| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| secure_ubuntu_system:decisions_to_make [2020/05/19 11:58] – [Decide on settings for the External Network (WAN), the one connected to the internet] peter | secure_ubuntu_system:decisions_to_make [2022/07/19 09:37] (current) – [Decide on settings for the Administrator] 85.203.36.237 |
|---|
| ====== Secure Ubuntu Server - Decisions to Make ====== | ====== Secure Ubuntu Server - Decisions to Make ====== |
| | |
| | {{:secure_ubuntu_system:decision.png?100|}} |
| |
| <WRAP important> | <WRAP important> |
| **IMPORTANT:** Items in <color red>**RED**</color> should be changed to meet your requirements. | **IMPORTANT:** Items in <color red>**RED** </color> should be changed to meet your requirements. |
| </WRAP> | </WRAP> |
| |
| |
| <WRAP important> | <WRAP important> |
| **IMPORTANT**: Do not use the user-name **admin** for the Administrator Username as it is a reserved name on Ubuntu. | **IMPORTANT**: Do not use the username **admin** for the Administrator Username as it is a reserved name on Ubuntu. |
| </WRAP> | </WRAP> |
| |
| </WRAP> | </WRAP> |
| |
| <WRAP tip> | |
| |
| ==== IPv6 ==== | ==== IPv6 ==== |
| |External IPv6 DNS Server 2|<color red>2001:4860:4860::8888</color>| | | |External IPv6 DNS Server 2|<color red>2001:4860:4860::8888</color>| | |
| |
| | <WRAP info> |
| **NOTE**: <color red>2001:4860:4860::8844</color> and <color red>2001:4860:4860::8844</color> are Google's public IPv6 DNS servers. | **NOTE**: <color red>2001:4860:4860::8844</color> and <color red>2001:4860:4860::8844</color> are Google's public IPv6 DNS servers. |
| </WRAP> | </WRAP> |
| | |
| | |
| |
| ---- | ---- |
| |/boot|/boot|<color red>1 GB</color>|**boot volume** - This will remain static in size. It is also the only space residing outside the Logical Volume Manager (LVM).| | |/boot|/boot|<color red>1 GB</color>|**boot volume** - This will remain static in size. It is also the only space residing outside the Logical Volume Manager (LVM).| |
| |
| **NOTE**: Recent versions of Linux and Ubuntu do support having the /boot volume within the LVM. See Grub2. https://wiki.archlinux.org/index.php/GRUB2#LVM | <WRAP info> |
| | **NOTE**: Recent versions of Linux and Ubuntu do support having the /boot volume within the LVM. |
| | |
| | See Grub2. https://wiki.archlinux.org/index.php/GRUB2#LVM |
| | </WRAP> |
| |
| |
| |
| ^ Volume ^ FileSystem ^ Volume Size ^ Comments ^ | ^ Volume ^ FileSystem ^ Volume Size ^ Comments ^ |
| | /dev/vg01/swap | swap | <color red>4 GB</color> | **swap volume** – Initially set to 4GB. This should remain static in size, however, if the amount of RAM is adjusted, this should be adjusted as well. See note below on recommended swap space. | | |
| | /dev/vg01/root | / | <color red>2 GB</color> | **root volume** - Operating system and everything else which should remain fairly static. | | | /dev/vg01/root | / | <color red>2 GB</color> | **root volume** - Operating system and everything else which should remain fairly static. | |
| | /dev/vg01/usr | /usr | <color red>2 GB</color> | **usr volume** - Contains by far the largest share of data in the system. | | | /dev/vg01/usr | /usr | <color red>2 GB</color> | **usr volume** - Contains by far the largest share of data in the system. | |
| | /dev/vg01/sharewiz | /sharewiz | <color red>0.5 GB</color> | **sharewiz volume** - This will contain scripts used to administer the system, and should remain fairly static. | | | /dev/vg01/sharewiz | /sharewiz | <color red>0.5 GB</color> | **sharewiz volume** - This will contain scripts used to administer the system, and should remain fairly static. | |
| |
| <WRAP tip> | |
| | <WRAP info> |
| | **NOTE:** Swap partitions are no longer used by default. Instead Swap files are used. |
| | |
| | However if using a system that still uses Swap Partitions then also include an allocation for this too as such: |
| | |
| | ^ Volume ^ FileSystem ^ Volume Size ^ Comments ^ |
| | | /dev/vg01/swap | swap | <color red>4 GB</color> | **swap volume** – Initially set to 4GB. This should remain static in size, however, if the amount of RAM is adjusted, this should be adjusted as well. See note below on recommended swap space. | |
| | |
| | </WRAP> |
| | |
| | |
| | |
| | <WRAP info> |
| **NOTE**: Even though the above sizes will fill most of a 20GB hard drive, it it __recommended__ to still use the same sizes even if you have a far bigger drive. The system will be set to auto grow the necessary partitions as required. | **NOTE**: Even though the above sizes will fill most of a 20GB hard drive, it it __recommended__ to still use the same sizes even if you have a far bigger drive. The system will be set to auto grow the necessary partitions as required. |
| |
| The exception to this is for the **/var** partition, which could be made much bigger if you know for instance that a large database will be installed into it. | The exception to this is for the **/var** partition, which could be made much bigger from the start if you know for instance that a large database will be installed into it. |
| |
| If you do increase the size of the **/var** partition then remember to also increase the size of the **/backup** partition accordingly. | If you do increase the size of the **/var** partition then remember to also increase the size of the **/backup** partition accordingly. |
| |
| ===== Recommended Swap Space ===== | ===== Recommended Swap Space ===== |
| | |
| | <WRAP info> |
| | **NOTE:** Swap partitions are no longer used by default. Instead Swap files are used. |
| | |
| | However if using a system that still uses Swap Partitions then consider the following recommendations. |
| | |
| | </WRAP> |
| | |
| |
| Historically, swap space was set to twice the amount of memory. However that was against systems with very little memory. Today’s systems have a lot more memory, so new rules apply as to the amount of recommended swap to have. | Historically, swap space was set to twice the amount of memory. However that was against systems with very little memory. Today’s systems have a lot more memory, so new rules apply as to the amount of recommended swap to have. |
| |
| |
| **NOTE**: When the logical volumes and file systems are initially created, they consume the maximum amount of space allocated so that the file system size will initially equal the logical volume size. These partition sizes above are artificially small for that reason. These will be later modified so that the logical volume will be larger than the file system so that the file system has room to expand when needed in a safe and automated manner. | <WRAP info> |
| | **NOTE**: When the logical volumes and file systems are initially created, they consume the maximum amount of space allocated so that the file system size will initially equal the logical volume size. |
| | |
| | These partition sizes above are artificially small for that reason. |
| | |
| | These will be later modified so that the logical volume will be larger than the file system so that the file system has room to expand when needed in a safe and automated manner. |
| | |
| | </WRAP> |
| |
| ---- | ---- |
| The **/tmp** folder is strictly temporary. By default, each time the server reboots, this folder is deleted and re-created. | The **/tmp** folder is strictly temporary. By default, each time the server reboots, this folder is deleted and re-created. |
| |
| The **/backup** folder will retain the most recent backup and is considered the "local" copy of the backup. | The **/backup** folder will retain the most recent backup and is considered the "local" copy of the backup. |
| |
| ---- | ---- |
