Ubuntu Server Setup

assuming you got it up and running already, eventually through PXE

Quick post-install

Check what exact version you got installed

lsb_release -a

Get a lease to proceed remotely

ip addr
dhclient -v NETIF
apt update
apt install openssh-server

and eventually continue through ssh

TUNE GRUB AND DISABLE NETPLAN

Make the menu appear and tune the kernel arguments

cp -pi /etc/default/grub /etc/default/grub.dist
vi /etc/default/grub

GRUB_DEFAULT=0
#GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=3
#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="netcfg/do_not_use_netplan=true net.ifnames=0 biosdevname=0 mitigations=off"
#ipv6.disable=1
#i915.enable_psr=0
#amdgpu.exp_hw_support=1
#acpi_backlight=vendor

Re-generate the configuration

update-grub
ls -lF /boot/grub/grub.cfg

Eventually setup debian-style networking and validate that it works at boot time

reboot

Better networking

see Better Networking for Ubuntu

Packages & initial upgrade

See Dealing with Packages

Tweak your environment

Make it a true server

systemctl get-default
systemctl set-default multi-user.target

On Ubuntu, add $HOME/bin to your PATH

cat /etc/environment
mv -i /etc/environment /etc/environment.dist
vi /etc/environment

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:$HOME/bin"

source /etc/environment
echo $PATH

On Debian, replace the whole root condition

cp -pi /etc/profile /etc/profile.dist
vi /etc/profile

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$HOME/bin"

source /etc/profile
echo $PATH

Use all cores while building software

cp -pi /etc/bash.bashrc /etc/bash.bashrc.dist
vi /etc/bash.bashrc

MAKEFLAGS=-j$((`grep ^processor /proc/cpuinfo | tail -1 | awk '{print $NF}'` + 1))

and eventually consider those additions

#export DEBIAN_FRONTEND=noninteractive
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
export LANGUAGE=en_US:en

#export LC_COLLATE=C.UTF-8

apply at once

source /etc/bash.bashrc

and check if Perl is happy with the locales

perl -e exit

And eventually setup GNU/Screen

NTP

Setup time and date

Indexing

Not sure it’s already enabled as cron

updatedb

Outbound email & daily cron job

Either setup outbound email

apt install \
postfix bsd-mailx rsyslog
#pmailq mailutils

or just disable the shit (that’s a friendly word, don’t take it badly)

systemctl status postfix
systemctl stop postfix
systemctl disable postfix

TODO daily cron.

SSL certificates

Eventually harden your SSL certificates trust-store

Additional notes

fixing locales

warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)

==> the easy way

dpkg-reconfigure locales

==> the quick & dirty way, re-generate the locales you need

#apt install language-pack-en-base
locale-gen en_US.UTF-8
update-locale LANG=en_US.UTF-8

then check the current setting and try again

cat /etc/default/locale
locale
perl -e exit

in case some variables such as LANGUAGE and LC_ALL are still missing, add those the brutal way

cat >> /etc/bash.bashrc <<EOF
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
export LANGUAGE=en_US:en
EOF
source /etc/bash.bashrc

old-school init scripts

at startup

systemctl status rc-local
vi /etc/rc.local

#!/bin/bash

# nothing here yet

chmod +x /etc/rc.local

at shutdown

ls -lF /lib/systemd/system/rc-local-shutdown.service # no exist
vi /lib/systemd/system/rc-local-shutdown.service

[Unit]
Description=rc.local_shutdown compatibility
ConditionFileIsExecutable=/etc/rc.local_shutdown
DefaultDependencies=no
After=rc-local.service basic.target
Before=shutdown.target

[Service]
ExecStop=/etc/rc.local_shutdown
StandardInput=tty
RemainAfterExit=yes

[Install]
WantedBy=shutdown.target

vi /etc/rc.local_shutdown

#!/bin/bash

# nothing here yet

chmod +x /etc/rc.local_shutdown

apply

systemctl daemon-reload 
systemctl enable rc-local-shutdown.service

do not clear the screen

On a bare-metal system, prevent the system from clearing the screen after boot (equivalent of getty --noclear)

#systemctl edit getty@tty1
ls -lF /etc/systemd/system/getty.target.wants/
vi /lib/systemd/system/getty@.service

[Service]
...
TTYVTDisallocate=no
...

systemctl daemon-reload

super-duper sysprep

We do not need the hostname to change dynamically

#systemctl stop systemd-hostnamed.service
#systemctl disable systemd-hostnamed.service

…and countless daemons to disable

enhanced dmesg

one should get the time with it (does not work on Slackware Linux)

dmesg -wHt

Troubleshooting

What has failed at system startup?

systemctl list-units --failed
systemctl list-units --state failed

Resources

how can I remove the clear screen before login https://askubuntu.com/questions/58097/how-can-i-remove-the-clear-screen-before-login

Prevent the console from clearing the screen? https://serverfault.com/questions/255969/prevent-the-console-from-clearing-the-screen

old-school init scripts

How can I execute command on startup (rc.local alternative) on Ubuntu 16.10 https://askubuntu.com/questions/886620/how-can-i-execute-command-on-startup-rc-local-alternative-on-ubuntu-16-10

(dead link) https://askubuntu.com/questions/952300/how-can-i-execute-command-on-shutdown-rc-local-alternative-on-ubuntu

locales

Configure Locales in Ubuntu https://www.thomas-krenn.com/en/wiki/Configure_Locales_in_Ubuntu

How to set up a clean UTF-8 environment in Linux https://perlgeek.de/en/article/set-up-a-clean-utf8-environment

How to fix a locale setting warning from Perl https://stackoverflow.com/questions/2499794/how-to-fix-a-locale-setting-warning-from-perl

trust store hardening

CA certificates extracted from Mozilla https://curl.se/docs/caextract.html

6.3 Wgetrc Commands https://www.gnu.org/software/wget/manual/html_node/Wgetrc-Commands.html

GNU Wget 1.21.1-dirty Manual https://www.gnu.org/software/wget/manual/wget.html


GUIDES | LECTURES | BENCHMARKS | SMTP HEALTH