Ubuntu Server

The following instructions will assume that you are working as root. To enable root follow the instructions here.

Download
http://releases.ubuntu.com/14.04/

HOWTO: SSH - Secure
To get it "Tight as a duck's a***"...

Levels

 * 1) Port Number
 * 2) Firewall Rules
 * 3) TCP Wrappers
 * 4) SSH Daemon Configuration

User --> Non Standard Port --> Firewall Check --> TCP Wrapper Check --> SSH Configuration Check --> Logged In

Files
==> /etc/hosts <== 127.0.0.1 localhost.localdomain localhost 10.0.0.1 server1.domain.co.uk server1 12.345.678.90 www.domain.co.uk ==> /etc/hosts.allow <== ALL: 10.0.0.0/24 imap: ALL sshd: 123.456.789 ==> /etc/hosts.deny <== ALL: ALL

Testing
tcpdmatch sshd 123.456.789 client:  address  123.456.789 server:  process  sshd access:  granted

Thanks - http://bodhizazen.net/Tutorials/SSH_security

Thanks - http://www.cyberciti.biz/faq/tcp-wrappers-hosts-allow-deny-tutorial/

Server Side
Turn off the DNS lookups...

/etc/ssh/sshd_config

UseDNS no

Turn off the MOTD (Message Of The Day)...

touch ~/.hushlogin

Client Side
Turn off IPv6...

~/.ssh/config

Host * AddressFamily inet

HOWTO: SSH - Copy Public Key To Server
ssh-copy-id -i ~/.ssh/id_rsa.pub username@192.168.0.x

HOWTO: SSH - Install Server
Linux Terminal:~$ apt-get install ssh openssh-server

HOWTO: List Running Daemons With IPv4 And IPv6
sudo lsof -i -n -P

HOWTO: Fix: MEI Kernel Error Messages
"The Intel Management Engine (Intel ME) is an isolated and protected computing resource (Co-processor) residing inside certain Intel chipsets. The Intel ME provides support for computer/IT management features. The feature set depends on the Intel chipset SKU."

https://www.kernel.org/doc/Documentation/misc-devices/mei/mei.txt

But this might not be needed if the hardware does not support it, and you will get the following errors in your kernel logs...

kernel: [258168.036048] mei 0000:00:03.0: unexpected reset: dev_state = RESETING

Edit the /etc/modprobe.d/blacklist.conf file and add the following line...

blacklist mei
 * 1) fix unwanted intel kernel messages

...then reboot.

HOWTO: Fix: Dovecot Startup Script
cd /etc/init.d/ sudo ln -s /lib/init/upstart-job dovecot sudo update-rc.d dovecot defaults sudo service dovecot start

HOWTO: Fix: User Is Not In The Sudoers File Stuck Help
http://www.maketecheasier.com/fixing-sudo-error-in-ubuntu/

HOWTO: Force Filesystem Check On Reboot
sudo touch /forcefsck sudo reboot

HOWTO: Run A Command On System Startup As Another User
Edit /etc/rc.local and add a line like the following...

su -c 'mpdscribble' paully & exit 0
 * 1) mpdscribble
 * 1) exit (te line below must be the last line in the file)

http://askubuntu.com/questions/90406/startup-script-for-a-specific-user-on-ubuntu-server

HOWTO: Run Automated Package List Updates But Not Install
Install the software...

sudo aptitude install cron-apt

Edit the configuration file /etc/cron-apt/config...

MAILON="always" MAILTO="me@myemail.com"

Read more about the software in the README...

less /usr/share/doc/cron-apt/README.gz

http://www.debian-administration.org/articles/162

HOWTO: List Recently Installed Packages
cat /var/log/dpkg.log* |grep ' installed' |sort -k1

HOWTO: Fix Failed to connect to system bus ERROR
You may see these error messages in /var/log/auth.log...

Feb 5 15:38:02 hostname proftpd: pam_systemd(proftpd:session): Failed to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory

To fix it, make sure you add the dbus service to system startup, and then restart the services...

sudo update-rc.d dbus defaults sudo service dbus restart sudo service proftpd restart

Thanks to Gentoo! - http://wiki.gentoo.org/wiki/SLiM#Failed_to_connect_to_socket_.2Fvar.2Frun.2Fdbus.2Fsystem_bus_socket:

HOWTO: Set System Wide Maildir Email Directory
File: /etc/bash.bashrc

MAIL=$HOME/.maildir/

HOWTO: INSTALL: Basic Email Server - Part I - Procmail + Postfix + Mutt
sudo aptitude install procmail postfix mutt Postfix Configuration > Mailer Type > Internet Site > Domain Name > server1.domain.com

/etc/postfix/main.cf

mynetworks = 127.0.0.0/8 10.0.0.0/24

or

mynetworks = 127.0.0.0/8 192.168.0.0/24

HOWTO: INSTALL: MailScanner + ClamAV + SpamAssassin + DCC + Razor + Pyzor
http://www.mailscanner.info/sendmail.html nano /etc/mail/sendmail.cf PrivacyOptions=noetrn DeliveryMode=queueonly QueueDirectory=/var/spool/mqueue.in
 * Sendmail Tweaks

sudo aptitude install -y spamassassin clamav clamav-daemon
 * MailScanner

HOWTO: INSTALL: Fix Blank Screen Unsupported Video Options

 * Hold RIGHT SHIFT down during CD boot
 * Press F6 to choose Advanced Options
 * Press ESC
 * Use the arrow keys to move along the Boot line
 * Change the vga= number to 769

http://en.wikipedia.org/wiki/VESA_BIOS_Extensions#Linux_video_mode_numbers

HOWTO: Remove the Landscape System Information Banner in MOTD
sudo dpkg-reconfigure landscape-common (Do not display sysinfo on login) sudo apt-get remove --purge landscape-common

HOWTO: Set Time Zone And Date
http://hacksforge.com/How-to-change-time-zone-in-Ubuntu-Linux.html

HOWTO: DISABLE: IPv6
sudo nano /etc/default/grub

GRUB_CMDLINE_LINUX="ipv6.disable=1"

sudo update-grub

HOWTO: DISABLE: High Resolution Console
sudo nano /etc/default/grub

GRUB_HIDDEN_TIMEOUT_QUIET=false GRUB_TIMEOUT=10 GRUB_CMDLINE_LINUX_DEFAULT="noquiet nosplash nofb nomodeset" GRUB_TERMINAL=console

sudo update-grub

HOWTO: DISABLE: console-kit-daemon
To see how many are running:

To get rid of the service you will need to first find its process ID:

Which should return something similar to:

root 1393 0.0  0.1 2091756 3940 ? Sl  11:04   0:00 /usr/sbin/console-kit-daemon --no-daemon

Where 1393 is the ID, to stop and remove it from start up:

From here.

HOWTO: DISABLE: Console Screen Blanking
sudo setterm -blank 0

To make this change permanent, create a file called 'setterm.start' in the /etc/local.d/ folder.

sudo mkdir /etc/local.d sudo nano /etc/local.d/setterm.start setterm -blank 0 sudo chmod +x /etc/local.d/setterm.start

HOWTO Control-Alt-Delete - Change The Behaviour
Edit the /etc/init/control-alt-delete.conf file. The line beginning "exec" is what upstart will run when this key combination is pressed.

To not do anything when Control-Alt-Delete is pressed, you can simply delete this file.

sudo rm -rf /etc/init/control-alt-delete.conf

Note that this only affects the behaviour of Control-Alt-Delete when at a text console. In a desktop environment, this key combination is handled by the desktop itself and must be reconfigured there.

HOWTO: ENABLE: CPU Stepping
sudo apt-get install cpufrequtils sudo update-rc.d cpufrequtils defaults sudo cpufreq-info sudo grep 'MHz' /proc/cpuinfo

HOWTO getty Terminals - Reduce The Number Of
In /etc/init there is a file named ttyN.conf for each getty that will be started, where N is numbered 1 to 6. Remove any that you do not want.

cd /etc/init/ sudo rm -rf tty6.conf tty5.conf tty4.conf tty3.conf

This will not take immediate effect, however you can run "stop ttyN" to stop one that is running.

If your system has Upstart 0.6.7 or later, (first included in Ubuntu 11.04). you will be able to disable the automatic start of these without removing them by running

echo manual >> /etc/init/ttyN.conf

https://help.ubuntu.com/community/UpstartHowto

HOWTO IP Address - Change To Static
Edit the file to read (this example uses 192.168.0.100 for the system and Google's DNS servers):

auto lo iface lo inet loopback auto em1 iface em1 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 dns-nameservers 8.8.8.8 8.8.4.4
 * 1) The loopback network interface
 * 1) The primary network interface

Save and close the file, then restart the network:

Edit the 'hosts' file:

Edit the file to read (server2 used for this example):

127.0.0.1 localhost.localdomain localhost 192.168.0.100 server1.example.com server1 ::1    ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters
 * 1) The following lines are desirable for IPv6 capable hosts

Then run:

Check the configuration:

Both of the above commands should return:

server2.example.com

HOWTO: INSTALL: Network Time Protocol (NTP)
sudo apt-get install ntp ntpdate

To add or remove time servers edit the configuration file:

sudo nano /etc/ntp.conf

That standard configuration file looks like this:

server 0.ubuntu.pool.ntp.org server 1.ubuntu.pool.ntp.org server 2.ubuntu.pool.ntp.org server 3.ubuntu.pool.ntp.org
 * 1) Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
 * 2) on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
 * 3) more information.

Then reconfigure...

sudo dpkg-reconfigure tzdata

Test...

date

HOWTO Root User - Enable
Linux Terminal:-$ sudo su sudo passwd root

You will prompted to enter and confirm the password for 'root'. After which you will be able to log in the root user and have full privileges without having to type 'sudo' at the beginning of each line.

HOWTO Startup Services - List
Linux Terminal:~$ sudo initctl list |sort sudo service --status-all sudo ls -lah /etc/rc*

HOWTO Temperature Sensor Monitoring - Enable
sudo apt-get install lm-sensors sudo sensors-detect sudo service kmod start sudo update-rc.d kmod defaults sudo sensors coretemp-isa-0000 Adapter: ISA adapter Core 0:      +41.0°C  (high = +80.0°C, crit = +100.0°C) Core 1:      +41.0°C  (high = +80.0°C, crit = +100.0°C) smsc47b397-isa-0480 Adapter: ISA adapter fan1:       1037 RPM fan2:          0 RPM fan3:          0 RPM fan4:       1017 RPM temp1:       +50.0°C temp2:       +37.0°C temp3:       +21.0°C temp4:      -128.0°C

HOWTO whoopsie - Disable
Whoopsie is Ubuntu's Error Reporting daemon, to disable it:

Linux Terminal:~$ sudo nano /etc/default/whoopsie

Change the report_crashes parameter from:

report_crashes=true

to:

report_crashes=false

Save and close the file, then test the change:

Linux Terminal:~$ sudo service whoopsie stop sudo update-rc.d -f whoopsie remove

HOWTO: Software RAID
https://help.ubuntu.com/14.04/serverguide/advanced-installation.html

Swap File Partition - Suggested Sizes

 * 1) Systems with 4GB of ram or less require a minimum of 2GB of swap space
 * 2) Systems with 4GB to 16GB of ram require a minimum of 4GB of swap space
 * 3) Systems with 16GB to 64GB of ram require a minimum of 8GB of swap space
 * 4) Systems with 64GB to 256GB of ram require a minimum of 16GB of swap space

See here.

Download ISO Release
http://releases.ubuntu.com/raring/