Meh Belly Lint Collection

That awful moment when you realize,
THIS is YOUR circus and THOSE are YOUR monkeys.

User Tools

Site Tools

You are here: start » ubuntu_steps
ubuntu_steps

This is an old revision of the document!

Start with “bare” ubuntu, I'm still on 22.04 LTS

Just be root 

sudo su -

Update system and install prereq 

apt update && sudo apt upgrade -y
apt -y install build-essential dkms linux-headers-$(uname -r) software-properties-common curl wget git 
apt -y install iputils-ping traceroute 
apt -y install vim 
apt -y install build-essential
apt -y install net-tools
apt -y install less
apt -y install libssl-dev
apt -y install libz-dev
apt -y install python3-pip
apt -y install python3-venv
apt -y install cron
apt -y install ipmitool
apt install -y openvswitch-switch

Temporarily allow SSH root access for setup 

sed -i -E '/^\s*#?\s*PermitRootLogin\s+.*/d' /etc/ssh/sshd_config && echo 'PermitRootLogin yes' | sudo tee -a /etc/ssh/sshd_config
systemctl restart sshd

Add authorized_keys 

grep -qxF 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiKJ/84kE14mqkZllnBFHfsXD10UmEuE6phOvdBC8k/CbybfPEEYUbPW87hykxK8iE0vx8abD58DEOHh0KHpVK3uFB+NqufA5BXixUChZfBoNtK7kJIaJvo4OWOrU09uQ4KYTDXDX61H76MnDSGwPluRw2qSSRPyDS3jMpPpg0iwS1VWmkdvCqn+cqCkZrMGLvK+AKrB8QsaDT33qpmSteaWUM7ZbScVhpWv7o7Zmek0j1jJ8wpSULZpAUW+er0CVS2reaCSTpbX6wYfXs0Vkknt' /root/.ssh/authorized_keys || echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiKJ/84kE14mqkZllnBFHfsXD10UmEuE6phOvdBC8k/CbybfPEEYUbPW87hykxK8iE0vx8abD58DEOHh0KHpVK3uFB+NqufA5BXixUChZfBoNtK7kJIaJvo4OWOrU09uQ4KYTDXDX61H76MnDSGwPluRw2qSSRPyDS3jMpPpg0iwS1VWmkdvCqn+cqCkZrMGLvK+AKrB8QsaDT33qpmSteaWUM7ZbScVhpWv7o7Zmek0j1jJ8wpSULZpAUW+er0CVS2reaCSTpbX6wYfXs0Vkknt' | tee -a /root/.ssh/authorized_keys

Set explicit root password 

passwd root

Infinite bash history in .bashrc 

cd /root
sed -i -E '/^\s*HISTSIZE=.*$/c\HISTSIZE=-1' .bashrc && sed -i -E '/^\s*HISTFILESIZE=.*$/c\HISTFILESIZE=-1\nPROMPT_COMMAND="history -a; history -n; $PROMPT_COMMAND"' .bashrc
source .bashrc

If you didn't config the machine as static but you want to 

sudo mkdir -p /etc/cloud/cloud.cfg.d && \
echo 'network: {config: disabled}' | sudo tee /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg && \
sudo tee /etc/netplan/01-netcfg.yaml >/dev/null <<EOF
network:
  ethernets:
    ens3f0:
      dhcp4: false
      addresses:
        - 10.10.22.181/24
      gateway4: 10.10.22.1
      nameservers:
        addresses:
          - 8.8.8.8
          - 8.8.4.4
  version: 2
EOF
sudo bash -c "echo '# This file has been disabled by custom configuration (/etc/netplan/01-netcfg.yaml).' > /etc/netplan/50-cloud-init.yaml"
echo REMEMBER TO SET IP IN /etc/netplan/01-netcfg.yaml

Fix DNS, e.g. 86 systemd-resolvd 

sudo systemctl disable --now systemd-resolved
sudo rm /etc/resolv.conf
echo -e "nameserver 8.8.8.8\nnameserver 8.8.4.4" | sudo tee /etc/resolv.conf >/dev/null

If by chance auditd is running, disable it (auditd is off on a bare installation) 

vi  /etc/audit/auditd.conf
vi /etc/audit/audit.rules
systemctl stop systemd-journald-audit.socket
systemctl disable systemd-journald-audit.socket

Verify UFW is inactive if installed, should return “Status: inactive” 

ufw status

Fix nvme bug and turn off audit and apparmor 

sudo sed -i '/^\s*GRUB_CMDLINE_LINUX_DEFAULT=/d' /etc/default/grub && echo 'GRUB_CMDLINE_LINUX_DEFAULT="audit=0 pcie_aspm=off pcie_port_pm=off nvme_core.default_ps_max_latency_us=0 apparmor=0 security=apparmor"' | sudo tee -a /etc/default/grub && sudo update-grub
update-grub


Install ipmitool
@reboot /usr/bin/python3 /root/hostinfoLCDbyid.py


apt install apache2
systemctl start apache2

apt install mariadb-server
systemctl start mariadb.service
mysql_secure_installation
mysql -uroot -p

apt install libapache2-mod-php php-mysql
cd /etc/apache2/mods-enabled/
vi dir.conf
systemctl restart apache2
systemctl status apache2
openssl genrsa -aes128 -out private.key 2048
openssl req  -nodes -new -x509  -keyout server.key -out server.cert
openssl req -new -days 999 -key private.key -out request.csr
openssl req -new -days 999 -key server.key -out server.csr
openssl x509 -in server.csr -out certificate.crt -req -signkey server.key -days 999
cd /etc/apache2/conf-available/
vi ssl-params.conf
cd ../sites-available/
openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem
openssl rsa -in server.key -text > private.pem
openssl x509 -inform PEM -in server.crt > public.pem
vi default-ssl.conf
a2enmod ssl
a2enconf ssl-params
a2ensite default-ssl
vi /etc/apache2/conf-enabled/ssl-params.conf
apache2ctl configtest
systemctl restart apache2
vi /etc/php/7.4/apache2/php.ini
apt install nmap

                    
                                    


                
ubuntu_steps.1747979800.txt.gz · Last modified: 2025/05/23 05:56 by kenson


                
                

            


            
            
        


        



    
    

                Donate
        Powered by PHP
        Valid HTML5
        Valid CSS
        Driven by DokuWiki