Main web server.
The OS initially installed is Ubuntu Server Linux 10.04 LTS. Installed by DataRealm.
By default, the server gets its network settings from DHCP. I wish to change my server to a static IP. I'll use the default editor vi in the demonstrated commands but you may use the editor of your choice.
In the editor set your primary interface similarly. Of course, use your own valid IP addresses.
# The primary network interface auto eth0 iface eth0 inet static address 18.104.22.168 netmask 255.255.255.0 gateway 22.214.171.124
auto eth0:0 iface eth0:0 inet static address 126.96.36.199 netmask 255.255.255.0
auto eth0:1 iface eth0:1 inet static address 188.8.131.52 netmask 255.255.255.0
auto eth0:2 iface eth0:2 inet static address 184.108.40.206 netmask 255.255.255.0
Restart your network
Set you hostname
vi /etc/hosts # and vi /etc/hostname /etc/init.d/hostname restart
Base System Install
- OpenSSH server
I use aptitude to manage the packages installed on the system and for upgrading.
aptitude update # Update the package list
Packages I Use
All are installed using the command:
aptitude install packagename
aptitude install unzip
I use Pure-FTPd. This has a rather unusual configuration on Ubuntu. Each option is a separate file in the /etc/pure-ftp/conf directory. I got some hints from Ubuntu HowTo and which settings to use from my FreeBSD Pure-ftpd.conf.
Please see Pure-FTPd on Ubuntu
Secure methods are used to connect to this server and from this server to other servers. This is generally done using OpenSSH.
Using the very simple to administer UFW (uncomplicated firewall). The initial rules are shown below. These will need to be adjusted as new services are added.
ufw default deny # Default rule ufw allow ssh # Allow all ssh traffic on port 22 ufw allow ftp # Allow all ssh traffic on port 21 ufw allow www # Allow all ssh traffic on port 80 ufw logging on ufw enable # Turn the firewall on
aptitude install denyhosts /etc/init.d/denyhosts restart
Once you have a secure and communicative installation, it is time to put some monitoring into place. Monitoring includes logfile scans, user audits, disk audits, rootkit audits, and service availability scans.
Please see Ubuntu Monitoring
Backup and Restore
When something goes wrong (it will), have a current working backup of your data is essential. So it is critical to have an incremental backup plan that includes tested restore operations.
Please see Ubuntu Backup and Restore