Category: Post-Deploy Setup
- Server is running and has reachable public IP.
- You have valid SSH key or server password.
- Firewall policy for SSH and required app ports is planned.
- Connect to the server via SSH or console from dashboard.
- Rotate default credentials immediately if password-based login is enabled.
- Update all system packages to latest stable patches.
- Set hostname and timezone so logs and monitoring are consistent.
- Create or verify a non-root admin user and limit direct root access.
- Allow only required inbound ports in firewall or security group.
- Install baseline tooling such as fail2ban, monitoring agent, or logging agent.
- SSH login works with intended user and access method.
- System package manager reports no pending critical updates.
- Firewall rules match expected ports and deny unnecessary ingress.
- Leaving root login open to password authentication.
- Applying firewall rule changes without testing current SSH session.
- Skipping package updates before exposing app services publicly.