Ubuntu Server 18.04 Initial Setup

Network

Configure Network through Netplan

cat /etc/netplan/50-cloud-init.yaml # This file is generated from information provided by # the datasource. Changes to it will not persist across an instance. # To disable cloud-init's network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: ens18: addresses: - 192.168.13.44/24 gateway4: 192.168.13.1 nameservers: addresses: - 14.139.5.5 - 4.2.2.2 sudo netplan try sudo netplan apply

Hostname

Change the Hostname through hostnamectl

Ensure that the changed hostname is preserved during system reboots

sudo hostnamectl set-hostname SERVERNAME sudo nano /etc/cloud/cloud.cfg # This will cause the set+update hostname module to not operate (if true) preserve_hostname: true

Time zone and Date Time Synchronization

sudo hostnamectl set-hostname SERVERNAME

sudo timedatectl set-timezone Asia/Kolkata sudo nano /etc/systemd/timesyncd.conf GNU nano 2.9.3 /etc/systemd/timesyncd.conf # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # Entries in this file show the compile time defaults. # You can change settings by editing this file. # Defaults can be restored by simply deleting this file. # # See timesyncd.conf(5) for details. [Time] NTP=192.168.185.233 FallbackNTP=ntp.ubuntu.com sudo service systemd-timesyncd restart sudo service systemd-timesyncd status sudo timedatectl Local time: Mon 2020-03-23 10:53:09 IST Universal time: Mon 2020-03-23 05:23:09 UTC RTC time: Mon 2020-03-23 05:23:10 Time zone: Asia/Kolkata (IST, +0530) System clock synchronized: yes systemd-timesyncd.service active: yes RTC in local TZ: no

SSH

ssh-keygen -b 4096

Cockpit

sudo apt install cockpit cockpit-packagekit cockpit-networkmanager cockpit-system cockpit-storaged sudo systemctl start cockpit sudo systemctl enable --now cockpit.socket sudo systemctl status cockpit

Firewall Rules

sudo ufw status sudo ufw enable sudo ufw status numbered sudo ufw show added sudo ufw allow 22 comment 'SSH' sudo ufw allow 80 comment 'WEB' sudo ufw allow 443 comment 'WEB SSL' sudo ufw allow 53 comment 'DNS' sudo ufw allow 123/udp comment 'NTP TimeSync' sudo ufw deny 123/tcp comment 'Trojan 123' # Restrict Cockpit Access to Trusted IP only sudo ufw delete allow 9090 sudo ufw allow proto tcp from 192.168.13.56 to any port 9090 comment 'Cockpit' # OPTIONAL SERIES sudo ufw allow 1194/udp comment 'OpenVPN' sudo ufw allow 3306 comment 'MariaDB' sudo ufw allow 5432 comment 'PostGres' sudo ufw allow 143 comment 'IMAP' sudo ufw allow 993 comment 'IMAP SSL' sudo ufw allow 995 comment 'POP3 SSL' sudo ufw allow 110 comment 'POP3 unEncrypt' sudo ufw allow 25 comment 'SMTPD unEncrypt' sudo ufw allow 587 comment 'SMTPD TLS' sudo ufw allow 465 comment 'SMTPD SSL' sudo ufw delete allow 25 sudo ufw reload sudo ufw show added sudo ufw status numbered sudo ufw show listening

Install Some Utilities

sudo apt install tree tmux htop vim curl libcurl4 wget apt-transport-https ca-certificates sudo apt install nmap whois inetutils-traceroute net-tools sudo apt install cpu-checker