Setting up a new Linux box

This page goes through the various settings that take place to setup a new Ubuntu box. In this case I was setting Ubuntu 12.04 Precise Pangolin.

• Hardware details
  • AMD 3 core CPU
  • 2 x 500 GB Hard disk
  • 1 DVD R/W
  • 16 GB RAM
• Software install configuration
  • RAID 1 array with the two disks
  • Allocated 20 GB for SWAP and 480 GB for /
  • Include LAMP, Samba, Mail (Postfix) as default services to be installed
  • Configure server as “Internet Site”

• Update system by running “aptitude”
  • Completed Security Upgrades
  • Complete Package Upgrades
  • Reboot
• Network configuration
  • Update settings on router to designate IP address for server MAC address (ensure same IP allocation)
    • Optionally do this for other devices on the network too
  • Update Port forwarding on router to server for HTTP, HTTPS, SSH and SMTP
  • Update info with DNS registry (such as godaddy) with WAN IP for A & MX records
• Install svn (using aptitude)
• Put /etc on version control
• Update /etc/skel with this set
• Creating new users
  • Update /etc/default/useradd as required. E.g. change SHELL to SHELL=/bin/bash
  • Create additional users as required
  • Remember to delete the .svn directory inside the users home directory (of the new user). Because we have /etc on subversion, this would have inadvertently bought in the .svn directory into the home folder. We do not want that incorrect svn directory sitting there!
• Install the most common packages that will the required

Currently ubv48 is setup as DNS server using dnsmasq.
Update /etc/resolv.conf file as below:

nameserver 192.168.1.48
nameserver 192.168.1.49
nameserver 192.168.1.1
nameserver 8.8.8.8
options timeout:1
options attempts:1

Update /etc/network/interfaces file as below:

iface enp0s3 inet static
        address 192.168.1.47
        netmask 255.255.255.0
        network 192.168.1.0
        gateway 192.168.1.1
        broadcast 192.168.1.255
        dns-nameservers 192.168.1.48
        dns-nameservers 192.168.1.1
        dns-nameservers 8.8.8.8

• Automatic apt upgrades
• APT update resource overload

• Kernel
  • To avoid kernel update do this
    • Debian:

      aptitude hold linux-image-amd64

    • Ubuntu:

      aptitude hold linux-image-generic

  • Reason: VirtualBox GA will need to be reinstalled every time kernel is updated
• Mail
  • Setup postfix
  • Setup alias such that local mail gets forwarded (/etc/aliases)
• SSH
  • Generate SSH private and public keys
• Tuning
  • Change swapiness and other parameters based on server needs - sysctl.conf
• Others
  • Optionally ask server to reboot automatically on kernel panic
  • Disable module i2c_piix4 on Virtual Machines
  • Install NRPE to be monitored
    • nagios-nrpe-server nagios-plugins
  • Install x11-utils x11-xserver-utils
• Packages to install
  • If Physical Machine
    • cpp dkms gcc make heirloom-mailx mysql-common nmap postfix smartmontools sysstat unzip telnetd
  • If VM
    • cpp gcc make heirloom-mailx mysql-common nmap postfix sysstat unzip telnetd

• Remove cloud-init

  aptitude purge cloud-init

• Remove snapd

  apt autoremove --purge snapd

• Apache Configuration
• Setup to sudo without password
• Mail Server Configuration
• MySQL Backups
• Reset System Clock with NTP Update
• Setup mail reporting using pflogsumm
• Notify if the system requires a reboot
• Mounting a USB drive permanently for Backups
• Install telnetd - To be used in case SSH server is down. Remember to change password immediately if doing a remote connection.
• Update php.ini configuration file to improve on default limits
• Stop/Purge Ubuntu error reporting daemon

  aptitude -y purge whoopsie

• Disable APT update resource overload
• Nagios
  • If only setting this up for being monitored install nagios-nrpe-server nagios-plugins