Book Image

Mastering Ubuntu Server - Third Edition

By : Jay LaCroix

Book Image

Mastering Ubuntu Server - Third Edition

By: Jay LaCroix

Overview of this book

Ubuntu Server has taken data centers around the world by storm. Whether you're deploying Ubuntu for a large-scale project or for a small office, it is a stable, customizable, and powerful Linux distribution with innovative and cutting-edge features. For both simple and complex server deployments, Ubuntu's flexible nature can be easily adapted to meet to the needs of your organization. This third edition is updated to cover the advancements of Ubuntu 20.04 LTS and further train you to understand how to use Ubuntu Server, from initial deployment to creating production-ready resources for your network. The book begins with the concepts of user management, group management, and file system permissions. Continuing into managing storage volumes, you will learn how to format storage devices, utilize logical volume management, and monitor disk usage. Later, you will learn how to virtualize hosts and applications, which will include setting up QEMU & KVM, as well as containerization with both Docker and LXD. As the book continues, you will learn how to automate configuration with Ansible, as well as take a look at writing scripts. Lastly, you will explore best practices and troubleshooting techniques when working with Ubuntu Server that are applicable to real-world scenarios. By the end of this Ubuntu Server book, you will be well-versed in Ubuntu server’s advanced concepts and attain the required proficiency needed for Ubuntu Server administration.

Preface

Who this book is for

What this book covers

To get the most out of this book

Deploying Ubuntu Server

Deploying Ubuntu Server

Technical requirements

Determining your server's role

Setting up our server

Obtaining installation media

Creating a bootable flash drive

Installing Ubuntu Server

Installing Ubuntu on a Raspberry Pi

Further Reading

Free Chapter

Managing Users and Permissions

Managing Users and Permissions

Understanding users and groups

Understanding when to use root

Creating and removing users

Understanding the /etc/passwd and /etc/shadow files

Distributing default configuration files with /etc/skel

Switching users

Managing groups

Managing passwords and password policies

Configuring administrator access with sudo

Setting permissions on files and directories

Further reading

Managing Software Packages

Managing Software Packages

Understanding Linux package management

Understanding the differences between Debian and Snap packages

Installing and removing software

Searching for packages

Managing package repositories

Backing up and restoring Debian packages

Cleaning up orphaned apt packages

Taking advantage of hardware enablement updates

Further reading

Navigating and Essential Commands

Navigating and Essential Commands

Learning essential Linux commands

Understanding the Linux filesystem layout

Viewing the contents of files

Viewing application log files

Further reading

Managing Files and Directories

Managing Files and Directories

Copying, moving, and renaming files and directories

Editing files with the Nano and Vim text editors

Input and output streams

Using symbolic and hard links

Further reading

Boosting Your Command-line Efficiency

Boosting Your Command-line Efficiency

Understanding the Linux shell

Understanding Bash history

Learning some useful command-line tricks

Understanding variables

Writing simple scripts

Putting it all together – Writing an rsync backup script

Further reading

Controlling and Managing Processes

Controlling and Managing Processes

Understanding the ps command

Changing the priority of processes

Dealing with misbehaving processes

Managing system processes

Scheduling tasks with cron

Further reading

Monitoring System Resources

Monitoring System Resources

Viewing disk usage

Monitoring memory usage

Understanding load average

Viewing resource usage with htop

Further reading

Managing Storage Volumes

Managing Storage Volumes

Adding additional storage volumes

Formatting and partitioning storage devices

Mounting and unmounting volumes

Understanding the /etc/fstab file

Backing up and restoring volumes

Further reading

Connecting to Networks

Connecting to Networks

Setting the hostname

Managing network interfaces

Assigning static IP addresses

Understanding Linux name resolution

Getting started with OpenSSH

Getting started with SSH key management

Simplifying SSH connections with a config file

Further reading

Setting Up Network Services

Setting Up Network Services

Planning your IP address scheme

Setting up a DHCP server for serving IP addresses

Adding a DNS server

Setting up an internet gateway

Keeping your clock in sync with NTP

Further reading

Sharing and Transferring Files

Sharing and Transferring Files

File server considerations

Sharing files with Windows users via Samba

Setting up NFS shares

Transferring files with rsync

Transferring files with SCP

Mounting remote directories with SSHFS

Further reading

Managing Databases

Managing Databases

Preparations for setting up a database server

Installing MariaDB

Understanding the MariaDB configuration files

Managing MariaDB databases

Setting up a secondary database server

Further reading

Serving Web Content

Serving Web Content

Installing and configuring Apache

Installing additional Apache modules

Securing Apache with TLS

Installing and configuring NGINX

Setting up failover with keepalived

Setting up and configuring Nextcloud

Further reading

Automating Server Configuration with Ansible

Automating Server Configuration with Ansible

Understanding the need for configuration management

Creating a Git repository

Getting started with Ansible

Making your servers do your bidding

Putting it all together – automating web server deployment

Using Ansible's pull method

Further reading

Virtualization

Prerequisites and considerations

Setting up a virtual machine server

Creating virtual machines

Bridging the virtual machine network

Simplifying virtual machine creation with cloning

Managing virtual machines via the command line

Further reading

Running Containers

Running Containers

What is containerization?

Understanding the differences between Docker and LXD

Installing Docker

Managing Docker containers

Automating Docker image creation with Dockerfiles

Managing LXD containers

Further reading

Container Orchestration

Container Orchestration

Container orchestration

Preparing a lab environment for Kubernetes testing

Utilizing MicroK8s

Setting up a Kubernetes cluster

Deploying containers via Kubernetes

Further reading

Deploying Ubuntu in the Cloud

Deploying Ubuntu in the Cloud

Understanding the difference between on-premises and cloud infrastructure

Important considerations when considering cloud computing as a potential solution

Becoming familiar with some basic AWS concepts

Creating an AWS account

Choosing a region

Deploying Ubuntu as an AWS EC2 instance

Creating and deploying Ubuntu AMI images

Automatically scaling Ubuntu EC2 deployments with Auto Scaling

Keeping costs down: understanding how to save money and make cost-effective decisions

Taking cloud further: additional resources to grow your knowledge

Further reading

Automating Cloud Deployments with Terraform

Automating Cloud Deployments with Terraform

Why it's important to automate your infrastructure

Introduction to Terraform and how it can fit within your workflow

Installing Terraform

Automating an EC2 instance deployment

Managing security groups with Terraform

Using Terraform to destroy unused resources

Combining Ansible with Terraform for a full deployment solution

Securing Your Server

Securing Your Server

Lowering your attack surface

Understanding and responding to CVEs

Installing security updates

Automatically installing patches with the Canonical Livepatch service

Monitoring Ubuntu servers with Canonical's Landscape service

Securing OpenSSH

Installing and configuring Fail2ban

MariaDB best practices for secure database servers

Setting up a firewall

Encrypting and decrypting disks with LUKS

Locking down sudo

Further reading

Troubleshooting Ubuntu Servers

Troubleshooting Ubuntu Servers

Evaluating the scope

Conducting a root cause analysis

Viewing system logs

Tracing network issues

Troubleshooting resource issues

Diagnosing defective RAM

Further reading

Preventing Disasters

Preventing Disasters

Preventing disasters

Utilizing Git for configuration management

Implementing a backup plan

Replacing failed RAID disks

Utilizing bootable recovery media

Further reading

Another Book You May Enjoy

Another Book You May Enjoy

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Summary

In this chapter, we looked at the ways in which we can harden the security of our server. A single chapter or book can never give you an all-inclusive list of all the security settings you could possibly configure, but the examples we worked through in this chapter are a great starting point. Along the way, we looked at the concepts of lowering your attack surface, as well as the principle of least privilege. We also looked into securing OpenSSH, which is a common service that many attackers will attempt to use in their favor.

We also looked into Fail2ban, which is a handy daemon that can block other nodes when there are a certain number of authentication failures. We also discussed configuring our firewall, using the UFW utility. Since data theft is also unfortunately common, we covered encrypting our backup disks.

In the next chapter, we'll take a look at troubleshooting our server when things go wrong.