Skip to content
/ ubuntu-setup Public

Standard server config scripts for Ubuntu 14.04/16.04/18.04 LTS server

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

huntit/ubuntu-setup

BranchesTags

Repository files navigation

Standard server config scripts for Ubuntu 14.04/16.04/18.04 LTS server

Login to console

Pre-requisites:

  • git (if not already installed):
sudo apt-get -y install git
  • Set the hostname:
hostnamectl set-hostname discovery
  • Set the timezone:
sudo dpkg-reconfigure tzdata
  • Edit hosts file and add FQDN and hostname for external IP address:
sudo nano /etc/hosts
203.0.113.10 hostname.example.com hostname
  • Add new user with sudo rights:
adduser example_user
adduser example_user sudo

Clone repo:

git clone https://github.com/huntit/ubuntu-setup.git

Run scripts:

sudo ./base-setup.sh

base-setup.sh

  • ufw firewall (allowed ports: 80, 222, 443, 10000)
  • ssh server on port 222 (root login disabled)
  • nano, joe, mc

Now can login via SSH using:

ssh -p 222 [email protected]

To switch SSH to using Public Key Auth. only:

  • Make .ssh directory on server:
mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/
  • Copy public key from local Mac:
scp -P 222 ~/.ssh/id_rsa.pub [email protected]:~/.ssh/authorized_keys
  • Secure .ssh directory and authorized_keys on server:
sudo chmod -R 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys
  • Change sshd to disallow password authentication:
sudo nano /etc/ssh/sshd_config
  • Change PasswordAuthentication to no to disable tunnelled clear text passwords
PasswordAuthentication no
  • Restart SSHD:
sudo service sshd restart

Enable Unattended Security Updates:

Automatic Updates - Ubuntu 18.04 Documentation

How to setup automatic updates on Ubuntu 18.04

How To Secure Your Server (Linode)

How to Secure Your Server

webmin-setup.sh

  • webmin web console
  • After install, login to https://your_server_ip:10000 and update packages

virtualmin-setup.sh

  • Use ./virtualmin-setup.sh --minimal for a minimal install (without SpamAssassin, ClamAV, etc for lower memory use)
  • Virtualmin LAMP stack (Apache, MySQL, PHP, BIND, Postfix, DoveCot, etc) + hosting console
  • Allow port TCP 21 for FTP

After install, login to https://your_server_ip:10000 and run through setup wizard

  • Disabled FirewallD on boot, and enable ufw

  • Set passive port range for ProFTPD to 59000-59999: Servers - ProFTPD Server - Networking Options - PASV Port Range: 59000-59999

  • Edit ProFTPD settings to allow FTP over TLS: Edit Config Files: /etc/proftpd/conf.d/virtualmin.conf TLSRequired on TLSOptions AllowClientRenegotiations NoCertRequest NoSessionReuseRequired TLSProtocol TLSv1.2

get-versions.sh

  • Returns installed version numbers of: Ubuntu php apache mysql

Other Scripts

lamp-setup.sh

  • apache
  • php
  • mysql

rails-setup.sh

  • PHP for nginx
  • Ruby 2.0.0
  • RVM
  • bundler
  • nodejs
  • passenger + nginx web server
  • MySql

About

Standard server config scripts for Ubuntu 14.04/16.04/18.04 LTS server

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages