This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
ubuntu_server_setup [2018/08/13 10:24] mstraub [Enable Automatic Security Updates] |
ubuntu_server_setup [2021/08/26 16:28] mstraub [Ubuntu Server Setup] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Ubuntu Server Setup ====== | ====== Ubuntu Server Setup ====== | ||
- | This document should outline a few steps that are useful after a fresh install of an Ubuntu Server. | + | This document should outline a few steps that are useful after a fresh install of an Ubuntu Server - last updated for 20.04. |
- | ===== Basic Packages ===== | + | ===== Install Useful Tools ===== |
- | If you are dealing with a minimal installation (meta-package ubuntu-minimal) you may want to beef it up a bit. Check what packages are typically bundled e.g. when installing Ubuntu Server or just select your server style: | + | <code bash> |
- | <code> | + | sudo apt install mlocate htop ncdu ranger tldr tree vim |
- | tasksel # ncurses GUI | + | |
- | tasksel --list-tasks | + | |
- | tasksel --task-packages server | + | |
</code> | </code> | ||
- | Some additional packages for easier CLI handling: | + | ===== Java ===== |
- | <code> | + | |
- | sudo apt-get install bash-completion ubuntu-release-upgrader-core software-properties-common | + | If you are fine with the OpenJDK version that comes with your Ubuntu: |
- | </code> | + | |
- | ===== Oracle Java ===== | + | |
- | If you need Oracle Java install it from this 3rd party repo (which is updated regularly): | ||
<code bash> | <code bash> | ||
- | sudo add-apt-repository ppa:webupd8team/java | + | sudo apt install openjdk-11-jdk-headless |
- | sudo apt-get update | + | |
- | sudo apt-get install oracle-java8-installer | + | |
</code> | </code> | ||
- | [[http://www.webupd8.org/2012/09/install-oracle-java-8-in-ubuntu-via-ppa.html|original source]], [[https://wiki.ubuntuusers.de/Java/Installation/Oracle_Java/Java_8|more info @ ubuntuusers.de]] | + | A good alternative if you want other versions is https://adoptopenjdk.net - they provide ppas for free. |
- | + | ||
===== Lighttpd ===== | ===== Lighttpd ===== | ||
Line 63: | Line 53: | ||
===== Enable Automatic Security Updates ===== | ===== Enable Automatic Security Updates ===== | ||
- | Quickly enable unattended upgrades: | + | Install unattended-upgrades: |
+ | |||
+ | <code bash> | ||
+ | sudo apt install unattended-upgrades | ||
+ | </code> | ||
+ | |||
+ | Or reconfigure it if it's already installed: | ||
<code bash> | <code bash> | ||
sudo dpkg-reconfigure -plow unattended-upgrades | sudo dpkg-reconfigure -plow unattended-upgrades | ||
Line 69: | Line 65: | ||
This creates the file ''/etc/apt/apt.conf.d/20auto-upgrades''. | This creates the file ''/etc/apt/apt.conf.d/20auto-upgrades''. | ||
- | Then set ''Unattended-Upgrade::Remove-Unused-Dependencies'' to ''true'' in ''/etc/apt/apt.conf.d/50unattended-upgrades''. | + | To avoid filling up small hard drives over time (e.g. with multiple kernel versions) it may be useful to activate the equivalent of ''sudo apt autoremove'': |
+ | |||
+ | Set ''Unattended-Upgrade::Remove-Unused-Dependencies'' to ''true'' in ''/etc/apt/apt.conf.d/50unattended-upgrades''. | ||
See also: | See also: | ||
* ''/etc/apt/apt.conf.d/20auto-upgrades'' (and ''man apt.conf'') | * ''/etc/apt/apt.conf.d/20auto-upgrades'' (and ''man apt.conf'') | ||
* [[https://help.ubuntu.com/community/AutomaticSecurityUpdates]]\\ | * [[https://help.ubuntu.com/community/AutomaticSecurityUpdates]]\\ | ||
- | * [[https://help.ubuntu.com/16.04/serverguide/automatic-updates.html]] | + | * [[https://ubuntu.com/server/docs/package-management]] |
- | + | ||
- | ==== Ubuntu <= 14.04 ==== | + | |
- | Unattended-Upgrade::Remove-Unused-Dependencies seems to be broken in Ubuntu 14.04. This entry in ''/etc/crontab'' should do the trick by daily executing autoremove: | + | |
- | + | ||
- | <code> | + | |
- | 0 0 * * * root apt-get autoremove -y >> /var/log/autoremovecronjob.log 2>&1 | + | |
- | </code> | + | |
Line 106: | Line 96: | ||
# http://patorjk.com/software/taag/#p=display&h=1&f=Calvin%20S&t=my-server-name | # http://patorjk.com/software/taag/#p=display&h=1&f=Calvin%20S&t=my-server-name | ||
+ | # http://patorjk.com/software/taag/#p=display&h=1&v=0&f=ANSI%20Regular&t=my-server-name | ||
echo "┌┬┐┬ ┬ ┌─┐┌─┐┬─┐┬ ┬┌─┐┬─┐ ┌┐┌┌─┐┌┬┐┌─┐" | echo "┌┬┐┬ ┬ ┌─┐┌─┐┬─┐┬ ┬┌─┐┬─┐ ┌┐┌┌─┐┌┬┐┌─┐" | ||
echo "│││└┬┘───└─┐├┤ ├┬┘└┐┌┘├┤ ├┬┘───│││├─┤│││├┤ " | echo "│││└┬┘───└─┐├┤ ├┬┘└┐┌┘├┤ ├┬┘───│││├─┤│││├┤ " | ||
Line 113: | Line 104: | ||
# figlet my-server-name | # figlet my-server-name | ||
</file> | </file> | ||
+ | |||
+ | Don't forget to make the file executable. | ||
+ | |||
+ | When using ''byobu'' delete ''~/.hushlogin'' to still see the greeting (and all other info you usually get when logging in). | ||
===== More Resources ===== | ===== More Resources ===== | ||
- | [[http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers]]\\ | + | [[https://www.ubuntupit.com/best-linux-hardening-security-tips-a-comprehensive-checklist/]] |
- | [[https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics]] | + |