Kuo Lab Wiki

User Tools

Site Tools

You are here: start » computers » server_basic_setup
computers:server_basic_setup

This is an old revision of the document!

Table of Contents

Server Basic Setup

RAID

  • high-reliability servers (firewall, DHCP, web, etc)
    • 4 drives: RAID 1 (* 2), hot spare * 1, cold spare *1
  • computational servers
    • RAID 10, hot spare * 1 or 2

Operating System

  • Ubuntu 18.04 LTS 64-bit Server Edition.

Packages

# update the package index
$ sudo apt update
# upgrade packages
$ sudo apt upgrade
 
# install specific new packages
# Zero Configuration Networking (Zeroconf)
$ sudo apt install avahi-daemon
 
# remove all unused packages
$ sudo apt autoremove
 
# remove specific packages; for example, those in /boot
$ sudo apt remove linux-image-2.6.32-23-server
$ sudo apt remove linux-image-3.2.0-32-generic

Network

  • edit /etc/netplan/50-cloud-init.yaml to configure the network
  • note: use space; NOT tab
  • example: eno1 uses DHCP; eno2 uses a static IP
network:
    ethernets:
        eno1:
            addresses: []
            dhcp4: true
        eno2:
            addresses: [140.109.56.170/24]
            gateway4: 140.109.56.254
            nameservers:
                addresses: [140.109.1.10,8.8.8.8,8.8.4.4]
            dhcp4: no
    version: 2
  • after updating the config file, execute: sudo netplan apply
  • use ifconfig to check network info:

Time Synchronization

# check setting
$ timedatectl
# list available timezones
$ timedatectl list-timezones
# set time zone (select from the list above)
$ sudo timedatectl set-timezone Asia/Taipei
# verify
$ date

Service

sshd_config

  • In /etc/ssh/sshd_config, change PermitRootLogin without-password to PermitRootLogin no.
  • Limit ssh connection to ipv4 and disable ipv6: uncomment ListenAddress 0.0.0.0 and comment #ListenAddress ::. This setting allows the server to listen to ipv4 only, so normal connections not denied because clients use ipv6 and are rejected based on the rules in /etc/hosts.allow and /etc/hosts.deny.

SSH security

  • see SSH security
  • minimal requirement: sudo apt install fail2ban

Message Of The Day (motd)

# disable unnecessary messages
$ sudo chmod a-x /etc/update-motd.d/10-help-text 
$ sudo chmod a-x /etc/update-motd.d/50-motd-news 
$ sudo chmod a-x /etc/update-motd.d/80-livepatch

User Management

Permissions

  • The default setting in Ubuntu allows world read/execute permissions to the user home directory. To protect data privacy, edit the file /etc/adduser.conf and modify the DIR_MODE variable to:
DIR_MODE=0750

Add Users

To add new users: 

$ sudo adduser username

The default profile is based on the contents in /etc/skel/

Add Group

$ sudo addgroup groupname

Add User to Group

$ sudo adduser username groupname

Administrator Privileges

To provide an user with administrator privileges (e.g., use sudo):

  • add the user to the adm and sudo group

Reset password

$ sudo passwd username

Delete User

$ sudo deluser username
$ sudo delgroup groupname

Limit

  • /etc/security/limits.conf
# example of setting default priority
@users      -       priority        5
username    -       priority        10

Test

Hard Drive Speed

Use hdparm (need to use sudo), for example: 

$ sudo hdparm -tT /dev/sda
 
/dev/sda:
 Timing cached reads:   14352 MB in  2.00 seconds = 7182.41 MB/sec
 Timing buffered disk reads:  1660 MB in  3.00 seconds = 553.13 MB/sec
computers/server_basic_setup.1545062524.txt.gz · Last modified: 2018/12/18 00:02 by chkuo