ubuntu_steps
This is an old revision of the document!
Start with “bare” ubuntu
Just be root
sudo su -
apt update
Install vim
apt -y install vim
Temporarily allow SSH root access for setup
sed -i -E '/^\s*#?\s*PermitRootLogin\s+.*/d' /etc/ssh/sshd_config && echo 'PermitRootLogin yes' | sudo tee -a /etc/ssh/sshd_config systemctl restart sshd
Add authorized_keys
grep -qxF 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiKJ/84kE14mqkZllnBFHfsXD10UmEuE6phOvdBC8k/CbybfPEEYUbPW87hykxK8iE0vx8abD58DEOHh0KHpVK3uFB+NqufA5BXixUChZfBoNtK7kJIaJvo4OWOrU09uQ4KYTDXDX61H76MnDSGwPluRw2qSSRPyDS3jMpPpg0iwS1VWmkdvCqn+cqCkZrMGLvK+AKrB8QsaDT33qpmSteaWUM7ZbScVhpWv7o7Zmek0j1jJ8wpSULZpAUW+er0CVS2reaCSTpbX6wYfXs0Vkknt' /root/.ssh/authorized_keys || echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiKJ/84kE14mqkZllnBFHfsXD10UmEuE6phOvdBC8k/CbybfPEEYUbPW87hykxK8iE0vx8abD58DEOHh0KHpVK3uFB+NqufA5BXixUChZfBoNtK7kJIaJvo4OWOrU09uQ4KYTDXDX61H76MnDSGwPluRw2qSSRPyDS3jMpPpg0iwS1VWmkdvCqn+cqCkZrMGLvK+AKrB8QsaDT33qpmSteaWUM7ZbScVhpWv7o7Zmek0j1jJ8wpSULZpAUW+er0CVS2reaCSTpbX6wYfXs0Vkknt' | tee -a /root/.ssh/authorized_keys
Set explicit root password
passwd root
Fix bash history in .bashrc
cd /root sed -i -E '/^\s*HISTSIZE=.*$/c\HISTSIZE=-1' .bashrc && sed -i -E '/^\s*HISTFILESIZE=.*$/c\HISTFILESIZE=-1\nPROMPT_COMMAND="history -a; history -n; $PROMPT_COMMAND"' .bashrc source .bashrc
If you didn't config the machine as static but you want to
sudo mkdir -p /etc/cloud/cloud.cfg.d && \
echo 'network: {config: disabled}' | sudo tee /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg && \
sudo tee /etc/netplan/01-netcfg.yaml >/dev/null <<EOF
network:
ethernets:
ens3f0:
dhcp4: false
addresses:
- 10.10.22.181/24
gateway4: 10.10.22.1
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
version: 2
EOF
sudo bash -c "echo '# This file has been disabled by custom configuration (/etc/netplan/01-netcfg.yaml).' > /etc/netplan/50-cloud-init.yaml"
echo REMEMBER TO SET IP IN /etc/netplan/01-netcfg.yaml
If by chance auditd is running, disable it (auditd is off on a bare installation)
vi /etc/audit/auditd.conf vi /etc/audit/audit.rules systemctl stop systemd-journald-audit.socket systemctl disable systemd-journald-audit.socket
Verify UFW is inactive
ufw status Status: inactive
Fix nvme bug and turn off audit and apparmor
sudo sed -i '/^\s*GRUB_CMDLINE_LINUX_DEFAULT=/d' /etc/default/grub && echo 'GRUB_CMDLINE_LINUX_DEFAULT="audit=0 pcie_aspm=off pcie_port_pm=off nvme_core.default_ps_max_latency_us=0 apparmor=0 security=apparmor"' | sudo tee -a /etc/default/grub && sudo update-grub update-grub
apt -y install build-essential apt -y install net-tools apt -y install less apt -y install libssl-dev apt -y install libz-dev apt -y install python3-pip apt -y install python3-venv apt -y install cron apt -y install ipmitool
Install ipmitool @reboot /usr/bin/python3 /root/hostinfoLCDbyid.py
<code>
47 cd /etc/ 48 less issue 49 less issue.net
50 cd update-motd.d/ 52 less 50-motd-news 54 chmod a-x *
57 vi 50-landscape-sysinfo
185 apt get apache 186 apt install apache2 189 systemctl start apache2 192 cd /var/www/html/ 197 vi index.html
207 apt install mariadb-server 208 systemctl start mariadb.service 209 mysql_secure_installation 212 mysql -uroot -p
217 apt install libapache2-mod-php php-mysql 218 cd /etc/apache2/mods-enabled/ 221 vi dir.conf 222 systemctl restart apache2 223 systemctl status apache2 224 apt search php- | less 225 ls 226 cd 227 cd /var/www/html/ 228 ls -al 229 vi cam.html 230 vi save_photo.php 231 mkdir uploads 232 ps -ef 233 chown www-data uploads/ 234 ls -al 235 ls 236 cd /var/www/ 237 ls 238 cd html/ 239 ls 240 vi cam.html 241 ls 242 \rm cam.html 243 vi p.php 244 vi c2.html 245 ls a-l 246 ls 247 ls -al uploads/ 248 pwd 249 service apache2 restart 250 ls 251 vi p.php 252 ls 253 vi index.html 254 cd 255 ls 256 penssl genrsa -aes128 -out private.key 2048 257 openssl genrsa -aes128 -out private.key 2048 258 openssl req -nodes -new -x509 -keyout server.key -out server.cert 259 ls 260 mkdir keys 261 mv server.* keys 262 cd keys/ 263 ls 264 openssl req -new -days 999 -key private.key -out request.csr 265 ls 266 openssl req -new -days 999 -key server.key -out server.csr 267 openssl x509 -in server.csr -out certificate.crt -req -signkey server.key -days 999 268 ls -l 269 cd /etc/apache2/ 270 ls 271 cd conf-available/ 272 ls 273 vi ssl-params.conf 274 cd ../sites-available/ 275 ls 276 ls 277 mv certificate.crt server.crt 278 ls 279 openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem 280 ls 281 openssl rsa -in server.key -text > private.pem 282 openssl x509 -inform PEM -in server.crt > public.pem 283 ls 284 mkdir /etc/ssl/hot 285 mv server.* /etc/ssl/hot/ 286 ls 287 mv * /etc/ssl/hot/ 288 ls -l /etc/ssl/hot/ 289 pwd 290 vi /var/www/html/p.php 291 ls 292 ls -al 293 cd 294 cd /var/www/html/ 295 ls 296 service apache2 restart 297 ls 298 ls -l 299 vi default-ssl.conf 300 a2enmod ssl 301 a2enconf ssl-params 302 a2ensite default-ssl 303 apache2ctl configtest 304 vi /etc/apache2/conf-enabled/ssl-params.conf 305 apache2ctl configtest 306 vi /etc/apache2/conf-enabled/ssl-params.conf 307 apache2ctl configtest 308 systemctl restart apache2 309 ls 310 cd /var/www/ 311 ls 312 cd html/ 313 ls 314 ls 315 vi c2.html 316 vi /var/log/apache2/error.log 317 find / > /tmp/fl.txt 318 vi /etc/php/7.4/apache2/php.ini 319 ls 320 ls /tmp/ 321 ls -al 322 ls uploads/ 323 cd /var/log/ 324 ls 325 vi /etc/php/7.4/apache2/php.ini 326 echo -ne '\e]4;4;#0000FF\a' 327 ls 328 echo -ne '\e]4;4;#8888FF\a' 329 ls 330 vi /etc/php/7.4/apache2/php.ini 331 echo -e "\e]P46495ED" 332 ls 333 vi /etc/php/7.4/apache2/php.ini 334 ls -al 335 vi /etc/bash.bashrc 336 ls -al 337 grep php.log /tmp/fl.txt 338 vi /etc/php/7.4/apache2/php.ini 339 ls a-l 340 ls -al 341 touch php.loh 342 touch php.log 343 ls -al 344 rm php.loh 345 chmod a+x php.log 346 ls -al 347 chmod a+w php.log 348 chmod a-x php.log 349 ls -al 350 service apache2 restart 351 ls -al 352 cd /var/www/html/ 412 apt install nmap
ubuntu_steps.1747978312.txt.gz · Last modified: 2025/05/23 05:31 by kenson