{"id":165872,"date":"2026-04-13T14:34:23","date_gmt":"2026-04-13T11:34:23","guid":{"rendered":"https:\/\/computingforgeeks.com\/?p=165872"},"modified":"2026-04-13T15:05:33","modified_gmt":"2026-04-13T12:05:33","slug":"ubuntu-2604-initial-server-setup","status":"publish","type":"post","link":"https:\/\/computingforgeeks.com\/ubuntu-2604-initial-server-setup\/","title":{"rendered":"Initial Server Setup with Ubuntu 26.04 LTS (Post-Install Hardening)"},"content":{"rendered":"<p>A fresh Ubuntu 26.04 server boots with a minimal footprint: unattended security updates enabled, <code>sudo-rs<\/code> replacing the traditional C-based sudo, and AppArmor enforcing 108 profiles out of the box. That&#8217;s a solid starting point, but there&#8217;s still work to do before putting it on the internet.<\/p>\n\n<p>This guide covers the post-install essentials: creating a non-root user, hardening SSH, setting up the firewall, enabling fail2ban, configuring swap, and locking down the basics. Nothing exotic, just the things that prevent the most common attacks on exposed servers.<\/p>\n\n<p><em>Verified working: <strong>April 2026<\/strong> on Ubuntu 26.04 LTS (Resolute Raccoon), kernel 7.0.0-10-generic, systemd 259.5<\/em><\/p>\n\n<h2>What Ubuntu 26.04 Gets Right Out of the Box<\/h2>\n\n<p>Before changing anything, here&#8217;s what the default install already handles:<\/p>\n\n<ul>\n<li><strong>sudo-rs 0.2.13<\/strong> replaces the traditional sudo binary. It&#8217;s a memory-safe Rust rewrite that eliminates entire classes of privilege escalation bugs<\/li>\n<li><strong>AppArmor<\/strong> is loaded with 108 enforcing profiles<\/li>\n<li><strong>Unattended upgrades<\/strong> are enabled by default for security patches<\/li>\n<li><strong>OpenSSH 10.2<\/strong> ships with password authentication disabled by default on cloud images, key-based auth only<\/li>\n<li><strong>Python 3.14<\/strong> is the system Python (no Python 2 at all)<\/li>\n<\/ul>\n\n<p>You&#8217;re starting from a better baseline than any previous Ubuntu LTS. The steps below build on it.<\/p>\n\n<h2>Create a Non-Root User<\/h2>\n\n<p>If your server only has the <code>root<\/code> account (common with some hosting providers), create a regular user immediately. Cloud images typically ship with an <code>ubuntu<\/code> user that already has sudo access.<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>adduser deploy<\/code><\/pre>\n\n\n<p>Follow the prompts to set a password. Then grant sudo privileges:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>usermod -aG sudo deploy<\/code><\/pre>\n\n\n<p>Copy your SSH key to the new user so you can log in without a password:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>rsync --archive --chown=deploy:deploy ~\/.ssh \/home\/deploy<\/code><\/pre>\n\n\n<p>Test the login in a separate terminal before closing your root session:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>ssh deploy@10.0.1.50<\/code><\/pre>\n\n\n<p>Verify sudo works:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo whoami<\/code><\/pre>\n\n\n<p>This confirms sudo works:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>root<\/code><\/pre>\n\n\n<p>The user is set up. Now lock down SSH access.<\/p>\n\n<h2>Harden SSH<\/h2>\n\n<p>The default SSH configuration on Ubuntu 26.04 is more secure than previous releases (OpenSSH 10.2, keyboard-interactive auth disabled by default), but there are still improvements to make.<\/p>\n\n<p>Open the SSH daemon configuration:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo vi \/etc\/ssh\/sshd_config.d\/hardened.conf<\/code><\/pre>\n\n\n<p>Add the following (using a drop-in file keeps the main config clean for future upgrades):<\/p>\n\n\n<pre class=\"wp-block-code code\"><code># Disable root login\nPermitRootLogin no\n\n# Disable password authentication (key-only)\nPasswordAuthentication no\n\n# Limit login attempts\nMaxAuthTries 3\nMaxSessions 3\n\n# Disable X11 forwarding (not needed on servers)\nX11Forwarding no\n\n# Set idle timeout (disconnect after 5 minutes of inactivity)\nClientAliveInterval 300\nClientAliveCountMax 2\n\n# Only allow specific users (adjust to your username)\nAllowUsers deploy ubuntu<\/code><\/pre>\n\n\n<p>Test the configuration before restarting (a typo here could lock you out):<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo sshd -t<\/code><\/pre>\n\n\n<p>If no errors, restart the SSH service:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo systemctl restart sshd<\/code><\/pre>\n\n\n<p>Keep your current session open and test the new settings from a separate terminal before closing it. For more SSH configuration options, see our <a href=\"https:\/\/computingforgeeks.com\/install-and-configure-ssh-server-on-ubuntu\/\" target=\"_blank\" rel=\"noreferrer noopener\">SSH server setup guide for Ubuntu<\/a>. Our <a href=\"https:\/\/computingforgeeks.com\/ssh-commands-cheat-sheet-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">SSH commands cheat sheet<\/a> is also handy for day-to-day operations.<\/p>\n\n<h2>Configure UFW Firewall<\/h2>\n\n<p>UFW is installed but inactive by default on Ubuntu 26.04. Enable it with a minimal set of rules:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo ufw default deny incoming\nsudo ufw default allow outgoing<\/code><\/pre>\n\n\n<p>Allow SSH before enabling the firewall (otherwise you&#8217;ll lock yourself out):<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo ufw allow OpenSSH<\/code><\/pre>\n\n\n<p>Enable the firewall:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo ufw --force enable<\/code><\/pre>\n\n\n<p>Check the active rules:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo ufw status verbose<\/code><\/pre>\n\n\n<p>Only SSH is allowed at this point:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>Status: active\nLogging: on (low)\nDefault: deny (incoming), allow (outgoing), deny (routed)\n\nTo                         Action      From\n--                         ------      ----\n22\/tcp (OpenSSH)           ALLOW IN    Anywhere\n22\/tcp (OpenSSH (v6))      ALLOW IN    Anywhere (v6)<\/code><\/pre>\n\n\n<p>Add more rules as you install services. For example, to allow HTTP and HTTPS later:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo ufw allow 80\/tcp comment 'HTTP'\nsudo ufw allow 443\/tcp comment 'HTTPS'<\/code><\/pre>\n\n\n<p>For a full reference of UFW commands, check our <a href=\"https:\/\/computingforgeeks.com\/common-ufw-firewall-commands-with-examples\/\" target=\"_blank\" rel=\"noreferrer noopener\">UFW firewall commands guide<\/a>.<\/p>\n\n<h2>Install and Configure Fail2ban<\/h2>\n\n<p>Fail2ban monitors log files and temporarily bans IPs that show malicious signs (repeated failed SSH logins, for example). Ubuntu 26.04 ships Fail2ban 1.1.0 in its repos.<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo apt install -y fail2ban<\/code><\/pre>\n\n\n<p>Create a local configuration (never edit <code>jail.conf<\/code> directly because package updates overwrite it):<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo vi \/etc\/fail2ban\/jail.local<\/code><\/pre>\n\n\n<p>Add the following:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>[DEFAULT]\nbantime = 1h\nfindtime = 10m\nmaxretry = 5\nbanaction = ufw\n\n[sshd]\nenabled = true\nport = ssh\nlogpath = \/var\/log\/auth.log\nmaxretry = 3<\/code><\/pre>\n\n\n<p>This bans an IP for 1 hour after 3 failed SSH login attempts within 10 minutes, using UFW as the ban mechanism (which keeps your firewall rules consistent).<\/p>\n\n<p>Start and enable the service:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo systemctl enable --now fail2ban<\/code><\/pre>\n\n\n<p>Verify it&#8217;s running and the SSH jail is active:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo fail2ban-client status sshd<\/code><\/pre>\n\n\n<p>The SSH jail is active with zero bans so far:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>Status for the jail: sshd\n|- Filter\n|  |- Currently failed:\t0\n|  |- Total failed:\t0\n|  `- File list:\t\/var\/log\/auth.log\n`- Actions\n   |- Currently banned:\t0\n   |- Total banned:\t0\n   `- Banned IP list:<\/code><\/pre>\n\n\n<p>Fail2ban is watching. Any IP with 3 failed SSH attempts gets banned for an hour.<\/p>\n\n<h2>Set the Hostname and Timezone<\/h2>\n\n<p>Set a meaningful hostname:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo hostnamectl set-hostname web01<\/code><\/pre>\n\n\n<p>Set your timezone (replace with your actual timezone):<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo timedatectl set-timezone Africa\/Nairobi<\/code><\/pre>\n\n\n<p>Verify both:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>hostnamectl<\/code><\/pre>\n\n\n<p>The hostname change took effect:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code> Static hostname: web01\n       Icon name: computer-vm\n         Chassis: vm\n  Virtualization: kvm\nOperating System: Ubuntu Resolute Raccoon (development branch)\n          Kernel: Linux 7.0.0-10-generic\n    Architecture: x86-64<\/code><\/pre>\n\n\n<p>NTP synchronization is active by default on Ubuntu 26.04 via <code>systemd-timesyncd<\/code>. You can verify with:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>timedatectl status | grep \"NTP service\"<\/code><\/pre>\n\n\n<p>NTP synchronization is active:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>NTP service: active<\/code><\/pre>\n\n\n<p>Hostname, timezone, and NTP are all set.<\/p>\n\n<h2>Configure Swap<\/h2>\n\n<p>Cloud images typically ship without swap. On servers with limited RAM, adding a swap file prevents out-of-memory kills during traffic spikes.<\/p>\n\n<p>Check current swap status:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>swapon --show<\/code><\/pre>\n\n\n<p>If there&#8217;s no output, create a 2 GB swap file:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo fallocate -l 2G \/swapfile\nsudo chmod 600 \/swapfile\nsudo mkswap \/swapfile\nsudo swapon \/swapfile<\/code><\/pre>\n\n\n<p>Make it persistent across reboots:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>echo '\/swapfile none swap sw 0 0' | sudo tee -a \/etc\/fstab<\/code><\/pre>\n\n\n<p>Reduce swappiness so the kernel prefers RAM over swap (better for servers). While you&#8217;re thinking about server maintenance, consider how you&#8217;ll handle backups: our guide to <a href=\"https:\/\/computingforgeeks.com\/rsync-backup-systemd-timer\/\" target=\"_blank\" rel=\"noreferrer noopener\">automated rsync backups with systemd timers<\/a> pairs well with a fresh server setup.<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>echo 'vm.swappiness=10' | sudo tee \/etc\/sysctl.d\/99-swappiness.conf\nsudo sysctl -p \/etc\/sysctl.d\/99-swappiness.conf<\/code><\/pre>\n\n\n<p>Verify swap is active:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>free -h | grep Swap<\/code><\/pre>\n\n\n<p>The 2 GB swap file is ready:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>Swap:          2.0Gi          0B       2.0Gi<\/code><\/pre>\n\n\n<p>Swap is configured and will persist across reboots.<\/p>\n\n<h2>Verify Automatic Security Updates<\/h2>\n\n<p>Ubuntu 26.04 ships with unattended-upgrades enabled by default. Verify the configuration:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>cat \/etc\/apt\/apt.conf.d\/20auto-upgrades<\/code><\/pre>\n\n\n<p>Both values are set to 1 for daily updates:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>APT::Periodic::Update-Package-Lists \"1\";\nAPT::Periodic::Unattended-Upgrade \"1\";<\/code><\/pre>\n\n\n<p>Both values set to <code>\"1\"<\/code> means daily package list updates and daily unattended upgrades. Security patches are applied automatically without intervention.<\/p>\n\n<p>To see what gets auto-upgraded, check the allowed origins:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>grep -v \"^\/\/\" \/etc\/apt\/apt.conf.d\/50unattended-upgrades | grep -v \"^$\" | head -15<\/code><\/pre>\n\n\n<p>To add automatic reboot after kernel updates (optional, useful for unattended servers):<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo vi \/etc\/apt\/apt.conf.d\/50unattended-upgrades<\/code><\/pre>\n\n\n<p>Find and uncomment these lines:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>Unattended-Upgrade::Automatic-Reboot \"true\";\nUnattended-Upgrade::Automatic-Reboot-Time \"03:00\";<\/code><\/pre>\n\n\n<p>Here is the overall security status after applying the hardening steps:<\/p>\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"900\" height=\"500\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2026\/04\/wm-hardening-demo.png\" alt=\"Ubuntu 26.04 server hardening status\" class=\"wp-image-165905\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2026\/04\/wm-hardening-demo.png 900w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2026\/04\/wm-hardening-demo-300x167.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2026\/04\/wm-hardening-demo-768x427.png 768w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><figcaption class=\"wp-element-caption\">Ubuntu 26.04 security status: UFW active, fail2ban monitoring SSH, sudo-rs, AppArmor enforcing<\/figcaption><\/figure>\n\n\n<p>The core security stack is in place. A few housekeeping items remain.<\/p>\n\n<h2>Limit Journal Size<\/h2>\n\n<p>systemd&#8217;s journal can grow without bounds on long-running servers. For a deeper dive into querying and filtering logs, see our guide on how to <a href=\"https:\/\/computingforgeeks.com\/journalctl-filter-systemd-logs-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">filter systemd logs with journalctl<\/a>. Set a cap:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo vi \/etc\/systemd\/journald.conf<\/code><\/pre>\n\n\n<p>Add under the <code>[Journal]<\/code> section:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>SystemMaxUse=200M\nMaxRetentionSec=1month<\/code><\/pre>\n\n\n<p>Restart the journal service:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo systemctl restart systemd-journald<\/code><\/pre>\n\n\n<p>Journal size is capped. Old entries will be cleaned automatically.<\/p>\n\n<h2>Kernel Network Hardening<\/h2>\n\n<p>Apply basic sysctl tweaks to harden the network stack:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo vi \/etc\/sysctl.d\/99-hardening.conf<\/code><\/pre>\n\n\n<p>Add the following:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code># Ignore ICMP redirects (prevent MITM)\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv6.conf.all.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\n\n# Ignore source-routed packets\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv6.conf.all.accept_source_route = 0\n\n# Enable reverse path filtering (anti-spoofing)\nnet.ipv4.conf.all.rp_filter = 1\nnet.ipv4.conf.default.rp_filter = 1\n\n# Log suspicious packets\nnet.ipv4.conf.all.log_martians = 1\n\n# Ignore broadcast ICMP (prevent smurf attacks)\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\n\n# SYN flood protection\nnet.ipv4.tcp_syncookies = 1\nnet.ipv4.tcp_max_syn_backlog = 2048\nnet.ipv4.tcp_synack_retries = 2<\/code><\/pre>\n\n\n<p>Apply the settings:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo sysctl -p \/etc\/sysctl.d\/99-hardening.conf<\/code><\/pre>\n\n\n<p>The sysctl settings take effect immediately and persist across reboots.<\/p>\n\n<h2>Update All Packages<\/h2>\n\n<p>Finish by running a full system update:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo apt update && sudo apt upgrade -y<\/code><\/pre>\n\n\n<p>If a kernel update was installed, reboot:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>sudo reboot<\/code><\/pre>\n\n\n<p>After the reboot, verify everything is running:<\/p>\n\n\n<pre class=\"wp-block-code code\"><code>uptime && uname -r && sudo ufw status && sudo fail2ban-client status sshd<\/code><\/pre>\n\n\n<p>All services should report active after the reboot.<\/p>\n\n<h2>Quick Checklist<\/h2>\n\n<p>Before moving on to installing applications, confirm these are done:<\/p>\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>Item<\/th><th>Verify command<\/th><th>Expected<\/th><\/tr><\/thead><tbody>\n<tr><td>Non-root user with sudo<\/td><td><code>sudo whoami<\/code><\/td><td><code>root<\/code><\/td><\/tr>\n<tr><td>SSH key-only auth<\/td><td><code>grep PasswordAuth \/etc\/ssh\/sshd_config.d\/hardened.conf<\/code><\/td><td><code>no<\/code><\/td><\/tr>\n<tr><td>Root login disabled<\/td><td><code>grep PermitRoot \/etc\/ssh\/sshd_config.d\/hardened.conf<\/code><\/td><td><code>no<\/code><\/td><\/tr>\n<tr><td>UFW active<\/td><td><code>sudo ufw status<\/code><\/td><td><code>active<\/code><\/td><\/tr>\n<tr><td>Fail2ban running<\/td><td><code>sudo fail2ban-client status<\/code><\/td><td>sshd jail active<\/td><\/tr>\n<tr><td>Swap configured<\/td><td><code>swapon --show<\/code><\/td><td><code>\/swapfile<\/code><\/td><\/tr>\n<tr><td>Auto-updates on<\/td><td><code>cat \/etc\/apt\/apt.conf.d\/20auto-upgrades<\/code><\/td><td>Both set to <code>\"1\"<\/code><\/td><\/tr>\n<tr><td>Timezone set<\/td><td><code>timedatectl<\/code><\/td><td>Your timezone<\/td><\/tr>\n<tr><td>NTP active<\/td><td><code>timedatectl | grep NTP<\/code><\/td><td><code>active<\/code><\/td><\/tr>\n<\/tbody><\/table><\/figure>\n\n<p>With these basics covered, your server is ready for whatever you plan to run on it. For <a href=\"https:\/\/computingforgeeks.com\/ubuntu-2604-lts-features\/\" target=\"_blank\" rel=\"noreferrer noopener\">a complete overview of what changed in Ubuntu 26.04 LTS<\/a>, including the new kernel, Rust coreutils, and systemd 259, check our features article.<\/p>\n\n\n\n\n","protected":false},"excerpt":{"rendered":"<p>A fresh Ubuntu 26.04 server boots with a minimal footprint: unattended security updates enabled, sudo-rs replacing the traditional C-based sudo, and AppArmor enforcing 108 profiles out of the box. That&#8217;s a solid starting point, but there&#8217;s still work to do before putting it on the internet. This guide covers the post-install essentials: creating a non-root &#8230; <a title=\"Initial Server Setup with Ubuntu 26.04 LTS (Post-Install Hardening)\" class=\"read-more\" href=\"https:\/\/computingforgeeks.com\/ubuntu-2604-initial-server-setup\/\" aria-label=\"Read more about Initial Server Setup with Ubuntu 26.04 LTS (Post-Install Hardening)\">Read more<\/a><\/p>\n","protected":false},"author":15,"featured_media":165873,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[299,50,75,81],"tags":[282,205,2254,39816],"cfg_series":[39798],"class_list":["post-165872","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-how-to","category-linux-tutorials","category-security","category-ubuntu","tag-linux","tag-security","tag-ubuntu","tag-ubuntu-26-04","cfg_series-ubuntu-2604-getting-started"],"_links":{"self":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/165872","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/comments?post=165872"}],"version-history":[{"count":5,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/165872\/revisions"}],"predecessor-version":[{"id":165945,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/165872\/revisions\/165945"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media\/165873"}],"wp:attachment":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media?parent=165872"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/categories?post=165872"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/tags?post=165872"},{"taxonomy":"cfg_series","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/cfg_series?post=165872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}