This document should outline a few steps that are useful after a fresh install of an Ubuntu Server - last updated for 20.04.
sudo apt install mlocate htop ncdu ranger tldr tree vim
If you need to mount Windows network drives:
sudo apt install cifs-utils
If you are fine with the OpenJDK version that comes with your Ubuntu:
sudo apt install openjdk-11-jdk-headless
A good alternative if you want other versions is https://adoptopenjdk.net - they provide ppas for free.
Their documentation is a little messy, here are the relevant pages:
Disable root login in
A good baseline is to only allow logins via public key authentication (disable password authentication), except for a fallback user with a very long and complex password. See these lines in
PasswordAuthentication no # <snip> # Match-block at end of file for exceptions: Match User fallbackuser PasswordAuthentication yes
Further harden OpenSSH according to the secure secure shell guide
sudo apt install unattended-upgrades
Or reconfigure it if it's already installed:
sudo dpkg-reconfigure -plow unattended-upgrades
This creates the file
To avoid filling up small hard drives over time (e.g. with multiple kernel versions) it may be useful to activate the equivalent of
sudo apt autoremove:
Add a line to
/etc/sysctl.conf and override the default swappiness of 60 with a much lower value, e.g.
If you fancy a nice greeting message:
#!/bin/bash # http://patorjk.com/software/taag/#p=display&h=1&f=Calvin%20S&t=my-server-name # http://patorjk.com/software/taag/#p=display&h=1&v=0&f=ANSI%20Regular&t=my-server-name echo "┌┬┐┬ ┬ ┌─┐┌─┐┬─┐┬ ┬┌─┐┬─┐ ┌┐┌┌─┐┌┬┐┌─┐" echo "│││└┬┘───└─┐├┤ ├┬┘└┐┌┘├┤ ├┬┘───│││├─┤│││├┤ " echo "┴ ┴ ┴ └─┘└─┘┴└─ └┘ └─┘┴└─ ┘└┘┴ ┴┴ ┴└─┘" # or alternatively # figlet my-server-name
Don't forget to make the file executable.
~/.hushlogin to still see the greeting (and all other info you usually get when logging in).