Differences
This shows you the differences between two versions of the page.
|
tech:linux:setup_new_box [2020/07/19 06:27] |
tech:linux:setup_new_box [2023/02/12 06:30] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Setting up a new Linux box ====== | ||
| + | This page goes through the various settings that take place to setup a new Ubuntu box. In this case I was setting Ubuntu 12.04 Precise Pangolin. | ||
| + | |||
| + | ===== Install Configuration / Steps ===== | ||
| + | * Hardware details | ||
| + | * AMD 3 core CPU | ||
| + | * 2 x 500 GB Hard disk | ||
| + | * 1 DVD R/W | ||
| + | * 16 GB RAM | ||
| + | * Software install configuration | ||
| + | * RAID 1 array with the two disks | ||
| + | * Allocated 20 GB for SWAP and 480 GB for / | ||
| + | * Include LAMP, Samba, Mail (Postfix) as default services to be installed | ||
| + | * Configure server as "Internet Site" | ||
| + | |||
| + | ===== System Configuration ===== | ||
| + | * Update system by running "aptitude" | ||
| + | * Completed Security Upgrades | ||
| + | * Complete Package Upgrades | ||
| + | * Reboot | ||
| + | * Network configuration | ||
| + | * Update settings on router to designate IP address for server MAC address (ensure same IP allocation) | ||
| + | * Optionally do this for other devices on the network too | ||
| + | * Update Port forwarding on router to server for HTTP, HTTPS, SSH and SMTP | ||
| + | * Update info with DNS registry (such as godaddy) with WAN IP for A & MX records | ||
| + | * Install svn (using aptitude) | ||
| + | * Put [[tech:svn:using_subversion_to_version_control_etc|/etc on version control]] | ||
| + | * Update /etc/skel with [[etc_skel|this]] set | ||
| + | * Creating new users | ||
| + | * Update /etc/default/useradd as required. E.g. change SHELL to SHELL=/bin/bash | ||
| + | * Create additional [[commands_to_add_users_and_groups#adding_user_-_ubuntu|users]] as required | ||
| + | * Remember to delete the .svn directory inside the users home directory (of the new user). Because we have /etc on subversion, this would have inadvertently bought in the .svn directory into the home folder. We do not want that incorrect svn directory sitting there! | ||
| + | * Install the [[most_common_packages|most common packages]] that will the required | ||
| + | |||
| + | ===== DNS Server Configuration ===== | ||
| + | Currently ''ubv48'' is setup as DNS server using ''dnsmasq''.\\ | ||
| + | Update ''/etc/resolv.conf'' file as below: | ||
| + | <code> | ||
| + | nameserver 192.168.1.48 | ||
| + | nameserver 192.168.1.49 | ||
| + | nameserver 192.168.1.1 | ||
| + | nameserver 8.8.8.8 | ||
| + | options timeout:1 | ||
| + | options attempts:1 | ||
| + | </code> | ||
| + | |||
| + | Update ''/etc/network/interfaces'' file as below: | ||
| + | <code> | ||
| + | iface enp0s3 inet static | ||
| + | address 192.168.1.47 | ||
| + | netmask 255.255.255.0 | ||
| + | network 192.168.1.0 | ||
| + | gateway 192.168.1.1 | ||
| + | broadcast 192.168.1.255 | ||
| + | dns-nameservers 192.168.1.48 | ||
| + | dns-nameservers 192.168.1.1 | ||
| + | dns-nameservers 8.8.8.8 | ||
| + | </code> | ||
| + | ===== apt related ===== | ||
| + | * [[tech:linux:apt_upgrades|Automatic apt upgrades]] | ||
| + | * [[tech:linux:apt_update_resource_overload|APT update resource overload]] | ||
| + | |||
| + | ===== More items ===== | ||
| + | * Kernel | ||
| + | * To avoid kernel update do this | ||
| + | * Debian: <code bash>aptitude hold linux-image-amd64</code> | ||
| + | * Ubuntu: <code bash>aptitude hold linux-image-generic</code> | ||
| + | * Reason: VirtualBox GA will need to be reinstalled every time kernel is updated | ||
| + | |||
| + | * Setup postfix | ||
| + | * Setup alias such that local mail gets forwarded (/etc/aliases) | ||
| + | * SSH | ||
| + | * Generate SSH private and public keys | ||
| + | * Tuning | ||
| + | * Change swapiness and other parameters based on server needs - [[tech:linux:sysctl_config|sysctl.conf]] | ||
| + | * Others | ||
| + | * Optionally ask server to reboot automatically on [[tech1:linux:kernel_panic|kernel panic]] | ||
| + | * [[tech1:linux:others:i2c_piix4|Disable module i2c_piix4]] on Virtual Machines | ||
| + | * Install NRPE to be monitored | ||
| + | * nagios-nrpe-server nagios-plugins | ||
| + | * Install x11-utils x11-xserver-utils | ||
| + | * Packages to install | ||
| + | * If Physical Machine | ||
| + | * cpp dkms gcc make heirloom-mailx mysql-common nmap postfix smartmontools sysstat unzip telnetd | ||
| + | * If VM | ||
| + | * cpp gcc make heirloom-mailx mysql-common nmap postfix sysstat unzip telnetd | ||
| + | |||
| + | ===== Other Items configuration ===== | ||
| + | * Remove cloud-init <code>aptitude purge cloud-init</code> | ||
| + | * Remove snapd <code>apt autoremove --purge snapd</code> | ||
| + | * [[apache_configuration|Apache Configuration]] | ||
| + | * [[etc_skel#sudo_without_password|Setup to sudo without password]] | ||
| + | * [[tech:linux:mail_server_setup|Mail Server Configuration]] | ||
| + | * [[tech:linux:mysql:backups|MySQL Backups]] | ||
| + | * [[tech:linux:others:ntp_update|Reset System Clock with NTP Update]] | ||
| + | * [[tech:linux:others:pflogsumm_mail_report|Setup mail reporting using pflogsumm]] | ||
| + | * [[tech:linux:others:notify_reboot_req|Notify if the system requires a reboot]] | ||
| + | * [[tech:others:mounting_usb_drive_in_ubuntu&#permanently_mount_the_usb_drive|Mounting a USB drive permanently for Backups]] | ||
| + | * Install telnetd - To be used in case SSH server is down. Remember to change password immediately if doing a remote connection. | ||
| + | * [[tech:linux:php_ini|Update php.ini]] configuration file to improve on default limits | ||
| + | * Stop/Purge Ubuntu error reporting daemon <code>aptitude -y purge whoopsie</code> | ||
| + | * [[apt_update_resource_overload|Disable APT update resource overload]] | ||
| + | * Nagios | ||
| + | * If only setting this up for being monitored install nagios-nrpe-server nagios-plugins | ||
