Differences

This shows you the differences between two versions of the page.

--- secure_ubuntu_system:initial_configuration [2016/12/07 16:07] – peter
+++ secure_ubuntu_system:initial_configuration [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 22: / Line 22: @@
 Go ahead and type **yes**, and then enter the password of the administrator, <color red>adminpass</color>.
+----
 ===== Get root privileges (Optional) =====
@@ Line 58: / Line 59: @@
 </code>
 </WRAP>
+----
 ===== Update APT Sources =====
@@ Line 131: / Line 134: @@
 </file>
+<WRAP info>
 **NOTE**:  The Ubuntu version and name may differ in the file, depending on what version of Ubuntu is being used.
+</WRAP>
 Save the file, then issue the following command:
@@ Line 162: / Line 168: @@
   * http://wiki.debian.org/Aptitude
 </WRAP>
+----
 ===== Enable Automatic Security Updates (optional) =====
@@ Line 186: / Line 194: @@
 </file>
+----
 ==== Customize automatic updates ====
@@ Line 209: / Line 218: @@
 </file>
+----
 ==== Reference ====
@@ Line 215: / Line 225: @@
+----
 ===== Upgrading Ubuntu Server to latest LTS version (optional) =====
@@ Line 228: / Line 239: @@
 This is a good option.  The important thing is knowing for certain that you can restore/recreate the server in case the upgraded server is not left in a bootable, usable condition.
+----
 ==== Install the Upgrade Manager ====
@@ Line 235: / Line 247: @@
 </code>
+----
 ==== Double-check Configuration File ====
@@ Line 256: / Line 269: @@
 </file>
+----
 ==== Run the Upgrade Manager ====
@@ Line 285: / Line 299: @@
+----
 ===== Update VIM =====
@@ Line 298: / Line 312: @@
 To update to the full vim package, install **vim-nox**. Of course, different text editor such as joe or nano can be installed as well.
+----
@@ Line 318: / Line 334: @@
 </code>
+----
 ==== Create and Enable the Swap File ====
@@ Line 363: / Line 380: @@
 |count=512k|Copy only 524288 BLOCKS input blocks.  This is the size of the swap file.|
+----
 ==== Prepare the swap file by creating a Linux swap area ====
@@ Line 376: / Line 394: @@
 no label, UUID=265d3e61-6e2b-4126-baba-6e6185e97b46
 </code>
+----
 ==== Activate the swap file ====
@@ Line 427: / Line 447: @@
 |100|The kernel will swap aggressively.|
 </WRAP>
+----
 ==== Secure SWAP ====
@@ Line 440: / Line 462: @@
+----
 ===== Change the Default Shell =====
@@ Line 457: / Line 479: @@
+----
 ===== Synchronize the System Clock =====
@@ Line 514: / Line 536: @@
 <WRAP important>
 **ALERT**:  Ubuntu offers two ways of updating the time, i.e. **ntpdate** and **ntpd**.  ntpdate is a bit of a blunt instrument - it adjusts the time in one big correction.  The ntp daemon ntpd is far more subtle.  It calculates the drift of your system clock and continuously adjusts it, so there are no large corrections that could lead to inconsistent logs for instance.  The cost of using ntpd against ntpdate is a little processing power and memory, but for a modern server this is negligible, however ntpd runs as a //service//.
 <WRAP caution>
 Note that for PCI-DSS compliance, we should not be running NTP as a service, unless this specific server is going to be used as a NTP server.  The reason being that PCI-DSS stipulates that each server in the network should only run a single external service, and as NTP could be classified as a service, this same server could not then be used for any other service, such as MySql.
-</WRAP>
 </WRAP>
-<WRAP info>
 If we don't want this to run as a service, we should only use ntpdate.
@@ Line 582: / Line 603: @@
 </WRAP>
+----
 ==== Update crontab times ====
@@ Line 622: / Line 644: @@
 This also helps with log rotation, in that new daily logs are started at the beginning of each day instead of at 6am.
-**NOTE**:  Slight differences between the minutes of each individual cron job could ensure that jobs run by different parts of cron don’t conflict.
+<WRAP info>
+**NOTE**:  Slight differences between the minutes of each individual cron job could ensure that jobs run by different parts of cron don’t conflict.
+</WRAP>
+----
 ====== Add Global Aliases ======
@@ Line 631: / Line 657: @@
 Global Aliases would normally be added to the **/etc/profile** file, but it’s cleaner to have a separate file for the aliases.
+<WRAP info>
 **NOTE**:  A user can overwrite the global aliases if needed by defining their own aliases within their .bashrc,  .bash_aliases,  or .profile files within their own home directories.
+</WRAP>
 To see what aliases are currently defined use the **alias** command.  To disable an alias in your current shell, use **unalias** name.  An alias can be temporarily disabled in the current command by prefixing the alias name with a \.  For example: \ls.
@@ Line 642: / Line 671: @@
 and add the following to the file:
-# Instruct bash to expand the arguments to aliases.
 <file bash /etc/profile.d/bash_aliases.sh>
+# Instruct bash to expand the arguments to aliases.
 shopt -s expand_aliases
@@ Line 886: / Line 914: @@
 </code>
+----
 ===== Add Global Functions =====
@@ Line 895: / Line 924: @@
 Global Functions would normally be added to the **/etc/profile** file, but it’s cleaner to have a separate file for the functions.
+<WRAP info>
 **NOTE**:  A user can overwrite the global functions if needed by define their own functions within their .bashrc,  .bash_aliases,  or .profile files within their own home directories.
+</WRAP>
 Issue the following command:
@@ Line 1590: / Line 1622: @@
+----
 ===== Allow colour prompts for the administrator (highly recommended) =====
@@ Line 1607: / Line 1641: @@
 This functionality is not required, but does makes it a lot easier to see what’s going on, so recommended.
+----
 ===== Restart the System =====
@@ Line 1618: / Line 1653: @@
 ...and log back in using a SSH client, such as Putty.
+----
 ===== Login using a SSH Client =====
@@ Line 1635: / Line 1671: @@
 Go ahead and type **yes**, and then enter the password of the administrator, <color red>adminpass</color>.
+----
+===== Continue =====
+Continue to [[Secure Ubuntu System:Base Security]]