Merge pull request #3 from casantosmu/add-setup-ubuntu-server

Add setup ubuntu server

.markdownlint.json

@@ -1,3 +1,4 @@
 {
-  "MD013": false
+  "MD013": false,
+  "MD046": false
 }

docs/ubuntu-server.md

@@ -0,0 +1,121 @@
+# Ubuntu Server
+
+## Setting Up Ubuntu Server
+
+### 1. Accessing the Server
+
+Access the server using an SSH client, substituting `server_ip` with the server IP address:
+
+```bash
+ssh root@server_ip
+```
+
+### 2. Updating the Server
+
+Update the server to ensure all packages are up to date:
+
+```bash
+apt update && apt upgrade -y
+```
+
+### 3. Creating a New User
+
+Create a new user with sudo privileges to avoid using the root account:
+
+```bash
+adduser newuser
+usermod -aG sudo newuser
+```
+
+### 4. Configuring SSH Access
+
+Configure SSH access by copying SSH keys from the root user to the new user:
+
+```bash
+rsync --archive --chown=newuser:newuser ~/.ssh /home/newuser
+```
+
+Update SSH configuration to disable root login and password authentication:
+
+```bash
+nano /etc/ssh/sshd_config
+```
+
+Make the following changes:
+
+```plaintext
+PermitRootLogin no
+PasswordAuthentication no
+```
+
+???+ note
+
+    In Ubuntu 22.04.1 LTS, the `/etc/ssh/sshd_config.d/50-cloud-init.conf` file might override settings from `sshd_config`, including the `PasswordAuthentication` setting. To ensure that `PasswordAuthentication` is disabled, review and adjust the settings in this file.
+
+Restart the SSH service:
+
+```bash
+systemctl restart ssh
+```
+
+### 5. Setting Up a Firewall
+
+Configure the firewall to allow essential services:
+
+```bash
+ufw allow OpenSSH
+ufw enable
+```
+
+### 6. Disabling Root Login
+
+Disable root login for additional security:
+
+```bash
+passwd -l root
+```
+
+### 7. Fail2ban
+
+Install Fail2ban to protect the server from brute-force attacks:
+
+```bash
+apt install fail2ban -y
+```
+
+Start and enable Fail2ban:
+
+```bash
+systemctl start fail2ban
+systemctl enable fail2ban
+```
+
+Check the status of Fail2ban to ensure it is running correctly:
+
+```bash
+fail2ban-client status
+```
+
+???+ note
+
+    If SSH protection is not enabled, follow these steps:
+
+    Create and edit the `jail.local` file:
+
+    ```bash
+    nano /etc/fail2ban/jail.local
+    ```
+
+    Add the following lines:
+
+    ```plaintext
+    [sshd]
+    enabled = true
+    ```
+
+    Restart and check the status of Fail2ban:
+
+    ```bash
+    systemctl restart fail2ban
+    fail2ban-client status
+    ```

mkdocs.yaml

@@ -1,11 +1,14 @@
 site_name: Code Notes
 site_description: A personal collection of programming insights and practical tips.
 site_author: Carlos Santos
+site_url: https://code-notes.casantosmu.com
+repo_url: https://github.com/casantosmu/code-notes
+
 nav:
   - Home: index.md
+  - Ubuntu Server: ubuntu-server.md
   - Resources: resources.md
-site_url: https://code-notes.casantosmu.com
-repo_url: https://github.com/casantosmu/code-notes
+
 theme:
   name: material
   favicon: assets/favicon.png
@@ -22,15 +25,32 @@ theme:
       toggle:
         icon: material/brightness-4
         name: Switch to light mode
+
 plugins:
   - privacy
   - search
   - git-revision-date-localized
   - minify:
       minify_html: true
+
 markdown_extensions:
   - toc:
       permalink: true
+
+  # Admonitions
+  - admonition
+  - pymdownx.details
+  - pymdownx.superfences
+
+  # Code blocks
+  - pymdownx.highlight:
+      anchor_linenums: true
+      line_spans: __span
+      pygments_lang_class: true
+  - pymdownx.inlinehilite
+  - pymdownx.snippets
+  - pymdownx.superfences
+
 validation:
   omitted_files: warn
   absolute_links: warn