User Tools

Site Tools


ubuntu_server_setup

This is an old revision of the document!


Ubuntu Server Setup

This document should outline a few steps that are useful after a fresh install of an Ubuntu Server - last updated for 20.04.

Install Useful Tools

sudo apt install mlocate htop ncdu ranger tldr tree vim

Java

If you are fine with the OpenJDK version that comes with your Ubuntu:

sudo apt install openjdk-11-jdk-headless

A good alternative if you want other versions is https://adoptopenjdk.net - they provide ppas for free.

Lighttpd

OpenSSH

Disable root login in /etc/ssh/sshd_config:

PermitRootLogin no

A good baseline is to only allow logins via public key authentication (disable password authentication), except for a fallback user with a very long and complex password. See these lines in /etc/ssh/sshd_config:

PasswordAuthentication no

# <snip>
# Match-block at end of file for exceptions:

Match User fallbackuser
  PasswordAuthentication yes

Ubuntu tutorials: https://help.ubuntu.com/community/SSH/OpenSSH/Keys
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring

Further harden OpenSSH according to the secure secure shell guide

Enable Automatic Security Updates

Install unattended-upgrades:

sudo apt install unattended-upgrades

Or reconfigure it if it's already installed:

sudo dpkg-reconfigure -plow unattended-upgrades

This creates the file /etc/apt/apt.conf.d/20auto-upgrades.

To avoid filling up small hard drives over time (e.g. with multiple kernel versions) it may be useful to activate the equivalent of sudo apt autoremove:

Set Unattended-Upgrade::Remove-Unused-Dependencies to true in /etc/apt/apt.conf.d/50unattended-upgrades.

See also:

Decrease Swappiness

Add a line to /etc/sysctl.conf and override the default swappiness of 60 with a much lower value, e.g.

vm.swappiness=10

http://wiki.ubuntuusers.de/Swap

Root Kit & Intrusion Detection

Have a look at at e.g. chkrootkit and tiger tiger

Greeting

If you fancy a nice greeting message:

/etc/update-motd.d/99-greeting
#!/bin/bash
 
# http://patorjk.com/software/taag/#p=display&h=1&f=Calvin%20S&t=my-server-name
# http://patorjk.com/software/taag/#p=display&h=1&v=0&f=ANSI%20Regular&t=my-server-name
echo "┌┬┐┬ ┬   ┌─┐┌─┐┬─┐┬  ┬┌─┐┬─┐   ┌┐┌┌─┐┌┬┐┌─┐"
echo "│││└┬┘───└─┐├┤ ├┬┘└┐┌┘├┤ ├┬┘───│││├─┤│││├┤ "
echo "┴ ┴ ┴    └─┘└─┘┴└─ └┘ └─┘┴└─   ┘└┘┴ ┴┴ ┴└─┘"
 
# or alternatively
# figlet my-server-name

Don't forget to make the file executable.

When using byobu delete ~/.hushlogin to still see the greeting (and all other info you usually get when logging in).

More Resources

ubuntu_server_setup.1629988116.txt.gz · Last modified: 2021/08/26 16:28 by mstraub