Differences
This shows you the differences between two versions of the page.
tech:linux:setup_new_box [2020/07/19 06:27] |
tech:linux:setup_new_box [2023/02/12 06:30] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Setting up a new Linux box ====== | ||
+ | This page goes through the various settings that take place to setup a new Ubuntu box. In this case I was setting Ubuntu 12.04 Precise Pangolin. | ||
+ | |||
+ | ===== Install Configuration / Steps ===== | ||
+ | * Hardware details | ||
+ | * AMD 3 core CPU | ||
+ | * 2 x 500 GB Hard disk | ||
+ | * 1 DVD R/W | ||
+ | * 16 GB RAM | ||
+ | * Software install configuration | ||
+ | * RAID 1 array with the two disks | ||
+ | * Allocated 20 GB for SWAP and 480 GB for / | ||
+ | * Include LAMP, Samba, Mail (Postfix) as default services to be installed | ||
+ | * Configure server as "Internet Site" | ||
+ | |||
+ | ===== System Configuration ===== | ||
+ | * Update system by running "aptitude" | ||
+ | * Completed Security Upgrades | ||
+ | * Complete Package Upgrades | ||
+ | * Reboot | ||
+ | * Network configuration | ||
+ | * Update settings on router to designate IP address for server MAC address (ensure same IP allocation) | ||
+ | * Optionally do this for other devices on the network too | ||
+ | * Update Port forwarding on router to server for HTTP, HTTPS, SSH and SMTP | ||
+ | * Update info with DNS registry (such as godaddy) with WAN IP for A & MX records | ||
+ | * Install svn (using aptitude) | ||
+ | * Put [[tech:svn:using_subversion_to_version_control_etc|/etc on version control]] | ||
+ | * Update /etc/skel with [[etc_skel|this]] set | ||
+ | * Creating new users | ||
+ | * Update /etc/default/useradd as required. E.g. change SHELL to SHELL=/bin/bash | ||
+ | * Create additional [[commands_to_add_users_and_groups#adding_user_-_ubuntu|users]] as required | ||
+ | * Remember to delete the .svn directory inside the users home directory (of the new user). Because we have /etc on subversion, this would have inadvertently bought in the .svn directory into the home folder. We do not want that incorrect svn directory sitting there! | ||
+ | * Install the [[most_common_packages|most common packages]] that will the required | ||
+ | |||
+ | ===== DNS Server Configuration ===== | ||
+ | Currently ''ubv48'' is setup as DNS server using ''dnsmasq''.\\ | ||
+ | Update ''/etc/resolv.conf'' file as below: | ||
+ | <code> | ||
+ | nameserver 192.168.1.48 | ||
+ | nameserver 192.168.1.49 | ||
+ | nameserver 192.168.1.1 | ||
+ | nameserver 8.8.8.8 | ||
+ | options timeout:1 | ||
+ | options attempts:1 | ||
+ | </code> | ||
+ | |||
+ | Update ''/etc/network/interfaces'' file as below: | ||
+ | <code> | ||
+ | iface enp0s3 inet static | ||
+ | address 192.168.1.47 | ||
+ | netmask 255.255.255.0 | ||
+ | network 192.168.1.0 | ||
+ | gateway 192.168.1.1 | ||
+ | broadcast 192.168.1.255 | ||
+ | dns-nameservers 192.168.1.48 | ||
+ | dns-nameservers 192.168.1.1 | ||
+ | dns-nameservers 8.8.8.8 | ||
+ | </code> | ||
+ | ===== apt related ===== | ||
+ | * [[tech:linux:apt_upgrades|Automatic apt upgrades]] | ||
+ | * [[tech:linux:apt_update_resource_overload|APT update resource overload]] | ||
+ | |||
+ | ===== More items ===== | ||
+ | * Kernel | ||
+ | * To avoid kernel update do this | ||
+ | * Debian: <code bash>aptitude hold linux-image-amd64</code> | ||
+ | * Ubuntu: <code bash>aptitude hold linux-image-generic</code> | ||
+ | * Reason: VirtualBox GA will need to be reinstalled every time kernel is updated | ||
+ | |||
+ | * Setup postfix | ||
+ | * Setup alias such that local mail gets forwarded (/etc/aliases) | ||
+ | * SSH | ||
+ | * Generate SSH private and public keys | ||
+ | * Tuning | ||
+ | * Change swapiness and other parameters based on server needs - [[tech:linux:sysctl_config|sysctl.conf]] | ||
+ | * Others | ||
+ | * Optionally ask server to reboot automatically on [[tech1:linux:kernel_panic|kernel panic]] | ||
+ | * [[tech1:linux:others:i2c_piix4|Disable module i2c_piix4]] on Virtual Machines | ||
+ | * Install NRPE to be monitored | ||
+ | * nagios-nrpe-server nagios-plugins | ||
+ | * Install x11-utils x11-xserver-utils | ||
+ | * Packages to install | ||
+ | * If Physical Machine | ||
+ | * cpp dkms gcc make heirloom-mailx mysql-common nmap postfix smartmontools sysstat unzip telnetd | ||
+ | * If VM | ||
+ | * cpp gcc make heirloom-mailx mysql-common nmap postfix sysstat unzip telnetd | ||
+ | |||
+ | ===== Other Items configuration ===== | ||
+ | * Remove cloud-init <code>aptitude purge cloud-init</code> | ||
+ | * Remove snapd <code>apt autoremove --purge snapd</code> | ||
+ | * [[apache_configuration|Apache Configuration]] | ||
+ | * [[etc_skel#sudo_without_password|Setup to sudo without password]] | ||
+ | * [[tech:linux:mail_server_setup|Mail Server Configuration]] | ||
+ | * [[tech:linux:mysql:backups|MySQL Backups]] | ||
+ | * [[tech:linux:others:ntp_update|Reset System Clock with NTP Update]] | ||
+ | * [[tech:linux:others:pflogsumm_mail_report|Setup mail reporting using pflogsumm]] | ||
+ | * [[tech:linux:others:notify_reboot_req|Notify if the system requires a reboot]] | ||
+ | * [[tech:others:mounting_usb_drive_in_ubuntu&#permanently_mount_the_usb_drive|Mounting a USB drive permanently for Backups]] | ||
+ | * Install telnetd - To be used in case SSH server is down. Remember to change password immediately if doing a remote connection. | ||
+ | * [[tech:linux:php_ini|Update php.ini]] configuration file to improve on default limits | ||
+ | * Stop/Purge Ubuntu error reporting daemon <code>aptitude -y purge whoopsie</code> | ||
+ | * [[apt_update_resource_overload|Disable APT update resource overload]] | ||
+ | * Nagios | ||
+ | * If only setting this up for being monitored install nagios-nrpe-server nagios-plugins | ||