Book Image

Mastering Ubuntu Server - Second Edition

By : Jay LaCroix

Book Image

Mastering Ubuntu Server - Second Edition

By: Jay LaCroix

Overview of this book

Ubuntu Server has taken the data centers by storm. Whether you're deploying Ubuntu for a large-scale project or for a small office, it is a stable, customizable, and powerful Linux distribution that leads the way with innovative and cutting-edge features. For both simple and complex server deployments, Ubuntu's flexible nature can be easily adapted to meet to the needs of your organization. With this book as your guide, you will learn all about Ubuntu Server, from initial deployment to creating production-ready resources for your network. The book begins with the concept of user management, group management, and filesystem permissions. Continuing into managing storage volumes, you will learn how to format storage devices, utilize logical volume management, and monitor disk usage. Later, you will learn how to virtualize hosts and applications, which will cover setting up KVM/QEMU, as well as containerization with both Docker and LXD. As the book continues, you will learn how to automate configuration with Ansible, as well as take a look at writing scripts. Lastly, you will explore best practices and troubleshooting techniques when working with Ubuntu Server that are applicable to real-world scenarios. By the end of the book, you will be an expert Ubuntu Server administrator who is well-versed in its advanced concepts.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Deploying Ubuntu Server

Deploying Ubuntu Server

Technical requirements

Setting up our lab

Determining your server's role

Deciding between 32- and 64-bit installations

Obtaining Ubuntu Server installation media

Creating a bootable Ubuntu Server flash drive

Planning the partitioning layout

Installing Ubuntu Server

Installing Ubuntu Server on Raspberry Pi 3

Further reading

Managing Users

Understanding when to use root

Creating and removing users

Understanding the /etc/passwd and /etc/shadow files

Distributing default configuration files with /etc/skel

Switching users

Managing groups

Managing passwords and password policies

Configuring administrator access with sudo

Setting permissions on files and directories

Further reading

Managing Storage Volumes

Managing Storage Volumes

Understanding the Linux filesystem

Using symbolic and hard links

Viewing disk usage

Adding additional storage volumes

Partitioning and formatting volumes

Mounting and unmounting volumes

Understanding the /etc/fstab file

Utilizing LVM volumes

Understanding RAID

Further reading

Connecting to Networks

Connecting to Networks

Setting the hostname

Managing network interfaces

Assigning static IP addresses

Understanding NetworkManager

Understanding Linux name resolution

Getting started with OpenSSH

Getting started with SSH key management

Simplifying SSH connections with a config file

Further reading

Managing Software Packages

Managing Software Packages

Understanding Linux package management

Taking advantage of hardware enablement updates

Understanding the differences between Debian and Snap packages

Installing and removing software

Searching for packages

Managing package repositories

Backing up and restoring Debian packages

Cleaning up orphaned apt packages

Making use of Aptitude

Controlling and Monitoring Processes

Controlling and Monitoring Processes

Showing running processes with the ps command

Dealing with misbehaving processes

Managing system processes

Monitoring memory usage

Scheduling tasks with cron

Understanding load average

Further reading

Setting Up Network Services

Setting Up Network Services

Planning your IP address scheme

Serving IP addresses with isc-dhcp-server

Setting up DNS with bind

Creating a secondary (slave) DNS server

Setting up an internet gateway

Keeping your clock in sync with NTP

Further reading

Sharing and Transferring Files

Sharing and Transferring Files

File server considerations

Sharing files with Windows users via Samba

Setting up NFS shares

Transferring files with rsync

Transferring files with scp

Mounting remote directories with SSHFS

Further reading

Managing Databases

Managing Databases

Preparations for setting up a database server

Installing MariaDB

Understanding the MariaDB configuration files

Managing MariaDB databases

Setting up a slave database server

Serving Web Content

Serving Web Content

Installing and configuring Apache

Installing additional Apache modules

Securing Apache with SSL

Installing and configuring NGINX

Setting up failover with keepalived

Setting up and configuring Nextcloud

Further reading

Learning Advanced Shell Techniques

Learning Advanced Shell Techniques

Understanding the Linux shell

Understanding Bash history

Learning some useful command-line tricks

Redirecting output

Understanding variables

Writing simple scripts

Putting it all together: Writing an rsync backup script

Further reading

Virtualization

Setting up a virtual machine server

Creating virtual machines

Bridging the virtual machine network

Simplifying virtual machine creation with cloning

Managing virtual machines via the command line

Further reading

Running Containers

Running Containers

What is containerization?

Understanding the differences between Docker and LXD

Installing Docker

Managing Docker containers

Automating Docker image creation with Dockerfiles

Managing LXD containers

Further reading

Automating Server Configuration with Ansible

Automating Server Configuration with Ansible

Understanding the need for configuration management

Creating a Git repository

Getting started with Ansible

Making your servers do your bidding

Putting it all together – Automating web server deployment

Using Ansible's pull method

Further reading

Securing Your Server

Securing Your Server

Lowering your attack surface

Understanding and responding to CVEs

Installing security updates

Automatically installing patches with the Canonical Livepatch service

Monitoring Ubuntu servers with Canonical's Landscape service

Securing OpenSSH

Installing and configuring Fail2ban

MariaDB best practices for secure database servers

Setting up a firewall

Encrypting and decrypting disks with LUKS

Locking down sudo

Further reading

Troubleshooting Ubuntu Servers

Troubleshooting Ubuntu Servers

Evaluating the problem space

Conducting a root cause analysis

Viewing system logs

Tracing network issues

Troubleshooting resource issues

Diagnosing defective RAM

Preventing and Recovering from Disasters

Preventing and Recovering from Disasters

Preventing disasters

Utilizing Git for configuration management

Implementing a backup plan

Replacing failed RAID disks

Utilizing bootable recovery media

Further Reading

Using the Alternate Installer

Using the Alternate Installer

Obtaining the Alternate Installer

Installing via the Alternate Installer

Setting up software RAID

Assessments

Chapter 1 – Deploying Ubuntu Server

Chapter 2 – Managing Users

Chapter 3 – Managing Storage Volumes

Chapter 4 – Connecting to Networks

Chapter 5 – Managing Software Packages

Chapter 6 – Controlling and Monitoring Processes

Chapter 7 – Setting Up Network Services

Chapter 8 - Accessing and sharing files

Chapter 9 - Sharing and Transferring Files

Chapter 10 – Serving Web Content

Chapter 11 – Learning Advanced Shell Techniques

Chapter 12 – Virtualization

Chapter 13 – Running Containers

Chapter 14 – Automating Server Configuration with Ansible

Chapter 15 – Securing Your Server

Chapter 16 – Troubleshooting Ubuntu Servers

Chapter 17 – Preventing and Recovering from Disasters

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Chapter 15 – Securing Your Server

This stands for Common Vulnerabilities and Exposures, and is a database containing lists of known exploits and vulnerabilities for a given platform, along with scope of the issue and mitigation steps (if known)
Livepatch
jail.conf, jail.local
Disable password authentication, disable root login, place it behind a firewall, change the default port, set up an allowed users or groups list
The principle of least privilege refers to giving users only the permissions to resources they absolutely need for their job, thus limiting the scope if they make a mistake

netstat -tulpn
cryptsetup
Custom graphs, hardware information, reports, or any other feature not mentioned