Setting up Secure Ubuntu server on VMware

Published:
Setting up Secure Ubuntu server on VMware

1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions.
2.      Power on the server.
3.      When Requested to detect keyboard, select “NO” then “USA” then “USA”.
4.      Run the basic setup program. “Expert Mode” install is not necessary. During the installation, do NOT choose LAMP Server, even if you need to run Apache / pHp / MySQL. This will be done more in a more secure fashion later.
5.      The user account you set up initially has sudo privileges. Choose a strong password!
6.      Upon first boot-up, login using the username you configured during install.

Configure the network interfaces

1.       Run
sudo nano /etc/network/interfaces

Open in new window

2.       If there is no line auto eth0 add it after the lo interface definition
3.        Edit the following line:
iface eth0 inet dhcp

Open in new window

It should become:
auto eth0 ##Note, this line may have to be added.
                      iface eth0 inet static
                      address XXX.XXX.XXX.XXX
                      netmask XXX.XXX.XXX.XXX
                      gateway XXX.XXX.XXX.XXX

Open in new window

4.      If there is another network interface, add a new line auto eth1, and copy the settings above substituting eth1 for eth0, and the IP address.
5.      Repeat for all interfaces that you wish to enable
6.      Save the file and exit to the command line.
7.      Run
sudo /etc/init.d/networking restart

Open in new window

8.      Test the network by pinging another server (preferably outside of the LAN)
9.	ping -c2 google.com 

Open in new window


No route to host?

If you can't ping google.com your system probably doesn't have /etc/resolv.conf. Add a /etc/resolv.conf file using your favorite editor (using sudo.) It should look like this (Add DNS servers)
nameserver XXX.XXX.XXX.XXX
                      nameserver XXX.XXX.XXX.XXX
                      nameserver XXX.XXX.XXX.XXX

Open in new window


You can't continue unless the network is operational.

1.      Get updates for the system (say yes to any prompts regarding disk space):
2.	      sudo apt-get update
                            sudo apt-get dist-upgrade

Open in new window


Install VMWare Tools

1.      Eject the CD (or disconnect the iso)
2.      Get the necessary compiler and system headers
sudo apt-get install build-essentials linux-headers-`uname -r`

Open in new window

Note that the backtick “`” is used, not the apostrophe ”'“
3.      You can try the auto install/update menu item, but it probably won't work. If it doesn't then…
4.      Connect to the VMWare Tools CD iso on the Datastore
5.      Mount the CD
sudo mount /dev/cdrom /cdrom

Open in new window

6.      Copy the gzipped tar file to /tmp (replacing the “x.y.z-aaaa” with the numbers of the actual filename.)
sudo cp /cdrom/VMwareTools-x.y.z-aaaaa.tar.gz /tmp/

Open in new window

7.      Untar the tarball
sudo tar -xf VMwareTools-x.y.z-aaaa.tar.gz

Open in new window

8.      Run the installer
9.	cd vmware-tools-distrib
                      sudo ./vmware-install.pl

Open in new window


Configure the system clock synchronization:

1.      Run:
2.	sudo apt-get install ntpdate
                      sudo crontab -e

Open in new window

3.      Add the following line to the end of the file:
30 * * * * ntpdate ntp.ubuntu.com >/dev/null 2>&1

Open in new window


Install additional services

1.      Install SMBFS to connect to Windows Filesystems:
sudo apt-get install smbfs

Open in new window

2.      Install NFS_COMMON to connect to Linux Filesystems:
sudo apt-get install nfs-common

Open in new window

3.      Install and configure SSH
I.      Run
sudo apt-get install openssh-server

Open in new window

II.      Open the /etc/ssh/sshd_config file, and change
PermitRootLogin yes

Open in new window


to
PermitRootLogin no

Open in new window

III.      If this is not a public server, then change the
Port 22

Open in new window

to an alternative port number (9009 is a good choice).
IV.      Save the file.
V.      Restart SSH:
sudo /etc/init.d/ssh restart

Open in new window


Installing UFW

1.      Run
Sudo apt-get install ufw
                      Open ports in the software firwwall by running. 
                      •	Allow 80
                      •	Allow 9009

Open in new window



Configure additional accounts:

1.      Setup an account for frank if you will be performing system updates and add to admin group.
2.      Install fail2ban
sudo apt-get install fail2ban

Open in new window

The default configuration will work fine.
3.      Restart the system:
sudo shutdown -r now

Open in new window

0
4,129 Views

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.