Module 7 of 16 · 📖 4 min read · ⏱ 45 min total

FUTO 07 Ubuntu Server (EN)

Table of contents (6 sections)

Concepts and Background
Architecture Diagram
Practical Steps
Common Pitfalls
Further Resources
Knowledge Check

FUTO 07 Ubuntu Server

In this module, you set up an Ubuntu Server as the foundation for your self-managed IT ecosystem. You will learn the basic installation, SSH access configuration, and securing your server environment. Upon completion of this module, you will have a functional and secure server that you can use as a basis for further services such as Nextcloud, Docker containers, or your own applications.

The practical exercises guide you step by step through essential configurations, from package management to firewall setup. You will acquire the knowledge to efficiently manage your server and protect it against common attack methods.

Concepts and Background

apt (Advanced Packaging Tool): The package management system for Debian-based distributions like Ubuntu. Enables the installation, updating, and removal of software packages with dependency resolution.
systemd: The init and system manager for modern Linux distributions. Manages all system services, startup scripts, and resources through a unified architecture with Units.
ufw (Uncomplicated Firewall): A simplified frontend for iptables that allows configuring firewall rules without deep iptables knowledge. Ideal for securing servers with clearly defined rules.
SSH Hardening: The securing of SSH access through configuration changes such as disabling password login, key authentication, port changes, and login restrictions to prevent automated attacks.
unattended-upgrades: An automated system for security updates that installs critical patches without manual intervention to ensure system stability and security.

Architecture Diagram

flowchart LR
  A[Internet] --> B[Ubuntu Server]
  B --> C[Firewall (ufw)]
  B --> D[SSH Access]
  B --> E[Applications]

Practical Steps

Install Ubuntu Server 22.04 LTS minimal with SSH server during installation. This reduces the attack surface from the start.
After the first login, ensure your system is up to date:
```
sudo apt update && sudo apt upgrade -y
```

Configure the firewall with basic rules:

sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw enable

Install and configure automatic updates:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

Create a dedicated user with sudo privileges:

sudo adduser adminuser
sudo usermod -aG sudo adminuser

Secure SSH access by editing the configuration:
```
sudo nano /etc/ssh/sshd_config
```
and set PasswordAuthentication to no.
Change the SSH port from 22 to another value (e.g., 2222) and disable root login:
```
sudo nano /etc/ssh/sshd_config
```
Reload the SSH configuration:
```
sudo systemctl reload sshd
```

Install and configure fail2ban to protect against brute force attacks:

sudo apt install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Set a secure hostname and configure static IP settings:

sudo hostnamectl set-hostname server01
sudo nano /etc/netplan/01-netcfg.yaml

Common Pitfalls

Tip: Before making any essential configuration changes, create a backup of the configuration files with

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

Further Resources

Ubuntu Server Documentation - Official guides for server installation and configuration
Ubuntu SSH Wiki - Comprehensive resources for SSH configuration and security
UFW Documentation - Official guide for firewall configuration
Securing Debian Manual - Detailed security policies for Debian-based systems
Unattended Upgrades GitHub - Source code and configuration examples for automatic updates

Knowledge Check

Four questions for self-assessment. Click on each question to see the correct answer and explanation.

Which tool enables the simplified configuration of firewall rules without deep iptables knowledge?

A) systemd
B) ufw
C) apt
D) unattended-upgrades

Correct Answer: B. ufw (Uncomplicated Firewall) is a simplified frontend for iptables that allows configuring firewall rules without deep iptables knowledge. systemd is an init and system manager, apt is for package management, and unattended-upgrades automates security updates.

Which measure is NOT part of SSH hardening to secure server access?

A) Disabling password login
B) Using key authentication
C) Enabling root login via SSH
D) Changing the default SSH port

Correct Answer: C. Enabling root login via SSH is insecure and contradicts SSH hardening. The other options are proven security measures: disabling password login, using key authentication, and changing the SSH port reduce the attack surface.

What is the main function of systemd in an Ubuntu Server?

A) Package management and software installation
B) Management of system services and startup scripts
C) Configuration of network interfaces
D) Automated installation of security updates

Correct Answer: B. systemd is the init and system manager that handles all system services, startup scripts, and resources through a unified architecture with Units.