfile swap swap defaults 0 0 to /etc/fstab to persist across reboots.

Step 10: Set Up Basic Monitoring

Install lightweight monitoring tools so you have visibility into CPU, memory, and disk usage from day one:

• htop — interactive process viewer
• ncdu — disk usage analyzer
• netstat / ss — network connection monitoring

You're Ready to Deploy

With these ten steps complete, your server has a secure baseline configuration. From here, you can confidently install your web server, database, or application stack knowing the foundation is solid.