% Post installation du serveur

# Configuration

## Point de montage pour les données

```bash
sudo mkdir -p /data
sudo nano /etc/fstab
```

Ajouter la troisième ligne pour /data

```conf
UUID=b890c459-64f5-4db7-b526-3e677be8cdb9 / ext4 defaults,relatime 0 1
UUID=7e4d9e7d-971a-4aaf-a9fc-f365033348ed /boot ext4 defaults,relatime 0 2
UUID=17216080-dc43-4d4a-9925-6547e6cd8021 /data ext4 defaults,relatime 0 2
```

Exécuter `mount -a`

```bash
sudo systemctl daemon-reload
sudo mount -a
```

## Fuseau horaire

```
sudo dpkg-reconfigure tzdata
```

# Sécurisation

## SSH

`/etc/ssh/sshd_config`

```
PermitRootLogin prohibit-password
PasswordAuthentication no
PermitEmptyPasswords no
```

## Firewall

Installation et configuration

```bash
sudo apt install ufw
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
```



## fail2ban

Installation de `fail2ban`

```bash
sudo apt install fail2ban
```

Configuration

```bash
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
```



```bash
sudo systemctl restart fail2ban
```