Book Image

Mastering Ubuntu Server - Second Edition

By : Jay LaCroix
Book Image

Mastering Ubuntu Server - Second Edition

By: Jay LaCroix

Overview of this book

Ubuntu Server has taken the data centers by storm. Whether you're deploying Ubuntu for a large-scale project or for a small office, it is a stable, customizable, and powerful Linux distribution that leads the way with innovative and cutting-edge features. For both simple and complex server deployments, Ubuntu's flexible nature can be easily adapted to meet to the needs of your organization. With this book as your guide, you will learn all about Ubuntu Server, from initial deployment to creating production-ready resources for your network. The book begins with the concept of user management, group management, and filesystem permissions. Continuing into managing storage volumes, you will learn how to format storage devices, utilize logical volume management, and monitor disk usage. Later, you will learn how to virtualize hosts and applications, which will cover setting up KVM/QEMU, as well as containerization with both Docker and LXD. As the book continues, you will learn how to automate configuration with Ansible, as well as take a look at writing scripts. Lastly, you will explore best practices and troubleshooting techniques when working with Ubuntu Server that are applicable to real-world scenarios. By the end of the book, you will be an expert Ubuntu Server administrator who is well-versed in its advanced concepts.
Table of Contents (21 chapters)

Locking down sudo

We've been using the sudo command throughout the book. In fact, we took a deeper look at it during Chapter 2, Managing Users. Therefore, I won't go into too much detail regarding sudo here, but some things bear repeating as sudo has a direct impact on security.

First and foremost, access to sudo should be locked down as much as possible. A user with full sudo access is a threat, plain and simple. All it would take is for someone with full sudo access to make a single mistake with the rm command to cause you to lose data or render your entire server useless. After all, a user with full sudo access can do anything root can do (which is everything).

By default, the user you've created during installation will be made a member of the sudo group. Members of this group have full access to the sudo command. Therefore, you shouldn't make any users...