Ubuntu Server

The following assumes you have not enabled the root user, thus the use of 'sudo'. If you have enabled the root user you can ignore sudo.

Downloads
http://releases.ubuntu.com/14.04/

http://releases.ubuntu.com/raring/

Swap File Partition - Suggested Sizes

 * 1) Systems with 4GB of ram or less require a minimum of 2GB of swap space
 * 2) Systems with 4GB to 16GB of ram require a minimum of 4GB of swap space
 * 3) Systems with 16GB to 64GB of ram require a minimum of 8GB of swap space
 * 4) Systems with 64GB to 256GB of ram require a minimum of 16GB of swap space

See here.

HOWTO: Software RAID
https://help.ubuntu.com/14.04/serverguide/advanced-installation.html

The Urban Penguin - Software Raid Tutorial

Things To Do After Initial Install:
sudo aptitude update sudo aptitude safe-upgrade

rtc error
Ubuntu Server tries to load the module 'rtc' on boot. This is no longer needed for newer hardwware.

Check to make sure your clock is correct...

sudo date sudo hwclock

Just comment out the offending line from the modules configuration file. Might as well stop the printer driver as well!

sudo nano /etc/modules # lp     # rtc

console-kit-daemon
To see how many are running:

pstree -cln

To get rid of the service you will need to first find its process ID:

ps aux| grep console-kit-daemon

Which should return something similar to:

root 1393 0.0  0.1 2091756 3940 ? Sl  11:04   0:00 /usr/sbin/console-kit-daemon --no-daemon

Where 1393 is the ID, to stop and remove it from start up:

pkill 1393 cp /usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service org.freedesktop.ConsoleKit.old rm /usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service

From here.

Clear Screen After Boot Before Login
Add --noclear to the getty options for the 1st terminal...

sudo nano /etc/init/tty1.conf exec /sbin/getty -8 38400 --noclear tty1

Console Screen Blanking
sudo setterm -blank 0

To make this change permanent, create a file called 'setterm.start' in the /etc/local.d/ folder.

sudo mkdir /etc/local.d sudo nano /etc/local.d/setterm.start setterm -blank 0 sudo chmod +x /etc/local.d/setterm.start

Control-Alt-Delete
sudo mv -v /etc/init/control-alt-delete.conf /root/

High Resolution Console
sudo nano /etc/default/grub GRUB_HIDDEN_TIMEOUT_QUIET=false GRUB_TIMEOUT=10 GRUB_CMDLINE_LINUX_DEFAULT="noquiet nosplash nofb nomodeset" GRUB_TERMINAL=console sudo update-grub

IPv6
sudo nano /etc/default/grub GRUB_CMDLINE_LINUX="ipv6.disable=1" sudo update-grub

Landscape System Information Banner in MOTD
sudo dpkg-reconfigure landscape-common sudo aptitude -y purge landscape-common

whoopsie
Whoopsie is Ubuntu's Error Reporting daemon, to disable it:

sudo nano /etc/default/whoopsie report_crashes=false

Save and close the file, then test the change:

sudo service whoopsie stop sudo update-rc.d -f whoopsie remove

CPU Stepping
sudo aptitude install -y cpufrequtils sudo update-rc.d cpufrequtils defaults sudo cpufreq-info sudo grep 'MHz' /proc/cpuinfo

Network Time Protocol (NTP)
sudo aptitude install ntp ntpdate

To add or remove time servers edit the configuration file:

sudo nano /etc/ntp.conf

Tweak the configuration file. Check at http://www.pool.ntp.org/zone/uk for latest list...

server 0.uk.pool.ntp.org server 1.uk.pool.ntp.org server 2.uk.pool.ntp.org server 3.uk.pool.ntp.org

Then reconfigure...

sudo dpkg-reconfigure tzdata sudo service ntp restart

Test...

date

Temperature Sensor Monitoring
sudo aptitude install lm-sensors sudo sensors-detect sudo service kmod start sudo update-rc.d kmod defaults sudo sensors coretemp-isa-0000 Adapter: ISA adapter Core 0:      +41.0°C  (high = +80.0°C, crit = +100.0°C) Core 1:      +41.0°C  (high = +80.0°C, crit = +100.0°C) smsc47b397-isa-0480 Adapter: ISA adapter fan1:       1037 RPM fan2:          0 RPM fan3:          0 RPM fan4:       1017 RPM temp1:       +50.0°C temp2:       +37.0°C temp3:       +21.0°C temp4:      -128.0°C

Cannot Reboot Or Shutdown Hangs Stops
This is to be used as a last resort... but it may just save your skin.

sudo echo 1 > /proc/sys/kernel/sysrq sudo echo b > /proc/sysrq-trigger

Blank Screen Unsupported Video Options

 * Hold RIGHT SHIFT down during CD boot
 * Press F6 to choose Advanced Options
 * Press ESC
 * Use the arrow keys to move along the Boot line
 * Change the ==vga=== number to ==769==

http://en.wikipedia.org/wiki/VESA_BIOS_Extensions#Linux_video_mode_numbers

Failed to connect to system bus ERROR
You may see these error messages in ==/var/log/auth.log==...

Feb 5 15:38:02 hostname proftpd: pam_systemd(proftpd:session): Failed to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory

To fix it, make sure you add the dbus service to system startup, and then restart the services...

sudo update-rc.d dbus defaults sudo service dbus restart sudo service proftpd restart

Thanks to Gentoo! - http://wiki.gentoo.org/wiki/SLiM#Failed_to_connect_to_socket_.2Fvar.2Frun.2Fdbus.2Fsystem_bus_socket:

MEI Kernel Error Messages
"The Intel Management Engine (Intel ME) is an isolated and protected computing resource (Co-processor) residing inside certain Intel chipsets. The Intel ME provides support for computer/IT management features. The feature set depends on the Intel chipset SKU."

https://www.kernel.org/doc/Documentation/misc-devices/mei/mei.txt

But this might not be needed if the hardware does not support it, and you will get the following errors in your kernel logs...

kernel: [258168.036048] mei 0000:00:03.0: unexpected reset: dev_state = RESETING

Edit the ==/etc/modprobe.d/blacklist.conf== file and add the following line...

blacklist mei
 * 1) fix unwanted intel kernel messages

...then reboot.

User Is Not In The Sudoers File Stuck Help
http://www.maketecheasier.com/fixing-sudo-error-in-ubuntu/

Samba Error: no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory
sudo pam-auth-update

Untick "SMB password synchronization"

Thanks - http://ubuntuforums.org/showthread.php?t=2214042

Recently Installed Packages
sudo cat /var/log/dpkg.log* |grep ' installed' |sort -k1

Running Daemons With IPv4 And IPv6
sudo lsof -i -n -P

Startup Services
sudo initctl list |sort sudo service --status-all sudo ls -lah /etc/rc*

Better Log Files
sudo nano /etc/rsyslog.d/50-default.conf '''cron.*                         /var/log/cron.log #mail.info                     -/var/log/mail.info #mail.warn                     -/var/log/mail.warn #mail.err                      /var/log/mail.err #      # Some "catch-all" log files. #      *.=debug;\ auth,authpriv.none;\ news.none;mail.none    -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none         -/var/log/messages #daemon.*;mail.*;\ #      news.err;\ #      *.=debug;*.=info;\ #      *.=notice;*.=warn       |/dev/xconsole #'''

Getty Terminals
cd /etc/init/ sudo rm -rfv tty6.conf tty5.conf tty4.conf tty3.conf

Root User
sudo su sudo passwd root

You will prompted to enter and confirm the password for 'root'. After which you will be able to log in the root user and have full privileges without having to type 'sudo' at the beginning of each line.

Static IP Address
sudo nano /etc/network/interfaces

Edit the file to read (this example uses 192.168.0.100 for the system and Google's DNS servers):

auto lo iface lo inet loopback auto em1 iface em1 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 dns-nameservers 8.8.8.8 8.8.4.4
 * 1) The loopback network interface
 * 1) The primary network interface

Save and close the file, then restart the network:

sudo /etc/init.d/networking restart

Edit the 'hosts' file:

sudo nano /etc/hosts

Edit the file to read (server2 used for this example):

127.0.0.1 localhost.localdomain localhost 192.168.0.100 server1.example.com server1 ::1    ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters
 * 1) The following lines are desirable for IPv6 capable hosts

Then run:

sudo echo server1.example.com > /etc/hostname sudo /etc/init.d/hostname restart

Check the configuration:

hostname hostname -f

Both of the above commands should return:

server2.example.com

Time Zone And Date
sudo aptitude install ntp sudo dpkg-reconfigure tzdata

http://hacksforge.com/How-to-change-time-zone-in-Ubuntu-Linux.html

Automated Package List Updates But Not Install
Install the software...

sudo aptitude install cron-apt sudo nano /etc/cron-apt/config MAILON="always" MAILTO="me@myemail.com"

Read more about the software in the README...

less /usr/share/doc/cron-apt/README.gz

http://www.debian-administration.org/articles/162

Command On System Startup As Another User
sudo nano /etc/rc.local # mpdscribble su -c 'mpdscribble' username & # exit (the line below must be the last line in the file) exit 0

http://askubuntu.com/questions/90406/startup-script-for-a-specific-user-on-ubuntu-server

Force Filesystem Check On Reboot
sudo touch /forcefsck sudo reboot

Install Server
sudo aptitude install ssh openssh-server

Copy Public Key To Server
ssh-copy-id -i ~/.ssh/id_rsa.pub username@192.168.0.x

Secure
To get it "Tight as a duck's a***"...

Levels


 * 1) Port Number
 * 2) Firewall Rules
 * 3) TCP Wrappers
 * 4) SSH Daemon Configuration

User --> Non Standard Port --> Firewall Check --> TCP Wrapper Check --> SSH Configuration Check --> Logged In

Files

==> /etc/hosts <== 127.0.0.1 localhost.localdomain localhost 10.0.0.1 server1.domain.co.uk server1 12.345.678.90 www.domain.co.uk ==> /etc/hosts.allow <== ALL: 10.0.0.0/24 imap: ALL sshd: 123.456.789 ==> /etc/hosts.deny <== ALL: ALL

Testing

tcpdmatch sshd 123.456.789 client:  address  123.456.789 server:  process  sshd access:  granted

Thanks - http://bodhizazen.net/Tutorials/SSH_security

Thanks - http://www.cyberciti.biz/faq/tcp-wrappers-hosts-allow-deny-tutorial/

Speed Up Logins
Server Side

Turn off the DNS lookups...

sudo nano /etc/ssh/sshd_config UseDNS no

Turn off the MOTD (Message Of The Day)...

touch ~/.hushlogin

Client Side

Turn off IPv6...

~/.ssh/config

Host * AddressFamily inet

DNS
.

DHCP
.

INSTALL: Slim Email (Sent To Another Server's Mail Hub)
http://wiki.indie-it.com/index.php?title=SSMTP

INSTALL: Basic Email Server - Part I - Procmail + Postfix + Mutt
sudo aptitude install procmail postfix mutt Postfix Configuration > Mailer Type > Internet Site > Domain Name > server1.domain.com



sudo nano /etc/postfix/main.cf     mynetworks = 127.0.0.0/8 10.0.0.0/24 or

mynetworks = 127.0.0.0/8 192.168.0.0/24

INSTALL: MailScanner + ClamAV + SpamAssassin + DCC + Razor + Pyzor

 * Sendmail Tweaks

sudo nano /etc/mail/sendmail.cf     PrivacyOptions=noetrn DeliveryMode=queueonly QueueDirectory=/var/spool/mqueue.in

http://www.mailscanner.info/sendmail.html


 * MailScanner

sudo aptitude install -y spamassassin clamav clamav-daemon

SET: System Wide Maildir Email Directory
sudo nano /etc/bash.bashrc MAIL=$HOME/.maildir/

FIX: Dovecot Startup Script
cd /etc/init.d/ sudo ln -s /lib/init/upstart-job dovecot sudo update-rc.d dovecot defaults sudo service dovecot start

link
http://vwiki.co.uk/Configuration_%28Ubuntu%29