ducoterra
5184c84d50
2.1 KiB
Ubuntu Server
Note these instructions differentiate between an operator and a server. The operator can be
any machine that configure the server. A pipeline, laptop, dedicated server, etc. are all options.
The server can be its own operator, though that's not recommended since servers should be ephemeral
and the operator will store information about each server.
Setup SSH
See README
Fail2Ban
On the server:
apt update
apt install -y fail2ban
# Setup initial rules
cat <<EOF > /etc/fail2ban/jail.local
# Jail configuration additions for local installation
# Adjust the default configuration's default values
[DEFAULT]
# Optional enter an trusted IP never to ban
ignoreip = 2600:1700:1e6c:a81f::0/64
bantime = 6600
backend = auto
# The main configuration file defines all services but
# deactivates them by default. We have to activate those neeeded
[sshd]
enabled = true
EOF
systemctl enable fail2ban --now
tail -f /var/log/fail2ban.log
Automatic Updates
On the server:
apt install -y unattended-upgrades
systemctl enable --now unattended-upgrades.service
Disable Swap
swapoff -a
Extras
On the server:
# Install glances for system monitoring
apt install -y glances net-tools vim tmux
# Cockpit
apt install -y cockpit
systemctl enable --now cockpit
Troubleshooting
nmcli device unmanaged
Ubuntu installs a config file that sets most devices unmanaged:
/usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf:
[keyfile] unmanaged-devices=*,except:type:wifi,except:type:gsm,except:type:cdma
To disable this, You can create a blank file with the same name in /etc:
sudo touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf sudo systemctl restart NetworkManager
Then nmcli device set <device-name> managed yes
Then turn on "Connect Automatically" in Cockpit.