Differences

This shows you the differences between two versions of the page.

--- secure_ubuntu_system:initial_setup [2020/05/19 13:36] – [Configure the network] peter
+++ secure_ubuntu_system:initial_setup [2022/07/19 10:21] (current) – [Configure the network] 85.203.36.242
@@ Line 1: / Line 1: @@
 ====== Secure Ubuntu System - First Configuration ======
+{{:secure_ubuntu_system:first_config.png?100|}}
 ===== Login =====
@@ Line 5: / Line 7: @@
 Login to the newly installed system with your previously created Administrator's username and password (e.g. <color red>administrator</color> and <color red>adminpass</color>).
+----
 ===== Get root privileges (Optional) =====
@@ Line 57: / Line 60: @@
 </code>
-This is done for safety.  If the file becomes messed up the original can be restored.
+<WRAP info>
+**NOTE:**  This is done for safety.  If the file becomes messed up the original can be restored.
+</WRAP>
 ----
@@ Line 126: / Line 132: @@
 <WRAP warning>
-**WARNING**: You cannot edit **/etc/resolv.conf** directly any more to add in nameservers.  Instead you need to specify your nameservers in your network configuration.  Use the command **man resolveconf** to find out more.
+**WARNING**: You cannot edit **/etc/resolv.conf** directly any more to add in nameservers.
-Traditionally, the file /etc/resolv.conf was a static configuration file that rarely needed to be changed or automatically changed via DCHP client hooks.  Nowadays, a computer can switch from one network to another quite often and the resolvconf framework is now being used to track these changes and update the resolver's configuration automatically.  It acts as an intermediary between programs that supply nameserver information and applications that need nameserver information.  Resolvconf gets populated with information by a set of hook scripts related to network interface configuration.  The most notable difference for the user is that any change manually done to /etc/resolv.conf will be lost as it gets overwritten each time something triggers resolvconf.  Instead, resolvconf uses DHCP client hooks, and /etc/network/interfaces to generate a list of nameservers and domains to put in /etc/resolv.conf.
+Instead you need to specify your nameservers in your network configuration.  Use the command **man resolveconf** to find out more.
+  * Traditionally, the file **/etc/resolv.conf** was a static configuration file that rarely needed to be changed or automatically changed via DCHP client hooks.
+  * Nowadays, a computer can switch from one network to another quite often and the resolvconf framework is now being used to track these changes and update the resolver's configuration automatically.
+  * It acts as an intermediary between programs that supply nameserver information and applications that need nameserver information.
+  * Resolvconf gets populated with information by a set of hook scripts related to network interface configuration.
+  * The most notable difference for the user is that any change manually done to /etc/resolv.conf will be lost as it gets overwritten each time something triggers resolvconf.
+  * Instead, resolvconf uses DHCP client hooks, and /etc/network/interfaces to generate a list of nameservers and domains to put in /etc/resolv.conf.
 </WRAP>
 <WRAP info>
-You may need to manually remove the DHCP record (lease) associated to this Ubuntu server from your DHCP server so the correct IP can be found by other machines on the network.  Use the command **dhclient -r** for this.
+**NOTE:**  You may need to manually remove the DHCP record (lease) associated to this Ubuntu server from your DHCP server so the correct IP can be found by other machines on the network.
+Use the command **dhclient -r** for this.
 You might also need to manually add a **HOST(A)** record to your DNS server (for <color red>server1.sharewiz.net</color>).
@@ Line 140: / Line 155: @@
 Lines beginning with the word **auto** are used to identify the physical interfaces to be brought up when **ifup** is run with the **-a** option.  (This option is used by the system boot scripts.)  Physical interface names should follow the word **auto** on the same line.
 </WRAP>
+----
 ===== Enable packet forwarding by the kernel =====
@@ Line 160: / Line 178: @@
 </file>
-To uncomment the line, simply remove the hash mark # from the front of the line.
+<WRAP info>
+**NOTE:**  To uncomment the line, simply remove the hash mark # from the front of the line.
+</WRAP>
 IP forwarding essentially turns your server into a router, and can be used as the server has multiple Network Interfaces (NICs).  It allows traffic from the internal network to be routed through the external network and vice-versa.  If traffic comes in on one network interface that matches a subnet of another network interface, that traffic will be forwarded to the other network interface.
@@ Line 171: / Line 192: @@
 <WRAP safety>
-**SAFETY**:  When doing routing, security is a very important consideration.  It is essential that fire-walling and security measures are in place.  These requirements will be covered through instructions later on in this setup guide.
+**SAFETY**:  When doing routing, security is a very important consideration.
+It is essential that fire-walling and security measures are in place.
+These requirements will be covered through instructions later on in this setup guide.
 </WRAP>
+----
 ===== Refresh sysctl =====
@@ Line 184: / Line 211: @@
 **sysctl** is used to modify kernel parameters at runtime.
+----
 ===== Restart the Network =====
@@ Line 225: / Line 253: @@
 </code>
 </WRAP>
+----
 ===== Check the network interfaces =====
@@ Line 259: / Line 289: @@
 eth1: no autonegotiation, 1000baseT-FD flow-control, link ok
 </code>
-Ensure that all interfaces are shown.  If not, then revisit the above config changes around the network.
 In the example output above, we can see that both eth0 and eth1 have been picked up, so all well.
+<WRAP info>
+**NOTE:**  Ensure that all interfaces are shown.  If not, then revisit the above config changes around the network.
+</WRAP>
+----
 ===== Setup the Network Hosts File =====
@@ Line 300: / Line 334: @@
 One of the lines for each NIC should show **UP BROADCAST RUNNING MULTICAST**.
+----
 ===== Check the network is working =====
@@ Line 347: / Line 382: @@
 </code>
 </WRAP>
+----
 ===== Set the hostname =====
@@ Line 355: / Line 393: @@
 </code>
+----
 ===== Restart the System =====
@@ Line 366: / Line 405: @@
 Once the system is rebooted simply login again and issue the **sudo -i** command to continue implementing the system.
+----
 ===== Check the Network Settings =====
@@ Line 384: / Line 424: @@
 Both should show <color red>server1.sharewiz.net</color> now.
+----
 ===== Use an SSH Client from now on =====
@@ Line 393: / Line 434: @@
 Examples of SSH Clients include Putty.
+----
 ===== Login using a SSH Client =====
@@ Line 410: / Line 452: @@
 Go ahead and type **yes**, and then enter the password of the administrator, <color red>adminpass</color>.
+----
 ===== Continue =====