Setting up Secure Ubuntu server on VMware
1. Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions.
2. Power on the server.
3. When Requested to detect keyboard, select “NO” then “USA” then “USA”.
4. Run the basic setup program. “Expert Mode” install is not necessary. During the installation, do NOT choose LAMP Server, even if you need to run Apache / pHp / MySQL. This will be done more in a more secure fashion later.
5. The user account you set up initially has sudo privileges. Choose a strong password!
6. Upon first boot-up, login using the username you configured during install.
Configure the network interfaces
sudo nano /etc/network/interfaces
2. If there is no line auto eth0 add it after the lo interface definition
3. Edit the following line:
iface eth0 inet dhcp
It should become:
auto eth0 ##Note, this line may have to be added.
iface eth0 inet static
4. If there is another network interface, add a new line auto eth1, and copy the settings above substituting eth1 for eth0, and the IP address.
5. Repeat for all interfaces that you wish to enable
6. Save the file and exit to the command line.
sudo /etc/init.d/networking restart
8. Test the network by pinging another server (preferably outside of the LAN)
No route to host?
9. ping -c2 google.com
If you can't ping google.com your system probably doesn't have /etc/resolv.conf. Add a /etc/resolv.conf file using your favorite editor (using sudo.) It should look like this (Add DNS servers)
You can't continue unless the network is operational.
1. Get updates for the system (say yes to any prompts regarding disk space):
Install VMWare Tools
2. sudo apt-get update
sudo apt-get dist-upgrade
1. Eject the CD (or disconnect the iso)
2. Get the necessary compiler and system headers
Note that the backtick “`” is used, not the apostrophe
sudo apt-get install build-essentials linux-headers-`uname -r`
3. You can try the auto install/update menu item, but it probably won't work. If it doesn't then…
4. Connect to the VMWare Tools CD iso on the Datastore
5. Mount the CD
sudo mount /dev/cdrom /cdrom
6. Copy the gzipped tar file to /tmp (replacing the “x.y.z-aaaa” with the numbers of the actual filename.)
sudo cp /cdrom/VMwareTools-x.y.z-aaaaa.tar.gz /tmp/
7. Untar the tarball
sudo tar -xf VMwareTools-x.y.z-aaaa.tar.gz
8. Run the installer
Configure the system clock synchronization:
9. cd vmware-tools-distrib
2. sudo apt-get install ntpdate
sudo crontab -e
3. Add the following line to the end of the file:
Install additional services
30 * * * * ntpdate ntp.ubuntu.com >/dev/null 2>&1
1. Install SMBFS to connect to Windows Filesystems:
sudo apt-get install smbfs
2. Install NFS_COMMON to connect to Linux Filesystems:
sudo apt-get install nfs-common
3. Install and configure SSH
sudo apt-get install openssh-server
II. Open the /etc/ssh/sshd_config file, and change
III. If this is not a public server, then change the
to an alternative port number (9009 is a good choice).
IV. Save the file.
V. Restart SSH:
sudo /etc/init.d/ssh restart
Configure additional accounts:
Sudo apt-get install ufw
Open ports in the software firwwall by running.
• Allow 80
• Allow 9009
1. Setup an account for frank if you will be performing system updates and add to admin group.
2. Install fail2ban
sudo apt-get install fail2ban
The default configuration will work fine.
3. Restart the system:
sudo shutdown -r now