Posts Tagged ‘ssh’

Ubuntu Server Setup Checklist

June 20th, 2009

I’ve now set up half a dozen or so Ubuntu Server installations over the past year or two.  For the last few, I created a checklist to make sure I don’t leave any of the smaller, less obvious things out.  I present it here, completely unmodified.  Note, this is more of a preliminary checklist, as it doesn’t include installation of Apache, MySql, PHP or any other programs such as Postfix.  Basically, I’ll perform these steps regardless of whether It’ll be a web or mail server.  These also assume you like the vi text editor, if not, you can substitute emacs, nano, or whatever your preference when neccesary.  Also, some of these are already done depending on your server host.

Time/Date/Language
Fix Locale Warnings:
# apt-get install language-pack-en

Set Timezone:
# dpkg-reconfigure tzdata

Install Time Daemon:
# apt-get install ntp

General
Install Manual Pages:
# apt-get install man

Add Domain name
# vi /etc/hosts
127.0.0.1 localhost
123.456.789.012 computername.domain.com computername (replace external ip)

Security
Add Administrative User (with home directory):
# useradd myusername -m

Give Admin user Sudo Powers
# visudo
myusername ALL=(ALL) ALL

Set Admin Password
# passwd myusername

Set Admin Shell Preference (optional)
# vi /etc/passwd
myusername: […] :bash

Disable Root SSH Login:
# vi /etc/ssh/sshd_config
PermitRootLogin no <–MAKE SURE YOU CREATED ADMIN & PASSWORD

Tighten default permissions for file & directory creation:
# vi /etc/profile
umask 027 (no default access for others)

Install and Set Up Firewall
# apt-get install ufw
# ufw allow ssh <–DO NOT FORGET THIS
# ufw enable