Ubuntu Server

The following instructions will assume that you are working as root. To enable root follow the instructions here.

Download
http://releases.ubuntu.com/14.04/

HOWTO: Software RAID
https://help.ubuntu.com/14.04/serverguide/advanced-installation.html

The Urban Penguin - Software Raid Tutorial

Things To Do After Initial Install:
sudo aptitude update sudo aptitude safe-upgrade

HOWTO: DISABLE: console-kit-daemon
To see how many are running:

To get rid of the service you will need to first find its process ID:

Which should return something similar to:

root 1393 0.0  0.1 2091756 3940 ? Sl  11:04   0:00 /usr/sbin/console-kit-daemon --no-daemon

Where 1393 is the ID, to stop and remove it from start up:

From here.

HOWTO: DISABLE: Console Screen Blanking
sudo setterm -blank 0

To make this change permanent, create a file called 'setterm.start' in the /etc/local.d/ folder.

sudo mkdir /etc/local.d sudo nano /etc/local.d/setterm.start setterm -blank 0 sudo chmod +x /etc/local.d/setterm.start

HOWTO: DISABLE: Control-Alt-Delete
sudo mv -v /etc/init/control-alt-delete.conf /root/

HOWTO: DISABLE: High Resolution Console
sudo nano /etc/default/grub GRUB_HIDDEN_TIMEOUT_QUIET=false GRUB_TIMEOUT=10 GRUB_CMDLINE_LINUX_DEFAULT="noquiet nosplash nofb nomodeset" GRUB_TERMINAL=console sudo update-grub

HOWTO: DISABLE: IPv6
sudo nano /etc/default/grub GRUB_CMDLINE_LINUX="ipv6.disable=1" sudo update-grub

HOWTO: DISABLE: Landscape System Information Banner in MOTD
sudo dpkg-reconfigure landscape-common sudo aptitude -y purge landscape-common

HOWTO: DISABLE: whoopsie
Whoopsie is Ubuntu's Error Reporting daemon, to disable it:

Linux Terminal:~$ sudo nano /etc/default/whoopsie

Change the report_crashes parameter from:

report_crashes=true

to:

report_crashes=false

Save and close the file, then test the change:

Linux Terminal:~$ sudo service whoopsie stop sudo update-rc.d -f whoopsie remove

HOWTO: SSH - Secure
To get it "Tight as a duck's a***"...

Levels

 * 1) Port Number
 * 2) Firewall Rules
 * 3) TCP Wrappers
 * 4) SSH Daemon Configuration

User --> Non Standard Port --> Firewall Check --> TCP Wrapper Check --> SSH Configuration Check --> Logged In

Files
==> /etc/hosts <== 127.0.0.1 localhost.localdomain localhost 10.0.0.1 server1.domain.co.uk server1 12.345.678.90 www.domain.co.uk ==> /etc/hosts.allow <== ALL: 10.0.0.0/24 imap: ALL sshd: 123.456.789 ==> /etc/hosts.deny <== ALL: ALL

Testing
tcpdmatch sshd 123.456.789 client:  address  123.456.789 server:  process  sshd access:  granted

Thanks - http://bodhizazen.net/Tutorials/SSH_security

Thanks - http://www.cyberciti.biz/faq/tcp-wrappers-hosts-allow-deny-tutorial/

Server Side
Turn off the DNS lookups...

/etc/ssh/sshd_config

UseDNS no

Turn off the MOTD (Message Of The Day)...

touch ~/.hushlogin

Client Side
Turn off IPv6...

~/.ssh/config

Host * AddressFamily inet

HOWTO: SSH - Copy Public Key To Server
ssh-copy-id -i ~/.ssh/id_rsa.pub username@192.168.0.x

HOWTO: SSH - Install Server
Linux Terminal:~$ apt-get install ssh openssh-server

HOWTO: List Running Daemons With IPv4 And IPv6
sudo lsof -i -n -P

HOWTO: FIX: Blank Screen Unsupported Video Options

 * Hold RIGHT SHIFT down during CD boot
 * Press F6 to choose Advanced Options
 * Press ESC
 * Use the arrow keys to move along the Boot line
 * Change the vga= number to 769

http://en.wikipedia.org/wiki/VESA_BIOS_Extensions#Linux_video_mode_numbers

HOWTO: FIX: Dovecot Startup Script
cd /etc/init.d/ sudo ln -s /lib/init/upstart-job dovecot sudo update-rc.d dovecot defaults sudo service dovecot start

HOWTO: FIX: Failed to connect to system bus ERROR
You may see these error messages in /var/log/auth.log...

Feb 5 15:38:02 hostname proftpd: pam_systemd(proftpd:session): Failed to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory

To fix it, make sure you add the dbus service to system startup, and then restart the services...

sudo update-rc.d dbus defaults sudo service dbus restart sudo service proftpd restart

Thanks to Gentoo! - http://wiki.gentoo.org/wiki/SLiM#Failed_to_connect_to_socket_.2Fvar.2Frun.2Fdbus.2Fsystem_bus_socket:

HOWTO: FIX: MEI Kernel Error Messages
"The Intel Management Engine (Intel ME) is an isolated and protected computing resource (Co-processor) residing inside certain Intel chipsets. The Intel ME provides support for computer/IT management features. The feature set depends on the Intel chipset SKU."

https://www.kernel.org/doc/Documentation/misc-devices/mei/mei.txt

But this might not be needed if the hardware does not support it, and you will get the following errors in your kernel logs...

kernel: [258168.036048] mei 0000:00:03.0: unexpected reset: dev_state = RESETING

Edit the /etc/modprobe.d/blacklist.conf file and add the following line...

blacklist mei
 * 1) fix unwanted intel kernel messages

...then reboot.

HOWTO: FIX: User Is Not In The Sudoers File Stuck Help
http://www.maketecheasier.com/fixing-sudo-error-in-ubuntu/

HOWTO: Force Filesystem Check On Reboot
sudo touch /forcefsck sudo reboot

HOWTO: Run A Command On System Startup As Another User
Edit /etc/rc.local and add a line like the following...

su -c 'mpdscribble' paully & exit 0
 * 1) mpdscribble
 * 1) exit (te line below must be the last line in the file)

http://askubuntu.com/questions/90406/startup-script-for-a-specific-user-on-ubuntu-server

HOWTO: Run Automated Package List Updates But Not Install
Install the software...

sudo aptitude install cron-apt

Edit the configuration file /etc/cron-apt/config...

MAILON="always" MAILTO="me@myemail.com"

Read more about the software in the README...

less /usr/share/doc/cron-apt/README.gz

http://www.debian-administration.org/articles/162

HOWTO: Set System Wide Maildir Email Directory
File: /etc/bash.bashrc

MAIL=$HOME/.maildir/

HOWTO: INSTALL: Basic Email Server - Part I - Procmail + Postfix + Mutt
sudo aptitude install procmail postfix mutt Postfix Configuration > Mailer Type > Internet Site > Domain Name > server1.domain.com

/etc/postfix/main.cf

mynetworks = 127.0.0.0/8 10.0.0.0/24

or

mynetworks = 127.0.0.0/8 192.168.0.0/24

HOWTO: INSTALL: CPU Stepping
sudo aptitude install cpufrequtils sudo update-rc.d cpufrequtils defaults sudo cpufreq-info sudo grep 'MHz' /proc/cpuinfo

HOWTO: INSTALL: MailScanner + ClamAV + SpamAssassin + DCC + Razor + Pyzor
http://www.mailscanner.info/sendmail.html nano /etc/mail/sendmail.cf PrivacyOptions=noetrn DeliveryMode=queueonly QueueDirectory=/var/spool/mqueue.in
 * Sendmail Tweaks

sudo aptitude install -y spamassassin clamav clamav-daemon
 * MailScanner

HOWTO: INSTALL: Network Time Protocol (NTP)
sudo aptitude install ntp ntpdate

To add or remove time servers edit the configuration file:

sudo nano /etc/ntp.conf

That standard configuration file looks like this:

server 0.ubuntu.pool.ntp.org server 1.ubuntu.pool.ntp.org server 2.ubuntu.pool.ntp.org server 3.ubuntu.pool.ntp.org
 * 1) Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
 * 2) on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
 * 3) more information.

Then reconfigure...

sudo dpkg-reconfigure tzdata

Test...

date

HOWTO: INSTALL: Temperature Sensor Monitoring
sudo aptitude install lm-sensors sudo sensors-detect sudo service kmod start sudo update-rc.d kmod defaults sudo sensors coretemp-isa-0000 Adapter: ISA adapter Core 0:      +41.0°C  (high = +80.0°C, crit = +100.0°C) Core 1:      +41.0°C  (high = +80.0°C, crit = +100.0°C) smsc47b397-isa-0480 Adapter: ISA adapter fan1:       1037 RPM fan2:          0 RPM fan3:          0 RPM fan4:       1017 RPM temp1:       +50.0°C temp2:       +37.0°C temp3:       +21.0°C temp4:      -128.0°C

HOWTO: Set Time Zone And Date
http://hacksforge.com/How-to-change-time-zone-in-Ubuntu-Linux.html

HOWTO: TWEAK: Getty Terminals
cd /etc/init/ sudo rm -rfv tty6.conf tty5.conf tty4.conf tty3.conf

HOWTO: TWEAK: Static IP Address
Edit the file to read (this example uses 192.168.0.100 for the system and Google's DNS servers):

auto lo iface lo inet loopback auto em1 iface em1 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 dns-nameservers 8.8.8.8 8.8.4.4
 * 1) The loopback network interface
 * 1) The primary network interface

Save and close the file, then restart the network:

Edit the 'hosts' file:

Edit the file to read (server2 used for this example):

127.0.0.1 localhost.localdomain localhost 192.168.0.100 server1.example.com server1 ::1    ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters
 * 1) The following lines are desirable for IPv6 capable hosts

Then run:

Check the configuration:

Both of the above commands should return:

server2.example.com

HOWTO: ENABLE: Root User
Linux Terminal:-$ sudo su sudo passwd root

You will prompted to enter and confirm the password for 'root'. After which you will be able to log in the root user and have full privileges without having to type 'sudo' at the beginning of each line.

HOWTO: LIST: Startup Services
Linux Terminal:~$ sudo initctl list |sort sudo service --status-all sudo ls -lah /etc/rc*

Swap File Partition - Suggested Sizes

 * 1) Systems with 4GB of ram or less require a minimum of 2GB of swap space
 * 2) Systems with 4GB to 16GB of ram require a minimum of 4GB of swap space
 * 3) Systems with 16GB to 64GB of ram require a minimum of 8GB of swap space
 * 4) Systems with 64GB to 256GB of ram require a minimum of 16GB of swap space

See here.

Download ISO Release
http://releases.ubuntu.com/raring/