Kuo Lab Wiki

User Tools

Site Tools

You are here: start » computers » server_basic_setup
computers:server_basic_setup

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computers:server_basic_setup [2018/12/13 22:58] chkuocomputers:server_basic_setup [2023/10/27 16:54] (current) hychang
Line 3: Line 3:
 ===== RAID ===== ===== RAID =====
   * high-reliability servers (firewall, DHCP, web, etc)   * high-reliability servers (firewall, DHCP, web, etc)
-    * 4 drives: RAID 1 (* 2), hot spare * 1, cold spare *1+    * 4 drives: RAID 1 (* 2), hot spare * 1, cold spare * 1
   * computational servers   * computational servers
     * RAID 10, hot spare * 1 or 2     * RAID 10, hot spare * 1 or 2
  
 ===== Operating System ===== ===== Operating System =====
-  * [[http://www.ubuntu.com/|Ubuntu]] 18.04 LTS 64-bit Server Edition.+  * [[http://www.ubuntu.com/|Ubuntu]] 20.04 LTS 64-bit Server Edition.
  
 ===== Packages ===== ===== Packages =====
Line 18: Line 18:
  
 # install specific new packages # install specific new packages
-for example, avahi-daemon for Zero Configuration Networking (Zeroconf)+# Zero Configuration Networking (Zeroconf)
 $ sudo apt install avahi-daemon $ sudo apt install avahi-daemon
-ntpd for automatic time correction +in case the avahi-daemon does not work after reboot, log-in using ip address and restart 
-$ sudo apt install ntp+$ sudo service avahi-daemon restart 
  
 # remove all unused packages # remove all unused packages
Line 32: Line 33:
  
 ===== Network ===== ===== Network =====
-  * edit ''/etc/netplan/50-cloud-init.yaml'' to configure the networkfor example:+  * edit ''/etc/netplan/50-cloud-init.yaml'' to configure the network 
 +    * use space for indentation, NOT tab. 
 +    * or delete the original *.yaml file generated by the installer, then create a new xxx.yaml in ''/etc/netplan'' 
 +  * example: eno1 uses DHCP; eno2 uses a static IP
 <file> <file>
 network: network:
-    ethernets: +  version: 2 
-        eno1: +  renderer: networkd 
-            addresses: [] +  ethernets: 
-            dhcp4: true +    eno1: 
-        eno2: +      addresses: [] 
-            addresses: [140.109.56.170/24] +      dhcp4: true 
-            gateway4: 140.109.56.254 +    eno2: 
-            nameservers: +      addresses: [140.109.56.170/24] 
-                addresses: [140.109.1.10,8.8.8.8,8.8.4.4] +      gateway4: 140.109.56.254 
-            dhcp4: no +      nameservers: 
-    version: 2+        addresses: [140.109.1.10,8.8.8.8,8.8.4.4] 
 +      dhcp4: no
 </file> </file>
-  * after updating the config file, execute''sudo netplan apply'' +  * more examples: [[https://netplan.io/examples/]] 
-  * use ''ifconfig'' to check network info:+  * after updating the config file, execute ''sudo netplan try'' to validate, then ''sudo netplan apply'' to apply 
 +  * to check the network info: ''ip a''
  
  
-===== Service ===== +  notefor Ubuntu 16.04 and earlier versions; edit ''/etc/network/interfaces''
-==== sshd_config ==== +
-  In ''/etc/ssh/sshd_config'', change ''PermitRootLogin without-password'' to ''PermitRootLogin no''+
-  * Limit ssh connection to ipv4 and disable ipv6uncomment ''ListenAddress 0.0.0.0'' and comment ''#ListenAddress ::''. This setting allows the server to listen to ipv4 only, so normal connections not denied because clients use ipv6 and are rejected based on the rules in ''/etc/hosts.allow'' and ''/etc/hosts.deny''.+
  
  
-===== SSH security =====+===== Time Synchronization ===== 
 + 
 +<code bash> 
 +# check setting 
 +$ timedatectl 
 +# list available timezones 
 +$ timedatectl list-timezones 
 +# set time zone (select from the list above) 
 +$ sudo timedatectl set-timezone Asia/Taipei 
 +# verify 
 +$ date 
 +</code> 
 + 
 + 
 +===== SSH =====
   * see [[computers:ssh_security|SSH security]]   * see [[computers:ssh_security|SSH security]]
   * minimal requirement: ''sudo apt install fail2ban''   * minimal requirement: ''sudo apt install fail2ban''
 +  * ''/etc/ssh/sshd_config''
 +    * ''PermitRootLogin no''.
 +    * Limit ssh connection to ipv4 and disable ipv6
 +      * Uncomment ''ListenAddress 0.0.0.0''
 +      * Comment ''#ListenAddress ::''
 +      * This setting allows the server to listen to ipv4 only, so normal connections not denied because clients use ipv6 and are rejected based on the rules in ''/etc/hosts.allow'' and ''/etc/hosts.deny''.
  
 +
 +===== Message Of The Day (motd) =====
 +<code bash>
 +# disable unnecessary messages
 +$ sudo chmod a-x /etc/update-motd.d/10-help-text 
 +$ sudo chmod a-x /etc/update-motd.d/50-motd-news 
 +</code>
  
 ===== User Management ===== ===== User Management =====
Line 85: Line 115:
 <code bash> <code bash>
 $ sudo adduser username groupname $ sudo adduser username groupname
 +</code>
 +
 +==== Remove User from Group ====
 +<code bash>
 +$ sudo deluser username groupname
 +</code>
 +
 +==== Change username and home directory====
 +<code bash>
 +$ sudo usermod -l new_username old_username
 +$ sudo usermod -d /home/new_username -m new_username
 </code> </code>
  
Line 102: Line 143:
 $ sudo deluser username $ sudo deluser username
 $ sudo delgroup groupname $ sudo delgroup groupname
 +</code>
 +
 +
 +==== Create scratch directory and storage====
 +Run the shell script make_work_dir, which had written by Dr. Kuo.
 +<code bash>
 +$ sudo /home/chkuo/bin/make_work_dir username
 </code> </code>
  
computers/server_basic_setup.1544713092.txt.gz · Last modified: 2018/12/13 22:58 by chkuo