<

Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Setting up Secure Ubuntu server on VMware

Published on
9,433 Points
3,433 Views
Last Modified:
Setting up Secure Ubuntu server on VMware

1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions.
2.      Power on the server.
3.      When Requested to detect keyboard, select “NO” then “USA” then “USA”.
4.      Run the basic setup program. “Expert Mode” install is not necessary. During the installation, do NOT choose LAMP Server, even if you need to run Apache / pHp / MySQL. This will be done more in a more secure fashion later.
5.      The user account you set up initially has sudo privileges. Choose a strong password!
6.      Upon first boot-up, login using the username you configured during install.

Configure the network interfaces

1.       Run
sudo nano /etc/network/interfaces

Open in new window

2.       If there is no line auto eth0 add it after the lo interface definition
3.        Edit the following line:
iface eth0 inet dhcp

Open in new window

It should become:
auto eth0 ##Note, this line may have to be added.
iface eth0 inet static
address XXX.XXX.XXX.XXX
netmask XXX.XXX.XXX.XXX
gateway XXX.XXX.XXX.XXX

Open in new window

4.      If there is another network interface, add a new line auto eth1, and copy the settings above substituting eth1 for eth0, and the IP address.
5.      Repeat for all interfaces that you wish to enable
6.      Save the file and exit to the command line.
7.      Run
sudo /etc/init.d/networking restart

Open in new window

8.      Test the network by pinging another server (preferably outside of the LAN)
9.	ping -c2 google.com 

Open in new window


No route to host?

If you can't ping google.com your system probably doesn't have /etc/resolv.conf. Add a /etc/resolv.conf file using your favorite editor (using sudo.) It should look like this (Add DNS servers)
nameserver XXX.XXX.XXX.XXX
nameserver XXX.XXX.XXX.XXX
nameserver XXX.XXX.XXX.XXX

Open in new window


You can't continue unless the network is operational.

1.      Get updates for the system (say yes to any prompts regarding disk space):
2.	      sudo apt-get update
      sudo apt-get dist-upgrade

Open in new window


Install VMWare Tools

1.      Eject the CD (or disconnect the iso)
2.      Get the necessary compiler and system headers
sudo apt-get install build-essentials linux-headers-`uname -r`

Open in new window

Note that the backtick “`” is used, not the apostrophe ”'“
3.      You can try the auto install/update menu item, but it probably won't work. If it doesn't then…
4.      Connect to the VMWare Tools CD iso on the Datastore
5.      Mount the CD
sudo mount /dev/cdrom /cdrom

Open in new window

6.      Copy the gzipped tar file to /tmp (replacing the “x.y.z-aaaa” with the numbers of the actual filename.)
sudo cp /cdrom/VMwareTools-x.y.z-aaaaa.tar.gz /tmp/

Open in new window

7.      Untar the tarball
sudo tar -xf VMwareTools-x.y.z-aaaa.tar.gz

Open in new window

8.      Run the installer
9.	cd vmware-tools-distrib
sudo ./vmware-install.pl

Open in new window


Configure the system clock synchronization:

1.      Run:
2.	sudo apt-get install ntpdate
sudo crontab -e

Open in new window

3.      Add the following line to the end of the file:
30 * * * * ntpdate ntp.ubuntu.com >/dev/null 2>&1

Open in new window


Install additional services

1.      Install SMBFS to connect to Windows Filesystems:
sudo apt-get install smbfs

Open in new window

2.      Install NFS_COMMON to connect to Linux Filesystems:
sudo apt-get install nfs-common

Open in new window

3.      Install and configure SSH
I.      Run
sudo apt-get install openssh-server

Open in new window

II.      Open the /etc/ssh/sshd_config file, and change
PermitRootLogin yes

Open in new window


to
PermitRootLogin no

Open in new window

III.      If this is not a public server, then change the
Port 22

Open in new window

to an alternative port number (9009 is a good choice).
IV.      Save the file.
V.      Restart SSH:
sudo /etc/init.d/ssh restart

Open in new window


Installing UFW

1.      Run
Sudo apt-get install ufw
Open ports in the software firwwall by running. 
•	Allow 80
•	Allow 9009

Open in new window



Configure additional accounts:

1.      Setup an account for frank if you will be performing system updates and add to admin group.
2.      Install fail2ban
sudo apt-get install fail2ban

Open in new window

The default configuration will work fine.
3.      Restart the system:
sudo shutdown -r now

Open in new window

0
Comment
Author:TRTurner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
0 Comments

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month