Okay, I know this contains nothing new for many of you but I need it from time to time: It is simply a list of tools I need after a new Linux server installation (used with Ubuntu server) as well as some further hints for the installation process such as static IP addresses, NTP or Syslog forwarding. So, after the initial installation of a server, I am doing the following steps:
Updates & Tools
Update the repository packages and do an upgrade of all default installed packages as well as the kernel:
1 2 |
sudo apt update sudo apt dist-upgrade |
Install a few commonly used tools for network troubleshooting and other stuff:
1 |
sudo apt install build-essential git cmake htop iftop net-tools sysstat iotop nethogs iptraf bmon sipcalc traceroute tshark termshark geoip-bin snmp-mibs-downloader mtr tcpdump whois lynx apache2-utils dnsutils screen zip p7zip-full libssl-dev |
[optional] NTPD
Normally, I am using ntpd to sync the time. On Ubuntu LTS systems beginning with 18.04 LTS it’s not ntpd but timedatectl that does this job. You should set your correct timezone, e.g.:
1 |
sudo timedatectl set-timezone Europe/Berlin |
However, if you intend to use ntpd you must disable timedatectl before installing ntp, refer to “How To Set Up Time Synchronization on Ubuntu 18.04“:
1 2 |
sudo timedatectl set-ntp no sudo apt install ntp |
Configure the NTP servers inside the ntp.conf file: sudo nano /etc/ntp.conf. I am always adding my own stratum 1 servers (IPv6 only) as well as a few NTP servers from the NTP Pool Project. This would look like:
1 2 |
pool ntp.weberlab.de prefer pool de.pool.ntp.org |
IP Addresses
Configure the correct IP addresses (v4 and v6) for the server in the file:
sudo nano /etc/network/interfaces and add/adjust the following lines (the Google public DNS servers are used below):
1 2 3 4 5 6 7 8 9 10 11 12 13 |
iface eth0 inet static address 192.168.0.10 netmask 255.255.255.0 gateway 192.168.0.1 dns-nameservers 8.8.8.8 8.8.4.4 dns-search yourdomain.net iface eth0 inet6 static address 2001:db8:cafe::80 netmask 64 gateway 2001:db8:cafe::1 dns-nameservers 2001:4860:4860::8888 2001:4860:4860::8844 dns-search yourdomain.net |
Newer versions of Linux (I don’t know where the switch started) are using netplan for the interfaces: sudo nano /etc/netplan/50-cloud-init.yaml, where my default dual-stack configuration looks something like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
network: ethernets: ens160: dhcp4: no dhcp6: no addresses: - 2001:db8::4/64 - 203.0.113.4/27 routes: - to: "::/0" via: "2001:db8::1" - to: default via: 203.0.113.1 nameservers: addresses: - 2620:fe::fe - 9.9.9.9 version: 2 |
Syslog Forwarding
I am using a central syslog-ng server for storing all my logs. Hence I am forwarding all logs from all servers to the syslog-ng instance. ;) This is how I am doing it (credits here):
On a standard Ubuntu server you can use the following file: sudo nano /etc/rsyslog.d/50-default.conf while on a Raspberry Pi (Raspbian) the rsyslog.conf file is located at sudo nano /etc/rsyslog.conf. In any case, you must simply add the following line at the very end of the file, either for IPv6 or for legacy IP:
1 2 3 4 5 |
# Send log to remote syslog server using UDP over IPv6 *.* @[2003:51:6012:120::10]:514 # Send log to remote syslog server using UDP over legace IP *.* @192.168.120.10:514 |
After that, restart the rsyslog daemon and you’re done: sudo service rsyslog restart.
Shell Coloring
Make the shell prompt coloured (I like that) by uncommenting the following line in the .bashrc file: nano ~/.bashrc
1 |
force_color_prompt=yes |
No Hibernation
I sometimes use old laptops for my servers. They are fast enough, quiet, and don’t require that much power. One task to not forget is to disable the hibernation when closing the cover/lid. That is, the lid switch must be disabled such as shown here:
1 2 3 |
sudo nano /etc/systemd/logind.conf HandleLidSwitch=ignore sudo reboot |
Auto Updates
For *some* servers I am using auto updates for security patches and even auto reboot. Figure out what the best solution for your server is. More information is shown here. I am using, for example, the following settings:
1 2 3 4 |
sudo apt install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades sudo nano /etc/apt/apt.conf.d/50unattended-upgrades |
Now in this file uncomment and adjust the settings you want, e.g.:
1 2 3 4 5 |
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true"; Unattended-Upgrade::Remove-New-Unused-Dependencies "true"; Unattended-Upgrade::Remove-Unused-Dependencies "true"; Unattended-Upgrade::Automatic-Reboot "true"; Unattended-Upgrade::Automatic-Reboot-Time "02:00"; |
Good luck. ;) As always it is a trade-off between security (install them fast) and availability (maybe something could break).
Featured image: “Karton” by Peter P. is licensed under CC BY-NC 2.0.
Hello I have a new Linux server from GoDaddy and the sudo commands did not work for me in this article
Yes, ok, I should have mentioned that all my “sudo” commands are for Debian Linux distributions (and therefore also for Ubuntu), but NOT for other Linux. And GoDaddy uses CentOS which is not Debian based.
–> You must run many of these commands with the superuser account. However, the “apt-get” commands wont work for you either, since CentOS uses YUM instead of APT. I am sorry…