7. Configure The Network
Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.2.251 and the DNS servers 192.168.1.200, 192.168.1.225 and 8.8.8.8 - starting with Ubuntu 12.04, you cannot edit /etc/resolv.conf directly anymore, but have to specify your nameservers in your network configuration - see
man resolvconf
for more details):
vi /etc/network/interfaces# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.2.251
netmask 255.255.255.0
network 192.168.2.251
broadcast 192.168.2.255
gateway 192.168.2.254
dns-nameservers 192.168.1.200 192.168.1.225 8.8.8.8
|
Then restart your network:
service networking restart
Then edit /etc/hosts. Make it look like this:
vi /etc/hosts127.0.0.1 localhost 192.168.2.251 server1.example.com server1 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters |
Now run
echo server1.example.com > /etc/hostname
service hostname restart
Afterwards, run
hostname
hostname -f
Both should show server1.example.com now.
8. Edit /etc/apt/sources.list And Update Your Linux Installation
Edit /etc/apt/sources.list. Comment out or remove the installation CD from the file and make sure that the universe and multiverse repositories are enabled. It should look like this:
vi /etc/apt/sources.list# # deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64 (20140416.2)]/ trusty main restricted #deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64 (20130423.2)]/ trusty main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://de.archive.ubuntu.com/ubuntu/ trusty main restricted deb-src http://de.archive.ubuntu.com/ubuntu/ trusty main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates main restricted deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://de.archive.ubuntu.com/ubuntu/ trusty universe deb-src http://de.archive.ubuntu.com/ubuntu/ trusty universe deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates universe deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://de.archive.ubuntu.com/ubuntu/ trusty multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ trusty multiverse deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http://de.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse deb http://security.ubuntu.com/ubuntu trusty-security main restricted deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted deb http://security.ubuntu.com/ubuntu trusty-security universe deb-src http://security.ubuntu.com/ubuntu trusty-security universe deb http://security.ubuntu.com/ubuntu trusty-security multiverse deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. # deb http://archive.canonical.com/ubuntu trusty partner # deb-src http://archive.canonical.com/ubuntu trusty partner ## Uncomment the following two lines to add software from Ubuntu's ## 'extras' repository. ## This software is not part of Ubuntu, but is offered by third-party ## developers who want to ship their latest software. # deb http://extras.ubuntu.com/ubuntu trusty main # deb-src http://extras.ubuntu.com/ubuntu trusty main |
Then run
apt-get update
to update the apt package database and
apt-get upgrade
to install the latest updates (if there are any). If you see that a new kernel gets installed as part of the updates, you should reboot the system afterwards:
reboot9. Change The Default Shell
/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:
dpkg-reconfigure dash
Use dash as the default system shell (/bin/sh)? <-- No
If you don't do this, the ISPConfig installation will fail.
10. Disable AppArmor
AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).
We can disable it like this:
service apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils11. Synchronize the System Clock
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run
apt-get install ntp ntpdate
and your system time will always be in sync.
0 good:
Post a Comment