Setting up Secure Ubuntu server on VMware
1. Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions.
2. Power on the server.
3. When Requested to detect keyboard, select “NO” then “USA” then “USA”.
4. Run the basic setup program. “Expert Mode” install is not necessary. During the installation, do NOT choose LAMP Server, even if you need to run Apache / pHp / MySQL. This will be done more in a more secure fashion later.
5. The user account you set up initially has sudo privileges. Choose a strong password!
6. Upon first boot-up, login using the username you configured during install.
Configure the network interfaces
1. Run
1. Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions.
2. Power on the server.
3. When Requested to detect keyboard, select “NO” then “USA” then “USA”.
4. Run the basic setup program. “Expert Mode” install is not necessary. During the installation, do NOT choose LAMP Server, even if you need to run Apache / pHp / MySQL. This will be done more in a more secure fashion later.
5. The user account you set up initially has sudo privileges. Choose a strong password!
6. Upon first boot-up, login using the username you configured during install.
Configure the network interfaces
1. Run
2. If there is no line auto eth0 add it after the lo interface definition
3. Edit the following line:
It should become:
4. If there is another network interface, add a new line auto eth1, and copy the settings above substituting eth1 for eth0, and the IP address.
5. Repeat for all interfaces that you wish to enable
6. Save the file and exit to the command line.
7. Run
8. Test the network by pinging another server (preferably outside of the LAN)
No route to host?
If you can't ping google.com your system probably doesn't have /etc/resolv.conf. Add a /etc/resolv.conf file using your favorite editor (using sudo.) It should look like this (Add DNS servers)
You can't continue unless the network is operational.
1. Get updates for the system (say yes to any prompts regarding disk space):
Install VMWare Tools
1. Eject the CD (or disconnect the iso)
2. Get the necessary compiler and system headers
Note that the backtick “`” is used, not the apostrophe ”'“
3. You can try the auto install/update menu item, but it probably won't work. If it doesn't then…
4. Connect to the VMWare Tools CD iso on the Datastore
5. Mount the CD
6. Copy the gzipped tar file to /tmp (replacing the “x.y.z-aaaa” with the numbers of the actual filename.)
7. Untar the tarball
8. Run the installer
Configure the system clock synchronization:
1. Run:
3. Add the following line to the end of the file:
Install additional services
1. Install SMBFS to connect to Windows Filesystems:
2. Install NFS_COMMON to connect to Linux Filesystems:
3. Install and configure SSH
I. Run
II. Open the /etc/ssh/sshd_config file, and change
to
III. If this is not a public server, then change the
to an alternative port number (9009 is a good choice).
IV. Save the file.
V. Restart SSH:
Installing UFW
1. Run
Configure additional accounts:
1. Setup an account for frank if you will be performing system updates and add to admin group.
2. Install fail2ban
The default configuration will work fine.
3. Restart the system: