====== Server Basic Setup ======
===== RAID =====
* high-reliability servers (firewall, DHCP, web, etc)
* 4 drives: RAID 1 (* 2), hot spare * 1, cold spare * 1
* computational servers
* RAID 10, hot spare * 1 or 2
===== Operating System =====
* [[http://www.ubuntu.com/|Ubuntu]] 20.04 LTS 64-bit Server Edition.
===== Packages =====
# update the package index
$ sudo apt update
# upgrade packages
$ sudo apt upgrade
# install specific new packages
# Zero Configuration Networking (Zeroconf)
$ sudo apt install avahi-daemon
# in case the avahi-daemon does not work after reboot, log-in using ip address and restart
$ sudo service avahi-daemon restart
# remove all unused packages
$ sudo apt autoremove
# remove specific packages; for example, those in /boot
$ sudo apt remove linux-image-2.6.32-23-server
$ sudo apt remove linux-image-3.2.0-32-generic
===== Network =====
* edit ''/etc/netplan/50-cloud-init.yaml'' to configure the network
* use space for indentation, NOT tab.
* or delete the original *.yaml file generated by the installer, then create a new xxx.yaml in ''/etc/netplan''
* example: eno1 uses DHCP; eno2 uses a static IP
network:
version: 2
renderer: networkd
ethernets:
eno1:
addresses: []
dhcp4: true
eno2:
addresses: [140.109.56.170/24]
gateway4: 140.109.56.254
nameservers:
addresses: [140.109.1.10,8.8.8.8,8.8.4.4]
dhcp4: no
* more examples: [[https://netplan.io/examples/]]
* after updating the config file, execute ''sudo netplan try'' to validate, then ''sudo netplan apply'' to apply
* to check the network info: ''ip a''
* note: for Ubuntu 16.04 and earlier versions; edit ''/etc/network/interfaces''
===== Time Synchronization =====
# check setting
$ timedatectl
# list available timezones
$ timedatectl list-timezones
# set time zone (select from the list above)
$ sudo timedatectl set-timezone Asia/Taipei
# verify
$ date
===== SSH =====
* see [[computers:ssh_security|SSH security]]
* minimal requirement: ''sudo apt install fail2ban''
* ''/etc/ssh/sshd_config''
* ''PermitRootLogin no''.
* Limit ssh connection to ipv4 and disable ipv6
* Uncomment ''ListenAddress 0.0.0.0''
* Comment ''#ListenAddress ::''
* This setting allows the server to listen to ipv4 only, so normal connections not denied because clients use ipv6 and are rejected based on the rules in ''/etc/hosts.allow'' and ''/etc/hosts.deny''.
===== Message Of The Day (motd) =====
# disable unnecessary messages
$ sudo chmod a-x /etc/update-motd.d/10-help-text
$ sudo chmod a-x /etc/update-motd.d/50-motd-news
===== User Management =====
==== Permissions ====
* The default setting in Ubuntu allows world read/execute permissions to the user home directory. To protect data privacy, edit the file ''/etc/adduser.conf'' and modify the ''DIR_MODE'' variable to:
DIR_MODE=0750
==== Add Users ====
To add new users:
$ sudo adduser username
The default profile is based on the contents in ''/etc/skel/''
==== Add Group ====
$ sudo addgroup groupname
==== Add User to Group ====
$ sudo adduser username groupname
==== Remove User from Group ====
$ sudo deluser username groupname
==== Change username and home directory====
$ sudo usermod -l new_username old_username
$ sudo usermod -d /home/new_username -m new_username
==== Administrator Privileges ====
To provide an user with administrator privileges (e.g., use ''sudo''):
* add the user to the ''adm'' and ''sudo'' group
==== Reset password ====
$ sudo passwd username
==== Delete User ====
$ sudo deluser username
$ sudo delgroup groupname
==== Create scratch directory and storage====
Run the shell script make_work_dir, which had written by Dr. Kuo.
$ sudo /home/chkuo/bin/make_work_dir username
===== Limit =====
* ''/etc/security/limits.conf''
# example of setting default priority
@users - priority 5
username - priority 10
===== Test =====
==== Hard Drive Speed ====
Use ''hdparm'' (need to use ''sudo''), for example:
$ sudo hdparm -tT /dev/sda
/dev/sda:
Timing cached reads: 14352 MB in 2.00 seconds = 7182.41 MB/sec
Timing buffered disk reads: 1660 MB in 3.00 seconds = 553.13 MB/sec