Konfigurasi Dasar Server Linux
Server Linux yang terkonfigurasi dengan baik adalah kunci untuk infrastruktur IT yang handal dan aman.
Prasyarat
- Fresh install Linux server (Ubuntu/Debian/CentOS)
- Akses root atau sudo privileges
- Koneksi internet
Update System
Debian/Ubuntu
apt update && apt upgrade -yCentOS/RHEL
yum update -yKonfigurasi SSH
Edit SSH Config
nano /etc/ssh/sshd_configPengaturan yang Disarankan
# Disable root login
PermitRootLogin no
# Disable password authentication (gunakan key-based auth)
PasswordAuthentication no
# Ubah default port
Port 2222
# Limit user yang boleh login
AllowUsers username1 username2Restart SSH Service
systemctl restart sshd
# atau
service sshd restartSetup Firewall
UFW (Ubuntu)
apt install ufw
ufw default deny incoming
ufw default allow outgoing
ufw allow 2222/tcp # SSH port
ufw allow 80/tcp # HTTP
ufw allow 443/tcp # HTTPS
ufw enablefirewalld (CentOS)
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --permanent --add-port=2222/tcp
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reloadUser Management
Create User dengan Sudo Access
# Create user
adduser username
# Add to sudo group (Debian/Ubuntu)
usermod -aG sudo username
# Add to wheel group (CentOS)
usermod -aG wheel usernameSetup SSH Key Authentication
# Generate SSH key di client
ssh-keygen -t rsa -b 4096
# Copy ke server
ssh-copy-id username@server_ip
# Atau manual
ssh username@server_ip "mkdir -p ~/.ssh"
cat ~/.ssh/id_rsa.pub | ssh username@server_ip "cat >> ~/.ssh/authorized_keys"Timezone Configuration
# List available timezones
timedatectl list-timezones
# Set timezone
timedatectl set-timezone Asia/JakartaInstall Essential Packages
Debian/Ubuntu
apt install -y \
vim \
git \
curl \
wget \
htop \
tree \
net-tools \
unzip \
build-essentialCentOS/RHEL
yum install -y \
vim \
git \
curl \
wget \
htop \
tree \
net-tools \
unzip \
gcc \
makeSystem Hardening
Disable IPv6 (opsional)
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
sysctl -pSecure Shared Memory
echo "tmpfs /run/shm tmpfs defaults,noexec,nosuid 0 0" >> /etc/fstabLimit Network Services
# Lihat service yang listening
netstat -tulpn
# atau
ss -tulpn
# Disable service yang tidak diperlukan
systemctl disable servicenameLog Management
Setup Log Rotation
# Edit logrotate config
nano /etc/logrotate.conf
# Contoh config untuk custom log
/path/to/logfile.log {
daily
rotate 7
compress
missingok
notifempty
}Configure Logwatch (opsional)
# Debian/Ubuntu
apt install logwatch
# CentOS
yum install logwatch
# Konfigurasi
cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/Automated Backups
Setup Backup Script
nano /usr/local/bin/backup.sh#!/bin/bash
BACKUP_DIR="/backup"
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p $BACKUP_DIR
# Backup important directories
tar -czf $BACKUP_DIR/backup_$DATE.tar.gz \
/etc \
/home \
/var/www
# Keep last 7 days backup
find $BACKUP_DIR -name "backup_*.tar.gz" -mtime +7 -deletechmod +x /usr/local/bin/backup.sh
# Add to crontab
crontab -e
# Run daily at 2 AM
0 2 * * * /usr/local/bin/backup.shMonitoring Dasar
Install Monitoring Tool
# Install htop untuk resource monitoring
apt install htop # Debian/Ubuntu
yum install htop # CentOSCheck System Health
# Disk usage
df -h
# Memory usage
free -m
# CPU usage
top
# atau
htop
# Network connections
netstat -tulpnTips Tambahan
- Selalu backup sebelum melakukan perubahan besar
- Gunakan version control untuk config files
- Document semua perubahan yang dilakukan
- Test changes di staging environment dulu
- Subscribe security mailing list untuk distro Anda
Kesimpulan
Server yang terkonfigurasi dengan baik akan lebih aman, reliable, dan mudah di-maintenance. Ikuti best practices di atas untuk setup server produksi Anda.