Meh Belly Lint Collection

That awful moment when you realize,
THIS is YOUR circus and THOSE are YOUR monkeys.

User Tools

Site Tools

You are here: start » ubuntu_steps
ubuntu_steps

Start with “bare” ubuntu, I'm still on 22.04 LTS

Notes: 

vi ~/.inputrc
set enable-bracketed-paste off

Update system and install prereq 

apt update && sudo apt upgrade -y
apt -y install build-essential dkms linux-headers-$(uname -r) software-properties-common curl wget git 
apt -y install iputils-ping traceroute 
apt -y install vim 
apt -y install build-essential
apt -y install net-tools
apt -y install less
apt -y install libssl-dev
apt -y install libz-dev
apt -y install python3-pip
apt -y install python3-venv
apt -y install cron
apt -y install ipmitool
apt install -y openvswitch-switch

Temporarily allow SSH root access for setup 

sed -i -E '/^\s*#?\s*PermitRootLogin\s+.*/d' /etc/ssh/sshd_config && echo 'PermitRootLogin yes' | sudo tee -a /etc/ssh/sshd_config
systemctl restart sshd

Add authorized_keys 

grep -qxF 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiKJ/84kE14mqkZllnBFHfsXD10UmEuE6phOvdBC8k/CbybfPEEYUbPW87hykxK8iE0vx8abD58DEOHh0KHpVK3uFB+NqufA5BXixUChZfBoNtK7kJIaJvo4OWOrU09uQ4KYTDXDX61H76MnDSGwPluRw2qSSRPyDS3jMpPpg0iwS1VWmkdvCqn+cqCkZrMGLvK+AKrB8QsaDT33qpmSteaWUM7ZbScVhpWv7o7Zmek0j1jJ8wpSULZpAUW+er0CVS2reaCSTpbX6wYfXs0Vkknt' /root/.ssh/authorized_keys || echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiKJ/84kE14mqkZllnBFHfsXD10UmEuE6phOvdBC8k/CbybfPEEYUbPW87hykxK8iE0vx8abD58DEOHh0KHpVK3uFB+NqufA5BXixUChZfBoNtK7kJIaJvo4OWOrU09uQ4KYTDXDX61H76MnDSGwPluRw2qSSRPyDS3jMpPpg0iwS1VWmkdvCqn+cqCkZrMGLvK+AKrB8QsaDT33qpmSteaWUM7ZbScVhpWv7o7Zmek0j1jJ8wpSULZpAUW+er0CVS2reaCSTpbX6wYfXs0Vkknt' | tee -a /root/.ssh/authorized_keys

Set explicit root password 

passwd root

Infinite bash history in .bashrc 

cd /root
sed -i -E '/^\s*HISTSIZE=.*$/c\HISTSIZE=-1' .bashrc && sed -i -E '/^\s*HISTFILESIZE=.*$/c\HISTFILESIZE=-1\nPROMPT_COMMAND="history -a; history -n; $PROMPT_COMMAND"' .bashrc
source .bashrc

If you didn't config the machine as static but you want to 

# detect current interface, IP/CIDR and gateway
iface=$(ip route show default | awk '/default/ {for(i=1;i<=NF;i++) if($i=="dev"){print $(i+1); exit}}')
cidr=$(ip -o -4 addr show dev "$iface" | awk '{print $4}')
gw=$(ip route show default | awk '/default/ {print $3}')

# disable cloud-init network config
sudo mkdir -p /etc/cloud/cloud.cfg.d \
  && echo 'network: {config: disabled}' \
      | sudo tee /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg >/dev/null

# write your custom netplan
sudo tee /etc/netplan/01-netcfg.yaml >/dev/null <<EOF
network:
  version: 2
  renderer: networkd
  ethernets:
    $iface:
      dhcp4: false
      addresses:
        - $cidr
      routes:
        - to: 0.0.0.0/0
          via: $gw
      nameservers:
        addresses:
          - 8.8.8.8
          - 8.8.4.4
EOF

# disable the auto-generated cloud-init netplan
sudo tee /etc/netplan/50-cloud-init.yaml >/dev/null <<EOF
# disabled by custom config (/etc/netplan/01-netcfg.yaml)
EOF

echo "✔️  Netplan written for $iface ($cidr) via $gw"

Fix DNS, e.g. 86 systemd-resolvd 

sudo systemctl disable --now systemd-resolved
sudo rm /etc/resolv.conf
echo -e "nameserver 8.8.8.8\nnameserver 8.8.4.4" | sudo tee /etc/resolv.conf >/dev/null

If by chance auditd is running, disable it (auditd is off on a bare installation) 

vi  /etc/audit/auditd.conf
vi /etc/audit/audit.rules
systemctl stop systemd-journald-audit.socket
systemctl disable systemd-journald-audit.socket

Verify UFW is inactive if installed, should return “Status: inactive” 

ufw status

Fix nvme bug and turn off audit and app armor 

sudo sed -i '/^\s*GRUB_CMDLINE_LINUX_DEFAULT=/d' /etc/default/grub && echo 'GRUB_CMDLINE_LINUX_DEFAULT="audit=0 pcie_aspm=off pcie_port_pm=off nvme_core.default_ps_max_latency_us=0 apparmor=0 security=apparmor"' | sudo tee -a /etc/default/grub && sudo update-grub
update-grub


Install ipmitool
@reboot /usr/bin/python3 /root/hostinfoLCDbyid.py




AI





Cuda 12.x uses ≥525



add-apt-repository ppa:graphics-drivers/ppa -y
apt update




Check for latest recommended NVIDIA driver



ubuntu-drivers devices




Replace 575-open with the recommended, for certain 40 series and all 50 series use the open



apt install nvidia-driver-575-open -y


reboot




Verify Installation



nvidia-smi




Add CUDA repo



# Ensure NVIDIA CUDA repo is added:
sudo apt install software-properties-common
distribution="ubuntu2204"
wget https://developer.download.nvidia.com/compute/cuda/repos/$distribution/x86_64/cuda-keyring_1.1-1_all.deb
sudo dpkg -i cuda-keyring_1.1-1_all.deb
sudo apt update

# List the latest CUDA toolkit packages available:
apt-cache madison cuda-toolkit




Returns



cuda-toolkit |   12.9.0-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
cuda-toolkit |   12.8.1-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
cuda-toolkit |   12.8.0-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
cuda-toolkit |   12.6.3-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
cuda-toolkit |   12.6.2-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
cuda-toolkit |   12.6.1-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages




Install the latest toolkit



sudo apt install cuda-toolkit-12-9 -y




Set CUDA environment variables



echo 'export PATH=/usr/local/cuda/bin${PATH:+:${PATH}}' >> ~/.bashrc
echo 'export LD_LIBRARY_PATH=/usr/local/cuda/lib64${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}' >> ~/.bashrc
source ~/.bashrc




Verify CUDA



nvcc --version


apt install nfs-common

apt install nfs-kernel-server


apt install apache2
systemctl start apache2

apt install mariadb-server
systemctl start mariadb.service
mysql_secure_installation
mysql -uroot -p

apt install libapache2-mod-php php-mysql
cd /etc/apache2/mods-enabled/
vi dir.conf
systemctl restart apache2
systemctl status apache2
openssl genrsa -aes128 -out private.key 2048
openssl req  -nodes -new -x509  -keyout server.key -out server.cert
openssl req -new -days 999 -key private.key -out request.csr
openssl req -new -days 999 -key server.key -out server.csr
openssl x509 -in server.csr -out certificate.crt -req -signkey server.key -days 999
cd /etc/apache2/conf-available/
vi ssl-params.conf
cd ../sites-available/
openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem
openssl rsa -in server.key -text > private.pem
openssl x509 -inform PEM -in server.crt > public.pem
vi default-ssl.conf
a2enmod ssl
a2enconf ssl-params
a2ensite default-ssl
vi /etc/apache2/conf-enabled/ssl-params.conf
apache2ctl configtest
systemctl restart apache2
vi /etc/php/7.4/apache2/php.ini
apt install nmap

                    
                                    


                
ubuntu_steps.txt · Last modified: 2025/08/26 18:18 by kenson


                
                

            


            
            
        


        



    
    

                Donate
        Powered by PHP
        Valid HTML5
        Valid CSS
        Driven by DokuWiki