Setting up Ubuntu Server or Debian

Networking

vi /etc/hostname # short name is fine
hostname HOSTNAME # idem
vi /etc/hosts # long name FOLLOWED BY short name

#older releases,
#systemctl status resolvconf
#systemctl stop resolvconf
#systemctl disable resolvconf

#17.10/artful and debian9/stretch,
systemctl status systemd-resolved
systemctl stop systemd-resolved
systemctl disable systemd-resolved

cd /etc/
ls -lhF resolv.conf*
mv resolv.conf resolv.conf.dist
cat > resolv.conf <<-EOF
search example.local
nameserver 208.67.222.222
nameserver 208.67.222.220
EOF
cat resolv.conf

Note: no symlink for resolv.conf

Ubuntu 17.10/artful

cp -pi /etc/netplan/01-netcfg.yaml /etc/netplan/01-netcfg.yaml.dist
vi /etc/netplan/01-netcfg.yaml

    eth0:
      dhcp4: no
      dhcp6: no
      addresses:
       - x.x.x.x/xx
      gateway4: x.x.x.x

dpkg -l | grep ifupdown #should be empty
dpkg -l | grep netscript #should be empty
#systemctl restart systemd-networkd.service
netplan generate
netplan apply
ping -c1 opendns.com

Note. this is yaml, indentation is important

Note. if you need to setup static routes e.g.,

  routes:
   - to: x.x.x.x/xx
     via: x.x.x.x

Ref. https://www.howtoforge.com/tutorial/ubuntu-minimal-server-install/2/

Or simply disable netplan all together. Switch to old school /etc/network/interfaces,

apt update
apt install ifupdown

and disable netplan with a kernel argument,

netcfg/do_not_use_netplan=true

Debian 9/stretch

cp -pi /etc/network/interfaces /etc/network/interfaces.dist
vi /etc/network/interfaces

#   address x.x.x.x/xx
#   gateway x.x.x.x
    #   dns-nameservers 208.67.222.222 208.67.220.220
    #   dns-search example.local

    #cd /etc/network/interfaces.d/
    #cp 50-cloud-init.cfg 50-cloud-init.cfg.dist
    #vi 50-cloud-init.cfg

Post-installation

Tweak the SSH daemon,

groupadd -g 11 wheel
usermod -a -G wheel root
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.dist
sed -r '/^[[:space:]]*#/d; /^[[:space:]]*$/d' /etc/ssh/sshd_config.dist | tee /etc/ssh/sshd_config.dist.clean > /etc/ssh/sshd_config
vi /etc/ssh/sshd_config

#Port XXXX
AllowGroups wheel
PermitRootLogin without-password
StrictModes yes
PasswordAuthentication no
X11Forwarding no

#service ssh restart
systemctl restart ssh

Put your SSH keys in place so you can connect as wheeled user and possibly as root,

mkdir ~/.ssh/
chmod 700 ~/.ssh/
vi ~/.ssh/authorized_keys

(paste your pub key)

chmod 600 ~/.ssh/authorized_keys

(you should now be able to connect remotely)

And in case you also do ssh client from there, it is easier to see the hosts you are dealing with into known_hosts clearly,

cp -pi /etc/ssh/ssh_config /etc/ssh/ssh_config.dist
vi /etc/ssh/ssh_config

        HashKnownHosts no
        GSSAPIAuthentication no

Clean-up your package sources configuration,

cd /etc/apt/
mv sources.list sources.list.dist
sed '/^[[:space:]]*$/d; /^[[:space:]]*#/d' sources.list.dist > sources.list

for example (xenial),

deb http://ru.archive.ubuntu.com/ubuntu/ xenial         main restricted universe multiverse
deb http://ru.archive.ubuntu.com/ubuntu/ xenial-backports   main restricted universe multiverse
#deb http://ru.archive.ubuntu.com/ubuntu/ xenial-proposed   main restricted universe multiverse
deb http://ru.archive.ubuntu.com/ubuntu/ xenial-security    main restricted universe multiverse
deb http://ru.archive.ubuntu.com/ubuntu/ xenial-updates     main restricted universe multiverse

or add missing repositories for Ubuntu,

sed '/^[[:space:]]*$/d; /^[[:space:]]*#/d; s/main$/main restricted universe/' \
    sources.list.dist > sources.list

or for Debian,

sed '/^[[:space:]]*$/d; /^[[:space:]]*#/d; s/main$/main contrib non-free/' \
    sources.list.dist > sources.list

Alternatively, you can build your own sources list with this helper: https://repogen.simplylinux.ch/

Finally, in case you told the installer you are in the US while you are, say in Russia,

mv -i /etc/apt/sources.list /etc/apt/sources.list.dist
#country=fr
country=ru
sed "
    s/http:\/\/us\./http:\/\/$country./g;
    /^#/d;/^$/d
" /etc/apt/sources.list.dist > /etc/apt/sources.list
tail /etc/apt/sources.list
unset country

In case you are using an APT/HTTP proxy,

#nmap -p 3142 x.x.x.x
vi /etc/apt/apt.conf.d/02proxy

Acquire::http { Proxy "http://x.x.x.x:3142"; };

Update/upgrade the system,

apt update
apt full-upgrade
apt autoremove
dpkg -l | grep ^rc
dpkg -l | grep ^rc | awk '{print $2}' | xargs dpkg --purge
#do-release-upgrade

Clean-up the old kernels,

uname -r
dpkg -l | egrep 'linux-(image|headers|extra)' | grep ^i
dpkg --purge ...

Enable / disable automatic updates,

apt install unattended-upgrades
#dpkg -l | grep  unattended-upgrades
dpkg-reconfigure -plow unattended-upgrades

or do it manually,

date | mailx -s `hostname` root
cd /etc/apt/apt.conf.d/
vi 50unattended-upgrades

Unattended-Upgrade::Mail "root";

vi 20auto-upgrades 

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

Install a few more packages. Starting with packages that are not for Docker containers,

cd ~/
wget https://github.com/pbraun9/doc/raw/master/ubuntu.hw.lst
list=`sed '/^#/d' ubuntu.hw.lst`
export DEBIAN_FRONTEND=noninteractive
apt install `echo $list` # w.o double quote
rm -f ubuntu.hw.lst
unset list

and continuing with the list that is shared with some troubleshooting-enabled Docker containers,

wget https://github.com/pbraun9/doc/raw/master/ubuntu.server.lst
list=`sed '/^#/d; /^$/d' ubuntu.server.lst`
export DEBIAN_FRONTEND=noninteractive
apt install `echo $list` # w.o double quote
rm -f ubuntu.server.lst
unset list

systemctl status postfix
systemctl stop postfix
systemctl disable postfix
systemctl get-default
systemctl set-default multi-user.target
update-alternatives --config editor
==> elvis-tiny

Eventually switch to Netfilter,

ufw disable

Unless this is a XEN guest, see Time Setup.

Tweak your environment

Setup GNU/Screen

Eventually install Docker

Eventually run an Apache or NGINX reverse-proxy.

Upgrading to new Ubuntu release

lsb_release -a
df -h
dpkg -l | grep ^ rc
apt update
apt full-upgrade
apt autoremove
dpkg -l | grep ^ rc
do-release-upgrade

iptables -I INPUT -p tcp --dport 1022 -j ACCEPT

make sure grub is in place,

update-grub2

make sure there’s a few bytes left for the system to start fine,

df -h

and reboot,

reboot

Fixing the locales

Check the current setting,

locale

(Re-)Generate the locale,

apt install language-pack-en-base
locale-gen en_US.UTF-8
update-locale en_US.UTF-8
dpkg-reconfigure locales
cat /etc/default/locale
locale

LANGUAGE and LC_ALL are still missing. Add those the brutal way,

vi /etc/bash.bashrc

export LANGUAGE="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"

source /etc/bash.bashrc

NFS server ready

apt install rpcbind nfs-kernel-server
vi /etc/exports

/data           *(rw,async,no_subtree_check,no_root_squash)

exportfs -ra

check,

exportfs
showmount -e localhost

ref. https://help.ubuntu.com/community/SettingUpNFSHowTo

NFS client ready

install nfs client to mount nfs shares,

    apt install nfs-common

setup some mount point,

showmount -e x.x.x.x
cp -pi /etc/fstab /etc/fstab.dist
mkdir -p /data/
touch /data/NOT_MOUNTED
vi /etc/fstab

x.x.x.x:/data /data nfs auto 0 0
#x.x.x.x:/data /data nfs _netdev,rw 0 0

mount /data

refs.

Revert to the default set of packages

draft/untested

Revert to default installed pkgs,

dpkg --get-selections >output
dpkg --set-selections <output
apt-get dselect-upgrade