User Tools

Site Tools


Ubuntu Server Setup

This document should outline a few steps that are useful after a fresh install of an Ubuntu Server - last updated for 20.04.

Install Useful Tools

sudo apt install mlocate htop ncdu ranger tldr tree vim

More Software

Samba / CIFS

If you need to mount Windows network drives:

sudo apt install cifs-utils


If you are fine with the OpenJDK version that comes with your Ubuntu:

sudo apt install openjdk-11-jdk-headless

A good alternative if you want other versions is - they provide ppas for free.



Disable root login in /etc/ssh/sshd_config:

PermitRootLogin no

A good baseline is to only allow logins via public key authentication (disable password authentication), except for a fallback user with a very long and complex password. See these lines in /etc/ssh/sshd_config:

PasswordAuthentication no

# <snip>
# Match-block at end of file for exceptions:

Match User fallbackuser
  PasswordAuthentication yes

Ubuntu tutorials:

Further harden OpenSSH according to the secure secure shell guide

Enable Automatic Security Updates

Install unattended-upgrades:

sudo apt install unattended-upgrades

Or reconfigure it if it's already installed:

sudo dpkg-reconfigure -plow unattended-upgrades

This creates the file /etc/apt/apt.conf.d/20auto-upgrades.

To avoid filling up small hard drives over time (e.g. with multiple kernel versions) it may be useful to activate the equivalent of sudo apt autoremove:

Set Unattended-Upgrade::Remove-Unused-Dependencies to true in /etc/apt/apt.conf.d/50unattended-upgrades.

See also:

Decrease Swappiness

Add a line to /etc/sysctl.conf and override the default swappiness of 60 with a much lower value, e.g.


Root Kit & Intrusion Detection

Have a look at at e.g. chkrootkit and tiger tiger


If you fancy a nice greeting message:

echo "┌┬┐┬ ┬   ┌─┐┌─┐┬─┐┬  ┬┌─┐┬─┐   ┌┐┌┌─┐┌┬┐┌─┐"
echo "│││└┬┘───└─┐├┤ ├┬┘└┐┌┘├┤ ├┬┘───│││├─┤│││├┤ "
echo "┴ ┴ ┴    └─┘└─┘┴└─ └┘ └─┘┴└─   ┘└┘┴ ┴┴ ┴└─┘"
# or alternatively
# figlet my-server-name

Don't forget to make the file executable.

When using byobu delete ~/.hushlogin to still see the greeting (and all other info you usually get when logging in).

More Resources

ubuntu_server_setup.txt · Last modified: 2021/08/26 16:32 by mstraub