This guide is provided for users who want to test these in testing environment. Please use this guide at your own risk.
I have been in love with Ubuntu Desktop for its polished user friendlyness and it motivated me to take a look at its server edition. I googled a bit about what kind of reviews Ubuntu Server gets nowadays but other than Ubuntu’s breif survey there are only debates about whether Debian is better or Ubuntu is better. I personally do not think there is an absolute answer for this debate because they both have its strengths and weaknesses. Anyhow I thought it would be interesting to try Ubuntu Server myself.
I picked up Ubuntu Server 9.10 64 bit because I wanted to try the newest features and it makes sense to go with 64 bit OS nowadays due to increased memory usage and so forth.
This brief guide is built based on the following assumptions.
1. In terms of security concerns, it relies on router firewall configuration to allow only port 80 from the outside. Anything that should be available internally will have different port set up.
For example, phpmyadmin will be set up for port 8080 and router firewall will not allow port 8080 traffic from the outside; however, it is openly available from the inside.
2. Each application requires its own authentication and authorization mechanisms. They will not be covered by this guide so please refer to each application’s manual to tighten up security.
I will start with basic vanilla install as part 1.
Ubuntu Server Vanilla Install
- Download Ubuntu Server ISO from Ubuntu
- Burn a CD and boot up with the CD
- Select Language – English
- Install Ubuntu Server
- Choose a language – English
- Choose a country – United States
- Detect keyboard layout – No
- Origin of keyboard – USA
- Keyboard layout – USA
- Hostname – ubuntu
- Select your time zone – Central
- Guided – use entire disk
- Select disk to partition – SCSI1 (0,0,0) (sda)
- Write changes – Yes
- Full name for the new user – user
- Username for your account – user
- Choose a password for the new user – (password)
- Re-enter password to verify – (password)
- Encrypt your home directory – No
- HTTP proxy information – (blank)
- How do you want to manage upgrades on this system? – No automatic updates
- Choose software to install – (None)
Change root password after logging in as user
Type user’s password once, enter new root password and confirmation
Elevate to privileged user
Run full-upgrade and reboot
aptitude update aptitude full-upgrade reboot
Install etckeeper for system configuration version control
aptitude install etckeeper
This will automatically start version control under /etc/ directory using bzr
Install favorite text editor [Optional]
aptitude install emacs
* Substitute emacs with your favorite text editor from here and on
Assign a static IP address
Example file content
... auto eth0 iface eth0 inet static address 192.168.0.10 netmask 255.255.255.0 gateway 192.168.0.1
Change hostname [Optional]
echo "ubuntu" > /etc/hostname emacs /etc/hosts
Example file content
127.0.0.1 localhost 192.168.0.10 ubuntu.jakeyoon.com ubuntu # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
Install SSH server
aptitude install openssh-server
Install time synchronization
Sync time now with Ubuntu ntp server
Install ntp daemon
aptitude install ntp
Install SNMP/SNMPD for network monitoring [Optional]
aptitude install snmp snmpd
Accept snmp request from remote servers
Remove “127.0.0.1” from snmpd options SNMPDOPTS
# snmpd options (use syslog, close stdin/out/err). SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid'
Comment out line com2sec paranoid default public and uncomment com2sec readonly default public
#com2sec paranoid default public com2sec readonly default public
To be added: mail relay, webalizer