This document should outline a few steps that are useful after a fresh install of an Ubuntu Server.
If you are dealing with a minimal installation (meta-package ubuntu-minimal) you may want to beef it up a bit. Check what packages are typically bundled e.g. when installing Ubuntu Server or just select your server style:
tasksel # ncurses GUI tasksel --list-tasks tasksel --task-packages server
Some additional packages for easier CLI handling:
sudo apt install bash-completion ubuntu-release-upgrader-core software-properties-common
And some more useful tools:
sudo apt install htop ncdu ranger tldr tree vim
If you are fine with the OpenJDK version that comes with your Ubuntu:
sudo apt install openjdk-11-jdk-headless
A good alternative if you want other versions is https://adoptopenjdk.net - they provide ppas for free.
Their documentation is a little messy, here are the relevant pages:
Disable root login in
A good baseline is to only allow logins via public key authentication (disable password authentication), except for a fallback user with a very long and complex password. See these lines in
PasswordAuthentication no # <snip> # Match-block at end of file for exceptions: Match User fallbackuser PasswordAuthentication yes
Further harden OpenSSH according to the secure secure shell guide
Quickly enable unattended upgrades:
sudo dpkg-reconfigure -plow unattended-upgrades
This creates the file
Add a line to
/etc/sysctl.conf and override the default swappiness of 60 with a much lower value, e.g.
If you fancy a nice greeting message:
#!/bin/bash # http://patorjk.com/software/taag/#p=display&h=1&f=Calvin%20S&t=my-server-name echo "┌┬┐┬ ┬ ┌─┐┌─┐┬─┐┬ ┬┌─┐┬─┐ ┌┐┌┌─┐┌┬┐┌─┐" echo "│││└┬┘───└─┐├┤ ├┬┘└┐┌┘├┤ ├┬┘───│││├─┤│││├┤ " echo "┴ ┴ ┴ └─┘└─┘┴└─ └┘ └─┘┴└─ ┘└┘┴ ┴┴ ┴└─┘" # or alternatively # figlet my-server-name