I agree with some of these and disagree with others. Mostly fail2ban, 2factor and automatic updates. Fail2ban has multiple issues. If the disk space runs out and no new logs are created, fail2ban will no longer block attackers. Attackers can also spoof your address and get you locked out of your own server. 2factor makes it difficult to use scripts that automatically sync data and updates should really be double checked by an admin before getting installed. Otherwise my first 10 min are pretty similar.
change root password
add second user
add pub keys to ~/.ssh/authorized_keys for second user
secure sshd
update everything to the latest packages
install, configure and run a firewall (for me nftables or pftables)
install sudo and configure it
install/configure system monitoring (consul and munin in my case)
I agree with some of these and disagree with others. Mostly fail2ban, 2factor and automatic updates. Fail2ban has multiple issues. If the disk space runs out and no new logs are created, fail2ban will no longer block attackers. Attackers can also spoof your address and get you locked out of your own server. 2factor makes it difficult to use scripts that automatically sync data and updates should really be double checked by an admin before getting installed. Otherwise my first 10 min are pretty similar.