Book Image

Mastering Ubuntu Server - Second Edition

By : Jay LaCroix
Book Image

Mastering Ubuntu Server - Second Edition

By: Jay LaCroix

Overview of this book

Ubuntu Server has taken the data centers by storm. Whether you're deploying Ubuntu for a large-scale project or for a small office, it is a stable, customizable, and powerful Linux distribution that leads the way with innovative and cutting-edge features. For both simple and complex server deployments, Ubuntu's flexible nature can be easily adapted to meet to the needs of your organization. With this book as your guide, you will learn all about Ubuntu Server, from initial deployment to creating production-ready resources for your network. The book begins with the concept of user management, group management, and filesystem permissions. Continuing into managing storage volumes, you will learn how to format storage devices, utilize logical volume management, and monitor disk usage. Later, you will learn how to virtualize hosts and applications, which will cover setting up KVM/QEMU, as well as containerization with both Docker and LXD. As the book continues, you will learn how to automate configuration with Ansible, as well as take a look at writing scripts. Lastly, you will explore best practices and troubleshooting techniques when working with Ubuntu Server that are applicable to real-world scenarios. By the end of the book, you will be an expert Ubuntu Server administrator who is well-versed in its advanced concepts.
Table of Contents (21 chapters)

Lowering your attack surface

After setting up a new server, an administrator should always perform a security check to ensure that it's as secure as it can possibly be. No administrator can think of everything, and even the best among us can make a mistake, but it's always important that we do our best to ensure we secure a server as much as we can. There are many ways you can secure a server, but the first thing you should do is lower your attack surface. This means that you should close as many holes as you can, and limit the number of things that outsiders can potentially be able to access. In a nutshell, if it's not required to be available from the outside, lock it down. If it's not necessary at all, remove it.

To start inspecting your attack surface, the first thing you should do is see which ports are listening for network connections. When an attacker...