Ubuntu Gutsy setup - page 2

In page 1 of the Ubuntu Gutsy setup, we completed the ssh configuration along with a basic iptables install.

Let's move on and install some personal configuration files to make our life easier. Once done, we can update the install and create a solid base for the 'meat' of the server.


OS check and Free

First thing is to confirm what OS we're using. We know we should be using Ubuntu Gutsy but let's see:

cat /etc/issue

You should get an output similar to this:

#Ubuntu 7.10 \n \l

Good. Memory usage should be very low at this point but let's check using 'free -m' (the -m suffix displays the result in MB's which I find easier to read):

free -m

It's nice to know what is going on so let's look at that output:

.                  total       used       free     shared    buffers     cached
Mem:             254       49         205          0          3            74
-/+ buffers/cache:      32           222
Swap:            511        0           511

The line to take notice of is the second one as the first line includes cached memory - in this demo slice I have 254MB memory in total with 32MB actually used, 222MB free and no swap used. Nice.

.bashrc

Let's make the terminal a bit more attractive and a bit more informative by adding a few lines to our . bashrc file.

nano ~/.bashrc

Add the next few lines at the end of the existing text. The following line will make the terminal show the server name in colour and display the working directory (the directory we are in) in a different colour:

export PS1='\[\033[0;35m\]\h\[\033[0;33m\] \w\[\033[00m\]: '

Now we can add aliases to the file. Aliases are short cuts to commands or sequences of commands. I've included a few below but you can have as many or as few as you want.

alias free="free -m"
alias update="sudo aptitude update"
alias install="sudo aptitude install"
alias upgrade="sudo aptitude safe-upgrade"
alias remove="sudo aptitude remove"

The examples above are pretty simple. Instead of typing 'free -m' every time I want to look at the memory usage, I just type 'free. Typing 'sudo aptitude install' can get tedious, so I just type 'install'.

I still need to provide my password for the sudo command to work, but it is more productive/quicker/easier to have short cuts.

To activate the changes log out and log in again

You should now see the slice name in purple and the working directory in brown.

To change the colours to your choosing, adjust the 0;35m and the 0;33m values in the 'export PS1' line of your .bashrc. For example:

export PS1='\[\033[0;32m\]\h\[\033[0;36m\] \w\[\033[00m\]: '

would give you a green and blue output.

sources.list

The Ubuntu Gutsy Slice comes with a basic set of repositories but let's have a check to see what sources we are using:

sudo nano /etc/apt/sources.list

You should see the default list as follows:

deb http://archive.ubuntu.com/ubuntu/ gutsy main restricted universe
deb-src http://archive.ubuntu.com/ubuntu/ gutsy main restricted universe

deb http://archive.ubuntu.com/ubuntu/ gutsy-updates main restricted universe
deb-src http://archive.ubuntu.com/ubuntu/ gutsy-updates main restricted universe

deb http://security.ubuntu.com/ubuntu gutsy-security main restricted universe
deb-src http://security.ubuntu.com/ubuntu gutsy-security main restricted universe

You can, of course, add more repositories whenever you want to but I would just give a word of caution: Some of the available repositories are not officially supported and may not receive any security updates should a flaw be discovered.

Keep in mind it is a server we are building and not a desktop.

Update

Now we can update the sources so we have the latest list of software packages:

sudo aptitude update

NOTE: If you have used the .bashrc shown above you just need to enter 'update' as the alias will use the entire command. I've put the whole thing here so you know what is happening.

locales

Remember the Gutsy Slice is a bare bones install so we need set the system locale:

sudo locale-gen en_GB.UTF-8
...
sudo /usr/sbin/update-locale LANG=en_GB.UTF-8

Upgrade

Now we have updated the sources.list repositories and set the locale, let's see if there are any upgrade options:

sudo aptitude safe-upgrade

Followed by a:

sudo aptitude full-upgrade

screen

Let's get started by installing screen. This is a great application that allows 'virtual' terminals to be opened in one console. Switching between them is done with the press of a key.

The advantages are that you can be working on more than one shell at a time, say one installing software and another monitoring network activity - all without having more than one physical shell open. If the SSH connection is cut for some reason or you have to leave the room then close the terminal and the work will still carry on in the background.

I highly recommend installing and getting used to using screen. This screen tutorial gives an excellent introduction.

sudo aptitude install screen

To start a screen session simply enter the command:

screen

Press the space bar to remove the introduction page.

build essentials

Ok, last thing to do is install some common programmes that will save time and, possibly, frustration later on.

Ubuntu Gutsy has some handy meta-packages that include a set of pre-defined programmes needed for one purpose.

So instead of installing a dozen different package names, you can install just one meta-package. One such package is called 'build-essential'. Issue the command:

sudo aptitude install build-essential

Notice the programmes that are to be installed include gcc, make, patch and so on. All these are needed for many other programmes to install properly. A neat system indeed. Enter 'Y' and install them.

done

Quite a lot happening here but now we have a secured slice.

The console is now informative and less drab, locales have been configured and the meta-package build-essential has been installed.

If you do this more than once or twice it doesn't take long at all and we now have the ideal base to install the 'meat' of our server.

PickledOnion.

Article Comments:

Frank commented Wed Nov 07 20:43:12 UTC 2007:

You should also install denyhosts to help with security. This program has stopped numerous brute force attacks via ssh for my vps (and soont to be slice).

Billtaichi commented Fri Nov 16 01:22:13 UTC 2007:

Just wanted to say thanks for writing some awesome articles, has really helped me out seeing how to secure everything and make things a little nicer. Just getting started with my slice and these articles save a LOT of time.

Luke Pearce commented Sat Nov 17 13:25:24 UTC 2007:

Yeah I agree the articles are excellently written and really easy to follow.

I orginally thought I would figure it out as I went along - however having found and followed your articles it's made me realise how much time I've saved just figuring everything out!

Really well done in setting these up!

Thanks very much

Luke

Michael Koukoullis commented Mon Nov 19 13:20:13 UTC 2007:

I am so impressed with the speed and ease by which I signed up, accessed my server and made it secure according to your Gutsy setup articles. You guys freakin rock.

Tom Styles commented Mon Nov 19 16:07:58 UTC 2007:

Hi Pickled Onion, Just spotted a tiny error, in the line where you are opening up ~/.bashrc there is a space in between the . and the b, and it shouldn't be there. It's fairly obvious once you've worked out that there's meant to be some content to edit but the copy and paste gang (that's me) need as few hicups as possible. Otherwise I'm loving it. It's like an introduction to Unix and a practical demo in how to build a proper server all in one. If I hadn't found these articles I wouldn't have bought my slice, so nice one.

PickledOnion commented Mon Nov 19 16:14:25 UTC 2007:

Hi Tom,

Good call :)

I fixed the typo.

PickledOnion.

John commented Fri Nov 23 18:08:13 UTC 2007:

Thanks for the tutorial! Having all security and config steps in a single place saved me a lot of time in getting my slice ready to go.

MichaelT commented Sat Nov 24 04:12:03 UTC 2007:

Good one PO!

al commented Sun Nov 25 05:03:08 UTC 2007:

i second Frank - denyhosts is excellent, here's the three things to change after it's installed:

  • in /etc/denyhosts.conf change ADMIN_EMAIL to a valid address so you get notified as hosts are denied. i have a t-bird rule that folders them.

  • in /etc/denyhosts.conf change SMTP_FROM to include the hostname in the from: email addy, so you know which host it's coming from

  • create a file called /usr/share/denyhosts/allowed-hosts with at least one ip you feel can safely be excepted from being barred so you don't lock yourself out - or just rely on slicehost's console. actually, not that i think about it, i do this on all my boxes, but given slicehost's console, it might be better to rely on that instead. your call.

restart denyhosts.

@PickledOnion - nice articles. very clean. some things differ from my preferences, but i'm shifting a few of my preferences based on them.

al commented Sun Nov 25 05:24:52 UTC 2007:

just remembered - should you want to use the mail features of denyhosts i describe in my previous comment, you'll want to do this on a system that doesn't have a mailserver installed:

sudo aptitude install denyhosts postfix mailx -y

there are probably lighter weight solutions, but that one's good, fairly secure in my experience, and easy to set up. if you just aptitude denyhosts, it'll drag in much heavier stuff like courier - the odds are you don't want all that.

just a thought, fwiw.

rdflowers commented Thu Nov 29 04:31:01 UTC 2007:

Both tutorials are excellent !!!

These are approximately the best such information I've seen anywhere.

Do that.

Your whole setup rocks, far as I can see.

Gilad commented Sun Dec 16 17:34:40 UTC 2007:

Thumbs up for the tutorials. You definately "earned" me as customer. I was initially ready to cancel my account when I realized I am "on my own" with the server stuff, but this definately helped.

will commented Thu Dec 20 05:33:45 UTC 2007:

This is much more usefull than http://wiki.slicehost.com/doku.php?id=getstartedwithyournewubuntuslice

(seeing that the sources.list is updated here[gutsy] and not there [dapper])

PickledOnion commented Thu Dec 20 11:18:28 UTC 2007:

Thanks for the comments from everyone!

Will, do keep in mind the wiki consists of articles created by the community and some may be slightly out of date now.

It does contain some great information that is not here at all.

Cheers,

PickledOnion.

Les commented Fri Dec 21 18:31:58 UTC 2007:

In case anyone else has trouble seeing the default blue directory names on a black terminal background when they run ls.

When you're editing the .bashrc you can add the following line:

export LS_COLORS=‘di=01;37’

And all the directories names will appear in white. Nice.

James commented Sat Jan 05 03:51:49 UTC 2008:

You can also look into fail2ban as a denyhosts alternative it scans logs for failed login attemps and ipbans offending ips, most debian based systems have it via apt-get install fail2ban. And it comes preconfigured to monitor most common server apps.

Jai-Gouk commented Sun Jan 13 23:55:50 UTC 2008:

I've installed denyhosts. Here is the tutorial.

http://ubuntuforums.org/showthread.php?t=254149

Eric Jarvies commented Mon Jan 14 16:46:59 UTC 2008:

Wonderful delivery of all things Slicehost! From your slices to your instructional pages... everything is clean clean clean.

bliss commented Tue Jan 15 05:20:57 UTC 2008:

These are the ultimate tutorials. All making lots of sense, all in one place. Thanks much! I am already in love with slicehost :)

firefly commented Wed Jan 30 06:52:13 UTC 2008:

for whatever reason, i wasn't able to set the locale using the steps above, but this worked for me:

sudo locale-gen en_US.UTF-8 ... sudo /usr/sbin/update-locale LANG=en_US.UTF-8

mattie commented Thu Feb 14 15:06:08 UTC 2008:

AWESOME tutorial. Very helpful in getting my slice up to speed!!!

David commented Sun Feb 24 23:33:38 UTC 2008:

Agreed with all the people above, excellent tutorials. Helped lots.

David commented Fri Feb 29 18:46:09 UTC 2008:

I did the same as firefly. US-based servers should use "en_US.UTF-8" I believe.

Duff commented Tue Mar 04 11:30:04 UTC 2008:

I am so impressed with this tutorial. How exciting to go from a new slice to a locked down slice in about an hour.

Val commented Wed Mar 19 09:25:57 UTC 2008:

Dude, this is great. Your articulation is really clear. It's really nice as I haven't built a linux from scratch in years.... Slicehost rocks!

ChrisM commented Tue Mar 25 22:29:18 UTC 2008:

Great article!

Also, for newbies like myself: before starting this, you may want to start with the "Set up Linux and SSH Security" section of this wiki first.

Only after I'd done that -- and only that section -- did I get the articles here to work.

Thanks!

Mark M commented Sun Mar 30 23:55:50 UTC 2008:

superb tutorials guys, worked my way through both with no problems whatsoever and learned a thing or two along the way...job done.

Dominic commented Thu Apr 10 06:09:44 UTC 2008:

Thanks for the great tutorial. It turned a daunting task into something achievable.

Want to comment?


(not made public)

(optional)

(use plain text or Markdown syntax)