assuming you got it up and running already, eventually through PXE
Check what exact version you got installed
lsb_release -a
Get a lease to proceed remotely
ip addr dhclient -v NETIF apt update apt install openssh-server
and eventually continue through ssh
systemctl status network-manager systemctl stop network-manager systemctl disable network-manager
and see Better Networking for Ubuntu
Make the menu appear and tune the kernel arguments
cp -pi /etc/default/grub /etc/default/grub.dist vi /etc/default/grub #GRUB_TIMEOUT_STYLE=hidden GRUB_TIMEOUT=3 #GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" GRUB_CMDLINE_LINUX_DEFAULT="" GRUB_CMDLINE_LINUX="netcfg/do_not_use_netplan=true net.ifnames=0 biosdevname=0 mitigations=0" #ipv6.disable=1 #i915.enable_psr=0 #amdgpu.exp_hw_support=1
Re-generate the configuration
update-grub ls -lhF /boot/grub/grub.cfg
Eventually setup debian-style networking and validate that it works at boot time
reboot
apt install vim-nox xxd #nvi elvis-tiny update-alternatives --config vi update-alternatives --config editor
Clean-up the configuration file
mv -i /etc/apt/sources.list /etc/apt/sources.list.dist grep -vE '^#|^$' /etc/apt/sources.list.dist > /etc/apt/sources.list
find about your nearest mirror
wget -qO - mirrors.ubuntu.com/mirrors.txt
and point the repositories against it e.g.
vi /etc/apt/sources.list deb http://mirrors.online.net/ubuntu focal main restricted universe multiverse deb http://mirrors.online.net/ubuntu focal-updates main restricted universe multiverse deb http://mirrors.online.net/ubuntu focal-backports main restricted universe multiverse deb http://security.ubuntu.com/ubuntu focal-security main restricted universe multiverse #http://fr.archive.ubuntu.com/ubuntu/ #http://ru.archive.ubuntu.com/ubuntu/
Alternatively, you can build your own configuration with some helper
And in case you have an HTTP PROXY on your network for that purpose
nmap -p 3142 x.x.x.x vi /etc/apt/apt.conf.d/02proxy Acquire::http { Proxy "http://x.x.x.x:3142"; }; apt update
Check for major release uprgade
do-release-upgrade
Proceed with patches
cat /etc/apt/apt.conf.d/02proxy apt update apt full-upgrade
and see Ubuntu Server Operations for further maintenance
Install a few more packages.
export DEBIAN_FRONTEND=noninteractive
Bare-metal
apt install \ ethtool \ hwinfo \ screen \ sudo #ifupdown \ #ifupdown2 \ #xfsprogs \ #xfsdump \
Server system
openssh-server \ openssh-client \
and even more for any kind of system incl. containers that you need to troubleshoot
apt install \ apt-utils \ apt-transport-https \ bzip2 \ curl \ dnsutils \ dos2unix \ git \ htop \ iputils-ping \ iotop \ ksh \ less \ lftp \ lsb-release \ lynx \ man-db \ manpages \ mc \ mlocate \ net-tools \ netcat \ nmap \ pwgen \ software-properties-common \ sysstat \ telnet \ unzip \ vim-nox \ wget \ whois \ xxd #elvis-tiny \ #nvi \ #inetutils-ping update-alternatives --config vi update-alternatives --config editor
Make it a true server
systemctl get-default systemctl set-default multi-user.target
On Ubuntu, add $HOME/bin
to your PATH
cat /etc/environment mv -i /etc/environment /etc/environment.dist vi /etc/environment PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$HOME/bin" source /etc/environment echo $PATH
On Debian, replace the whole root condition
cp -pi /etc/profile /etc/profile.dist vi /etc/profile PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$HOME/bin" source /etc/profile echo $PATH
Use all cores while building software
cp -pi /etc/bash.bashrc /etc/bash.bashrc.dist vi /etc/bash.bashrc MAKEFLAGS=-j$((`grep ^processor /proc/cpuinfo | tail -1 | awk '{print $3}'` + 1))
and eventually consider those additions
export DEBIAN_FRONTEND=noninteractive export LANGUAGE="en_US:en" export LC_ALL="en_US.UTF-8" #export LC_COLLATE="C.UTF-8" export LANG=en_US.UTF-8
apply at once
source /etc/bash.bashrc
and check if Perl is happy with the locales
perl -e exit
And eventually setup GNU/Screen
Setup time and date
Either setup outbound email
apt install \ postfix bsd-mailx rsyslog #pmailq mailutils
or just disable the shit (that’s a friendly word, don’t take it badly)
systemctl status postfix systemctl stop postfix systemctl disable postfix
TODO daily cron.
warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
==> the easy way
dpkg-reconfigure locales
==> the quick & dirty way, re-generate the locales you need
#apt install language-pack-en-base locale-gen en_US.UTF-8 update-locale LANG=en_US.UTF-8
then check the current setting and try again
cat /etc/default/locale locale perl -e exit
in case some variables such as LANGUAGE
and LC_ALL
are still missing, add those the brutal way
cat >> /etc/bash.bashrc <<EOF export LANGUAGE="en_US.UTF-8" export LC_ALL="en_US.UTF-8" EOF source /etc/bash.bashrc
at startup
systemctl status rc-local vi /etc/rc.local #!/bin/bash #nothing here yet chmod +x /etc/rc.local
at shutdown
cat > /lib/systemd/system/rc-local-shutdown.service <<-EOF [Unit] Description=/etc/rc.local_shutdown Compatibility ConditionFileIsExecutable=/etc/rc.local_shutdown DefaultDependencies=no After=rc-local.service basic.target Before=shutdown.target [Service] ExecStop=/etc/rc.local_shutdown StandardInput=tty RemainAfterExit=yes [Install] WantedBy=shutdown.target EOF vi /etc/rc.local_shutdown #!/bin/bash #nothing here yet chmod +x /etc/rc.local_shutdown systemctl daemon-reload systemctl enable rc-local-shutdown.service
tested on Bionic
On a bare-metal system, prevent the system from clearing the screen after boot (equivalent of getty --noclear
)
#systemctl edit getty@tty1 ls -lF /etc/systemd/system/getty.target.wants/ vi /lib/systemd/system/getty@.service [Service] ... TTYVTDisallocate=no ... systemctl daemon-reload
draft/untested
Revert to default installed pkgs,
dpkg --get-selections >output dpkg --set-selections <output apt-get dselect-upgrade
We do not need the hostname to change dynamically
#systemctl stop systemd-hostnamed.service #systemctl disable systemd-hostnamed.service
…and countless daemons to disable
What has failed at system startup?
systemctl list-units --failed systemctl list-units --state failed
One should get the time with it (does not work on Slackware Linux)
dmesg -wHt
Harden your SSL trust store
#dpkg-reconfigure ca-certificates #update-ca-certificates #apt purge ca-certificates cd /etc/ssl/ mv certs/ certs.trash/ mv private/ private.trash/ diff -bu /usr/lib/ssl/openssl.cnf /etc/ssl/openssl.cnf wget --no-check-certificate https://curl.se/ca/cacert.pem wget --no-check-certificate https://curl.se/ca/cacert.pem.sha256 cat cacert.pem.sha256 sha256sum cacert.pem # e010c0c071a2c79a76aa3c289dc7e4ac4ed38492bfda06d766a80b707ebd2f29 cacert.pem mkdir certs/ cd certs/ ln -s ../cacert.pem ca-certificates.crt
get rid of some unused repos here e.g. jami
rm -f /usr/share/keyrings/jami-archive-keyring.gpg rm -f /etc/apt/sources.list.d/jami.list grep ^Package /var/lib/apt/lists/dl.jami.net_nightly_ubuntu*_Packages apt purge ...
tune some clients accordingly
cp -pi /etc/wgetrc /etc/wgetrc.dist vi /etc/wgetrc ca_certificate = /etc/ssl/cacert.pem
and finally upgrade your system
apt update apt full-upgrade updatedb
how can I remove the clear screen before login https://askubuntu.com/questions/58097/how-can-i-remove-the-clear-screen-before-login
Prevent the console from clearing the screen? https://serverfault.com/questions/255969/prevent-the-console-from-clearing-the-screen
Configure Locales in Ubuntu https://www.thomas-krenn.com/en/wiki/Configure_Locales_in_Ubuntu
How can I execute command on startup (rc.local alternative) on Ubuntu 16.10 https://askubuntu.com/questions/886620/how-can-i-execute-command-on-startup-rc-local-alternative-on-ubuntu-16-10
(dead link) https://askubuntu.com/questions/952300/how-can-i-execute-command-on-shutdown-rc-local-alternative-on-ubuntu
How to select the fastest apt mirror on Ubuntu Linux https://linuxconfig.org/how-to-select-the-fastest-apt-mirror-on-ubuntu-linux
How to fix a locale setting warning from Perl https://stackoverflow.com/questions/2499794/how-to-fix-a-locale-setting-warning-from-perl
CA certificates extracted from Mozilla https://curl.se/docs/caextract.html
6.3 Wgetrc Commands https://www.gnu.org/software/wget/manual/html_node/Wgetrc-Commands.html
GNU Wget 1.21.1-dirty Manual https://www.gnu.org/software/wget/manual/wget.html