Your checklists (
0
)
AI Checklist Generator
From the makers of
Manifestly Checklists
Sign in
Email address
Email me a magic link
Home
> advanced setup ubuntu server from zero
advanced setup ubuntu server from zero
Initial Server Setup
Choose a suitable version of Ubuntu Server (LTS recommended).
Visit the official Ubuntu website.
Select the 'Server' option.
Choose the latest LTS version for stability.
Verify system requirements for compatibility.
Download the Ubuntu Server ISO.
Navigate to the download page.
Click on the download link for the selected version.
Save the ISO file to a convenient location.
Verify the integrity of the downloaded ISO.
Create a bootable USB drive using tools like Rufus or Etcher.
Insert a USB drive (at least 4GB).
Open Rufus or Etcher application.
Select the USB drive and the downloaded ISO.
Start the process to create a bootable drive.
Boot the server from the USB drive.
Insert the bootable USB drive into the server.
Restart the server and enter BIOS/UEFI settings.
Change boot order to prioritize USB drive.
Save changes and exit BIOS/UEFI.
Follow the on-screen installation prompts to install Ubuntu Server.
Select 'Install Ubuntu Server' from the menu.
Choose 'Install' to begin the installation process.
Follow the guided prompts for installation.
Allow the installation to complete.
Select the appropriate language, keyboard layout, and network configuration.
Choose your preferred language from the list.
Select the correct keyboard layout for your region.
Configure network settings: DHCP or static IP.
Confirm network configuration settings.
Configure storage options (LVM, RAID, etc.) if needed.
Select 'Storage Configuration' during installation.
Choose between LVM, RAID, or standard partitioning.
Create partitions based on your requirements.
Confirm and apply the storage configuration.
Set up a user account and password for the server.
Enter a username for the new user account.
Choose a strong password and confirm it.
Optionally, add the user to the sudo group.
Complete the user setup process.
Here are some additional steps you can include in the **Initial Server Setup** section of your checklist
Verify the integrity of the downloaded ISO using checksums (SHA256, MD5)
Choose the appropriate installation type (e.g., minimal installation, standard installation)
Configure the network interface settings (static IP vs. DHCP) based on your network requirements
Select any additional software packages to install during setup (e.g., OpenSSH server)
Set the server's hostname to reflect its purpose or role in your environment
Enable automatic updates if desired during the installation process
Configure timezone settings according to your geographical location
Set up any necessary partition layouts for your specific use case (e.g., separate /home, /var, etc.)
Review installation summary and confirm settings before proceeding with the installation
Complete the installation and reboot the server, ensuring to remove the USB drive when prompted
Log in to the server with the created user account to verify access and functionality
These steps will help ensure a smoother initial setup process for your Ubuntu Server
System Updates and Upgrades
Update the package list
Open terminal.
Run command: sudo apt update.
Wait for the process to complete.
Check for any errors.
```bash
sudo apt update
```
Upgrade installed packages
In terminal, execute: sudo apt upgrade -y.
Review the list of packages to be upgraded.
Confirm the upgrade process.
Wait for the upgrade to finish.
```bash
sudo apt upgrade -y
```
Consider performing a distribution upgrade
Run command: sudo apt dist-upgrade -y.
This will handle changing dependencies.
Review changes and confirm.
Ensure all packages are updated.
```bash
sudo apt dist-upgrade -y
```
Firewall Configuration
Install UFW (Uncomplicated Firewall) if not installed
Open terminal.
Update package list with `sudo apt update`.
Install UFW using `sudo apt install ufw`.
Verify installation with `ufw version`.
```bash
sudo apt install ufw
```
Enable UFW
Open terminal.
Run `sudo ufw enable`.
Check status with `sudo ufw status`.
Ensure it shows 'active' status.
```bash
sudo ufw enable
```
Allow SSH connections
Open terminal.
Execute `sudo ufw allow ssh`.
Verify rule with `sudo ufw status`.
Ensure SSH is listed as allowed.
```bash
sudo ufw allow ssh
```
Set up rules for other necessary services (HTTP, HTTPS, etc.)
Open terminal.
Run `sudo ufw allow http` for HTTP.
Run `sudo ufw allow https` for HTTPS.
Check rules with `sudo ufw status`.
```bash
sudo ufw allow http
sudo ufw allow https
```
SSH Configuration
Install OpenSSH server
Update package index with `sudo apt update`.
Install OpenSSH server using `sudo apt install openssh-server`.
Check installation status with `systemctl status ssh`.
Enable SSH to start on boot with `sudo systemctl enable ssh`.
```bash
sudo apt install openssh-server
```
Configure SSH settings by editing `/etc/ssh/sshd_config`
Open the file with `sudo nano /etc/ssh/sshd_config`.
Review existing configurations for adjustments.
Make desired changes to settings such as port or root login.
Save changes and exit the editor.
Change the default port (optional).
Locate the line `#Port 22` in the config file.
Uncomment it by removing the `#` and change `22` to your desired port.
Ensure the new port is allowed in your firewall settings.
Save the file and exit the editor.
Disable root login.
Find the line `#PermitRootLogin yes` in the config file.
Change `yes` to `no` to disable root login.
Save the changes and exit the editor.
Consider creating a separate user with sudo privileges.
Limit user access if necessary.
Add `AllowUsers username1 username2` to the config file.
Replace `username1` and `username2` with actual usernames.
This restricts SSH access to specified users only.
Save the changes and exit the editor.
Restart the SSH service
Execute `sudo systemctl restart ssh` to apply changes.
Check the service status with `systemctl status ssh`.
Ensure there are no errors in the configuration.
Test SSH connection from a client machine.
```bash
sudo systemctl restart ssh
```
User Management
Create additional user accounts
Open terminal on the server.
Run 'sudo adduser username'.
Follow prompts to set password and user details.
Confirm user creation and set permissions.
```bash
sudo adduser username
```
Grant sudo privileges to specific users
Open terminal on the server.
Run 'sudo usermod -aG sudo username'.
Replace 'username' with actual user's name.
Verify by checking '/etc/sudoers' file.
```bash
sudo usermod -aG sudo username
```
Set up SSH key authentication for users
Open terminal on the client machine.
Run 'ssh-keygen' and follow prompts.
Choose a file location or press Enter for default.
Ensure private key is stored securely.
Generate keys on the client machine
```bash
ssh-keygen
```
Copy public key to the server
Open terminal on the client machine.
Run 'ssh-copy-id username@server_ip'.
Replace 'username' with actual user and 'server_ip' with server's IP.
Enter user password when prompted.
```bash
ssh-copy-id username@server_ip
```
Software Installation
Install essential software packages
Update package list with `sudo apt update`.
Install packages using `sudo apt install` command.
Include vim for text editing, htop for system monitoring.
Add git for version control, curl for data transfer.
```bash
sudo apt install vim htop git curl
```
Install LAMP stack (Apache, MySQL, PHP) if needed
Ensure system is updated with `sudo apt update`.
Install Apache using `sudo apt install apache2`.
Install MySQL server with `sudo apt install mysql-server`.
Add PHP and necessary modules with `sudo apt install php libapache2-mod-php php-mysql`.
```bash
sudo apt install apache2 mysql-server php libapache2-mod-php php-mysql
```
Backup and Recovery
Set up a backup strategy using tools like `rsync`, `tar`, or `Duplicity`.
Choose a backup tool based on your needs.
For `rsync`, use `rsync -av --delete /source /destination`.
For `tar`, use `tar -cvzf backup.tar.gz /directory`.
For `Duplicity`, follow its documentation for encrypted backups.
Schedule regular backups using `cron` jobs
Open the crontab editor with `crontab -e`.
Add a new line for the backup command.
Use format `* * * * * /path/to/backup-command`.
Save and exit to activate the cron job.
```bash
crontab -e
```
Monitoring and Logging
Install monitoring tools (e.g., Netdata, Nagios)
Update package list with `sudo apt update`.
Install Netdata using the command provided.
Access the Netdata dashboard via your web browser.
Configure alerts and notifications as needed.
Explore additional plugins for enhanced monitoring.
```bash
sudo apt install netdata
```
Set up log monitoring using tools like `fail2ban` for SSH protection
Install Fail2ban using the command provided.
Edit the configuration file at `/etc/fail2ban/jail.local`.
Enable the SSH jail by uncommenting the `sshd` section.
Start and enable the Fail2ban service with `sudo systemctl start fail2ban`.
Monitor logs using `fail2ban-client status`.
```bash
sudo apt install fail2ban
```
Final Checks and Security Enhancements
Review installed services and disable unnecessary ones
Run command to list all installed services.
Identify services that are not needed for your server.
Disable unnecessary services using: sudo systemctl disable
.
Mask any critical services that should not be started accidentally.
```bash
sudo systemctl list-unit-files --type=service
```
Regularly check for updates and security patches
Run update command to fetch package information.
Upgrade all packages to the latest versions.
Set a schedule for regular checks using a cron job.
Review release notes for critical updates.
```bash
sudo apt update && sudo apt upgrade -y
```
Consider setting up automated security updates
Install unattended upgrades package using the command provided.
Configure it by editing /etc/apt/apt.conf.d/50unattended-upgrades.
Enable automatic updates for security packages.
Test the setup to ensure it functions as expected.
```bash
sudo apt install unattended-upgrades
```
Documentation and Notes
Document the server setup process, configurations, and installed software.
Create a markdown file for easy formatting.
Include server purpose, IP address, and hostname.
List installed packages with version numbers.
Note configuration file locations and settings.
Use comments to describe each section.
Keep a record of any changes made for future reference.
Log changes in the same markdown file.
Include date and reason for each change.
Use version control for tracking updates.
Summarize changes in a changelog section.
Regularly review and update the record.
Download CSV
Download JSON
Download Markdown
Use in Manifestly