This is an old revision of the document!
This document should outline a few steps that are useful after a fresh install of an Ubuntu Server - last updated for 20.04.
sudo apt install mlocate htop ncdu ranger tldr tree vim
If you are fine with the OpenJDK version that comes with your Ubuntu:
sudo apt install openjdk-11-jdk-headless
A good alternative if you want other versions is https://adoptopenjdk.net - they provide ppas for free.
Their documentation is a little messy, here are the relevant pages:
Disable root login in /etc/ssh/sshd_config
:
PermitRootLogin no
A good baseline is to only allow logins via public key authentication (disable password authentication), except for a fallback user with a very long and complex password. See these lines in /etc/ssh/sshd_config
:
PasswordAuthentication no # <snip> # Match-block at end of file for exceptions: Match User fallbackuser PasswordAuthentication yes
Ubuntu tutorials:
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
Further harden OpenSSH according to the secure secure shell guide
Install unattended-upgrades:
sudo apt install unattended-upgrades
Or reconfigure it if it's already installed:
sudo dpkg-reconfigure -plow unattended-upgrades
This creates the file /etc/apt/apt.conf.d/20auto-upgrades
.
To avoid filling up small hard drives over time (e.g. with multiple kernel versions) it may be useful to activate the equivalent of sudo apt autoremove
:
Set Unattended-Upgrade::Remove-Unused-Dependencies
to true
in /etc/apt/apt.conf.d/50unattended-upgrades
.
See also:
/etc/apt/apt.conf.d/20auto-upgrades
(and man apt.conf
)
Add a line to /etc/sysctl.conf
and override the default swappiness of 60 with a much lower value, e.g.
vm.swappiness=10
Have a look at at e.g. chkrootkit and tiger tiger
If you fancy a nice greeting message:
#!/bin/bash # http://patorjk.com/software/taag/#p=display&h=1&f=Calvin%20S&t=my-server-name # http://patorjk.com/software/taag/#p=display&h=1&v=0&f=ANSI%20Regular&t=my-server-name echo "┌┬┐┬ ┬ ┌─┐┌─┐┬─┐┬ ┬┌─┐┬─┐ ┌┐┌┌─┐┌┬┐┌─┐" echo "│││└┬┘───└─┐├┤ ├┬┘└┐┌┘├┤ ├┬┘───│││├─┤│││├┤ " echo "┴ ┴ ┴ └─┘└─┘┴└─ └┘ └─┘┴└─ ┘└┘┴ ┴┴ ┴└─┘" # or alternatively # figlet my-server-name
Don't forget to make the file executable.
When using byobu
delete ~/.hushlogin
to still see the greeting (and all other info you usually get when logging in).