Ubuntu Server is becoming a de-facto linux platform due to its frequent updates and wide adoption. This makes it one of the most simpliest to manage in Linux distributions. Other popular distributions include Debian (which ubuntu is built upon), Fedora, Suse. With cloud computing, you can launch an instance very easily. An instance is just like an empty hardware box, with the only difference of it being virtual. When you start off with a newly installed machine, lets see how we can set it up. We will focus on Ubuntu server edition here.
Choosing a version
For ubuntu, there are a few versions. It runs in twice a year release cycle, thus 10.04 (is around april) and 10.10 (is around october). So why are versions important? The release cycle keeps the basic packages updated. If you are running a server and is not looking to update your ubuntu installation every 6 months, use a LTS (Long Term Support). The LTS versions have a gap of about 2 years with 4 years support. 10.04 (Lucid) and 12.04 (Precise) is LTS versions as of writing.
Getting the basics up
Now we have a command prompt blinking in our face. What now? Type in the following.
> sudo apt-get update
> sudo apt-get upgrade
this will run loads of installs and type “y” for yes if you have to. After installing, reboot.
> sudo reboot
Now you need to setup your date time. there are other methods but this method adjusts and prevents time drift. You can make this more complicated via NTP daemon. Read this https://help.ubuntu.com/12.04/serverguide/NTP.html
> nano /etc/cron.daily/ntpdate
Enter this line if its not there, without the quotes! “ntpdate ntp.ubuntu.com”. Save and exit using ctrl-x.
> sudo chmod 755 /etc/cron.daily/ntpdate
> sudo apt-get install build-essential
> sudo nano /etc/passwd
This command is to load the default shell as bash. Bash shell has more commands and is easier to use.
ClamAV is a general antivirus which is constantly maintained by public and a group of dedicated team. Kudos to them! To install and start a basic scan, enter in terminal and run,
> sudo apt-get install clamav
> sudo freshclam -r -i
There are a few methods to make clamAV a default daemon mode so you can invoke this via other applications. Mailservers can find this very useful. Another use is if you have upload folders.
NMAP is a port scanner to see if you have open ports
> sudo apt-get install nmap
> sudo nmap [IPAddress]
> sudo apt-get install ufw
> sudo ufw enable
> sudo ufw status
> sudo ufw logging on [this enables logging]
> sudo ufw allow ssh
> sudo ufw allow 80/tcp
> sudo ufw allow ftp
> sudo ufw allow smtp
To enable FTP to successfully go through your firewall, you might need to open certain ports. The example below opens from 20000 to 20999.
> sudo ufw allow ftps
> sudo ufw allow proto tcp from any to any port 20000:20999
> sudo ufw delete allow ftps [this is to delete a rule]
> sudo ufw status [this is to view the firewall]
Now reboot your machine. you can do this easily via command line below.
> sudo reboot
> apt-get install chkrootkit
Moving around Ubuntu Server 12.04
- /etc/init.d/… – directory where all your application controls are stored
- /etc/… – directory where your applications are stored
- /var/www/… – directory where your web server html/php files are stored
- /var/log/… – directory where your log files are stored
- /home/…. – directory where home directory of your users are held
- /etc/passwd – file which stores the password
- /etc/shadow – file which I cant remember what this is for
- /etc/group – file which shows how groups and users are defined for this system
Some nice Commands
- if php5-cgi is installed, you can find the version of Php: php-cgi -v
- copy command: sudo cp /mysource /mytarget
- changes the permissions of the folder or file: chmod -R 777 myfolder
- secure access into another machine: ssh firstname.lastname@example.org
- view memory usage: free -m
- shows which group user mydomain is in: grep mydomain /etc/group
- usermod -a -G adm demo
- Top / ps -ef
- vmstat 1 [si so is the swap]
- crontab -e [to edit]
- crontab -l [to list]
- To find out if a file exists and create one if there isnt one: touch filename
- Ref: https://help.ubuntu.com/community/InstallingSecurityTools
- SECURE KEY GENERATION: ADMIN USER + PUBLIC KEY