Initial Server Setup Checklist After Buying a VPS (Ubuntu/CentOS)
A freshly provisioned VPS is a blank, exposed Linux box on the public internet — bots start probing it within minutes. This checklist takes about 30 minutes and covers the essentials for both Ubuntu/Debian and CentOS/AlmaLinux/Rocky.
1. Update Everything
Reboot if a new kernel was installed.
2. Create a Non-Root User With sudo
Day-to-day work as root is one typo away from disaster; use sudo instead.
3. Set Up SSH Keys and Harden SSH
On your local machine, generate a key if you don't have one:
Then in /etc/ssh/sshd_config:
Restart SSH — but keep your current session open and test the new login in a second terminal before closing it.
4. Enable a Firewall
Default-deny everything else. Open ports only when a service actually needs them.
5. Install fail2ban
The default SSH jail bans IPs after repeated failed logins — it removes the vast majority of brute-force noise from your logs.
6. Set the Timezone and Time Sync
Accurate clocks matter for TLS, logs, and cron.
7. Add Swap (Small Servers)
On a 1–2 GB VPS, a modest swap file prevents the kernel's OOM killer from taking down MySQL during brief memory spikes:
8. Enable Automatic Security Updates
9. Set the Hostname and Check Backups
Finally, confirm your backup situation: does your provider snapshot the VPS, and have you tested restoring? A backup you've never restored is a hope, not a plan.
Done — Now Install Your Stack
With the foundation secured, you're ready to install Nginx, PHP, Node.js, or Docker. For deeper protection, read our follow-up guide on VPS security hardening with firewalls, SSH tuning, and fail2ban.