User Tools

Site Tools


secure_ubuntu_system:decisions_to_make

Secure Ubuntu Server - Decisions to Make

IMPORTANT: Items in RED should be changed to meet your requirements.

Decide on settings for the Administrator

Each server should have a primary administrator. This person is ultimately responsible for the administration and maintenance of the server.

ItemDetailsComments
Administrator UsernameadministratorThis is the user-name of the primary administrator.
Administrator PasswordadminpassThis is the password of the primary administrator. It's best to use a combination of letters, numbers and other characters.
Administrator GroupadminThis is the group that all administrators will belong to.

IMPORTANT: Do not use the username admin for the Administrator Username as it is a reserved name on Ubuntu.


Decide on settings for the Server

ItemDetailsComments
Server Nameserver1This is the name of the server.
Domain Namesharewiz.netThis is the name of the network domain.
Hostnameserver1.sharewiz.netThis is the host name.

Decide on settings for the External Network (WAN), the one connected to the internet

ItemDetailsComments
Interfaceem1The name of the interface. eth0 is often the 1st interface.
IPv4 Address192.168.1.2The IPv4 address.
IP Subnet Mask255.255.255.0
Broadcast192.168.1.255
Network192.168.1.0
Gateway192.168.1.1The IPv4 address of the router.

NOTE: The IP Address, Subnet Mask and Gateway will probably be provided by your ISP if you have a static IP Address.

If the IP address is returned by your router's DHCP server, then use those settings instead.


IPv6

If IPv6 is going to be used then the following additional settings will be needed:

ItemDetailsComments
Interfaceem1The name of the interface. eth0 is often the 1st interface.
IPv6 Address1234:f000:2001:000a:0000:0000:0000:0010/64The IPv6 address.
IPv6 Gateway1234:f000:2001:000a:0000:0000:0000:0001The IPv6 address of the router.

Decide on settings for the Internal Network (LAN)

ItemDetailsComments
Interfaceem2The name of the interface. eth1 is often the 2nd interface.

If the system only has one network interface, then an alias of the primary network interface could be used as the second interface in place of the real interface throughout this document unless specifically indicated otherwise.
For example eth0:0.
IP Address192.168.0.2The IP address.
IP Subnet Mask255.255.255.0
Broadcast192.168.0.255
Network192.168.0.0

NOTE: Do not include a Gateway option onto the internal interface.

With it in there, and being the 2nd default gateway that gets configured, it will likely replace or override the 1st gateway on eth0 when the system is initialized, and that path won't work through the router.


Decide on the External NameServers (WAN), the ones connected to the internet

Multiple DNS servers are recommended to support if one goes down.

[todo: add in a description of what a nameserver is]

ItemDetailsComments
External DNS Server 18.8.8.8
External DNS Server 28.8.4.4

NOTE: 8.8.8.8 and 8.8.4.4 are Google's DNS servers.

If you wish to use your ISP's DNS servers, use them here instead of Google's servers.

208.67.222.222 and 208.67.220.220 could also be used. They are the OpenDNS' DNS servers.

IPv6

If using IPv6 then additional IPv6 DNS servers will be needed:

ItemDetailsComments
External IPv6 DNS Server 12001:4860:4860::8844
External IPv6 DNS Server 22001:4860:4860::8888

NOTE: 2001:4860:4860::8844 and 2001:4860:4860::8844 are Google's public IPv6 DNS servers.


Decide on the Internal NameServers (LAN), the ones connected to the internal network

Multiple DNS servers are recommended to support if one goes down.

ItemDetailsComments
Internal DNS Server 1192.168.1.201
Internal DNS Server 2192.168.1.202

Decide on the following Optional settings

These settings are only required if specific applications are installed.

ItemDetailsComments
Admin Email Addressadmin@sharewiz.netEmail address of the System Administrator.
MySQL Root PasswordmysqlrootpassIf using MySQL or Maria SQL.
HTTP Proxy Serverhttp://192.168.5.6:3128If a proxy server is used for HTTP.

Decide on the Hard Drive partitions

Use a design that allows for dynamic growth and fine-tuning.

This prevents volumes becoming completely full, which is a definite no!

The Logical Volume Manager (LVM) is used, which lets you add disks, replace disks, copy and share contents from one disk to another without disrupting service (hot swapping).

The following volume will remain outside the LVM:

VolumeFileSystemSizeComments
/boot/boot1 GBboot volume - This will remain static in size. It is also the only space residing outside the Logical Volume Manager (LVM).

NOTE: Recent versions of Linux and Ubuntu do support having the /boot volume within the LVM.

See Grub2. https://wiki.archlinux.org/index.php/GRUB2#LVM

The following volumes will be within the LVM.

Volume FileSystem Volume Size Comments
/dev/vg01/root / 2 GB root volume - Operating system and everything else which should remain fairly static.
/dev/vg01/usr /usr 2 GB usr volume - Contains by far the largest share of data in the system.
/dev/vg01/var /var 2 GB var volume - This is the app/database/log storage area and will continue to grow over time.
/dev/vg01/tmp /tmp 2 GB tmp volume - This location will be used for temporary storage. Adjust size as required.
/dev/vg01/srv /srv 0.5 GB srv volume - This will contain the files stored in the Samba share.
/dev/vg01/opt /opt 0.5 GB opt volume - This location is occasionally used for specific software.
/dev/vg01/home /home 0.5 GB home volume - This is where personal user files will be stored.
/dev/vg01/backup /backup 4 GB backup volume - This will contain a local backup of any databases and other important data, so space needs to be around double /var.
/dev/vg01/sharewiz /sharewiz 0.5 GB sharewiz volume - This will contain scripts used to administer the system, and should remain fairly static.

NOTE: Swap partitions are no longer used by default. Instead Swap files are used.

However if using a system that still uses Swap Partitions then also include an allocation for this too as such:

Volume FileSystem Volume Size Comments
/dev/vg01/swap swap 4 GB swap volume – Initially set to 4GB. This should remain static in size, however, if the amount of RAM is adjusted, this should be adjusted as well. See note below on recommended swap space.

NOTE: Even though the above sizes will fill most of a 20GB hard drive, it it recommended to still use the same sizes even if you have a far bigger drive. The system will be set to auto grow the necessary partitions as required.

The exception to this is for the /var partition, which could be made much bigger from the start if you know for instance that a large database will be installed into it.

If you do increase the size of the /var partition then remember to also increase the size of the /backup partition accordingly. See Disk Security for further information.


NOTE: Swap partitions are no longer used by default. Instead Swap files are used.

However if using a system that still uses Swap Partitions then consider the following recommendations.

Historically, swap space was set to twice the amount of memory. However that was against systems with very little memory. Today’s systems have a lot more memory, so new rules apply as to the amount of recommended swap to have.

RAM in your Server Recommended swap space Recommended swap space if allowing for hibernation Maximum swap space
256MB or less 256MB 512MB 512MB
512MB 512MB 1024MB 1024MB
1024MB 1024MB 2048MB 2048MB
1GB 1GB 2GB 2GB
2GB 1GB 3GB 4GB
3GB 2GB 5GB 6GB
4GB 2GB 6GB 8GB
5GB 2GB 7GB 10GB
6GB 2GB 8GB 12GB
8GB 3GB 11GB 16GB
12GB 3GB 15GB 24GB
16GB 4GB 20GB 32GB
24GB 5GB 29GB 40GB
32GB 6GB 38GB 64GB
64GB 8GB 72GB 128GB
128GB or more 11GB 139GB 256GB

or to quickly get an idea of how much swap to use:

Amount of RAM in the systemRecommended swap spaceRecommended swap space if allowing for hibernating
2GB of RAM or less2 times the amount of RAM3 times the amount of RAM
2GB to 8GB of RAMEqual to the amount of RAM2 times the amount of RAM
8GB to 64GB of RAM0.5 times the amount of RAM1.5 times the amount of RAM
64GB of RAM or more4GB of swap spaceNo extra space needed

NOTE: When the logical volumes and file systems are initially created, they consume the maximum amount of space allocated so that the file system size will initially equal the logical volume size.

These partition sizes above are artificially small for that reason.

These will be later modified so that the logical volume will be larger than the file system so that the file system has room to expand when needed in a safe and automated manner.


Important info

The /tmp folder is strictly temporary. By default, each time the server reboots, this folder is deleted and re-created.

The /backup folder will retain the most recent backup and is considered the “local” copy of the backup.


Continue

secure_ubuntu_system/decisions_to_make.txt · Last modified: 2022/07/19 09:37 by 85.203.36.237

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki