linux:install:server:ubuntu20043

Aquesta és una revisió antiga del document

Instal·lació Linux Server Ubuntu 20.04.3

instal·lació

configuració

sudo apt update -y && sudo apt upgrade -y
sudo apt install -y git vim

zsh

sudo apt install -y fonts-powerline zsh
sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
chsh -s $(which zsh)
 
sudo apt-get install -y zsh-syntax-highlighting
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM}/plugins/zsh-syntax-highlighting
 
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM}/plugins/zsh-syntax-highlighting
; .zshrc
ZSH_THEME="agnoster"
plugins=(git    
         colored-man-pages
         colorize
         zsh-syntax-highlighting
         vagrant
         zsh-autosuggestions
         timer
 )

ntp

sudo apt install -y ntp
sudo ln -s /usr/share/zoneinfo/Etc/UTC localtime_old
sudo unlink localtime
sudo ln -s /usr/share/zoneinfo/Europe/Andorra /etc/localtime
sudo systemctl restart ntp.service

docker

sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo usermod -aG docker fidmag

ufw

sudo apt install -y ufw
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw enable
ufw status
ufw app list

/via: https://community.hetzner.com/tutorials/simple-firewall-management-with-ufw

ssh

/via: https://community.hetzner.com/tutorials/securing-ssh

; /etc/ssh/sshd_config
AllowTcpForwarding no                   # Disables port forwarding.
X11Forwarding no                        # Disables remote GUI view.
AllowAgentForwarding no                 # Disables the forwarding of the SSH login.
MaxAuthTries 2
AllowUsers fidmag
ClientAliveInterval 300
ClientAliveCountMax 1
PermitRootLogin no
sudo sshd -t # test configuration
sudo systemctl restart sshd

fail2ban

sudo apt install -y fail2ban
sudo systemctl enable fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo vim /etc/fail2ban/jail.local # add enabled = true in [sshd] section

sudo

sudoreplay

sudo visudo
# add: Defaults log_output
sudo sudoreplay -l # list sessions
sudo sudoreplay <TSID>

su

sudo groupadd su
sudo usermod -a -G su fidmag
sudo dpkg-statoverride --update --add root admin 4750 /bin/su

/via: https://www.techrepublic.com/article/how-to-limit-access-to-the-su-command-in-linux/

  • linux/install/server/ubuntu20043.1637932965.txt.gz
  • Darrera modificació: 26/11/2021 05:22
  • per mate