Secure Ubuntu System - Install the Base Ubuntu System
Insert your Ubuntu install CD or USB into your system and boot from it.
1. Choose the Language for the final system.
2. Select the installation Type – Select “Install Ubuntu Server”.
NOTE: You might be prompted that an update is available.
It is recommended to select the update, Update to the new installer.
3. Select the Language to be used during the installation process.
4. Choose the Keyboard Layout.
Select the Layout and then the Variant if you know the keyboard you have.
If unsure or you have an unusual keyboard layout when it may be best to select Identify Keyboard, and then you will be asked to press a few keys, and the installer will try to detect your keyboard layout based on the keys you pressed.
5. Configure the network connections.
Start with the default DHCP option if there is a DHCP server in the network.
NOTE: You can also set a static IP address on this screen, or do it later.
6. Configure Proxy.
Just leave blank unless you do use an HTTP Proxy Server.
If so then enter the address of the Proxy.
7. Configure Ubuntu Archive Mirror.
Keep the default, unless you specifically know an alternative mirror site you want to use.
8. Now you have to partition the hard disk.
Select Custom Storage Layout.
We want to use Logical Volume Manger, or LVM, which allows administrators to create logical volumes out of one or multiple physical hard disks.
- LVM volumes can be created on both software RAID partitions and standard partitions residing on a single disk.
- Volumes can also be extended, giving greater flexibility to systems as requirements change.
- There are several installation options for LVM, “Guided - use the entire disk and setup LVM” which will also allow you to assign a portion of the available space to LVM, “Guided - use entire and setup encrypted LVM”, or “Manually setup the partitions and configure LVM”.
- At this time the only way to configure a system with both LVM and standard partitions, during installation, is to use the Manual approach.
NOTE: If you select any one of the “Guided” options for LVM configuration, all the available disk space will be used up, leaving you no free space to grow any logical volume if or when the need arises.
Ultimately, our goal is to use just enough space to get the system up and running, and leave the rest for when we need to grow logical volumes.
Configuring LVM in Ubuntu takes place in 5 steps:
- Create a non-LVM boot partition.
- Create Physical Volume (PV).
- Create a Volume Group (VG), and assign the PV created earlier to the VG.
- Create the Logical Volumes (LV) within the VG.
- Assign file-systems and mounts points to the logical volumes created earlier.
NOTE: Remember that there can be a maximum of 4 primary partitions per disk.
9. Create a standard (non-LVM) primary partition for the /boot file system.
Recent versions of Linux and Ubuntu do support having the /boot volume within the LVM.
See Grub2. https://wiki.archlinux.org/index.php/GRUB2#LVM.
However, this sometimes still causes issues, especially after updates, so the instructions we use is to put the boot partition into a non-LVM partition.
- Select the “pri/log” line.
- Select “Create a new partition”.
- Enter the size required – we want 1 GB.
- Select “Primary Partition”.
- Select “Beginning”.
- Select “ext4 journalising file system” as the file-system.
- Change the default mount point to /boot.
- Set bootable flag to “on”.
- Select “Done setting up the partition”.
10. The next step is to use the unallocated space to create a physical volume.
11. A Physical volume (PV) is the first major component of LVM, and can be created from a disk partition or a full disk drive. To create the PV for this configuration, we are going to use the unallocated disk space.
- Select the “pri/log” line, hit Enter.
- Select “Create a new partition”, hit Enter.
The size of the new partition will be the unallocated space on the hard drive. The installer will automatically show the unallocated free space. Enter the size of the partition. It is recommended to use 99% so that there is some free space left for growth.
- Therefore, enter “99%”, hit Enter.
- Select “Primary Partition”, hit Enter.
- Select “Beginning”, hit Enter.
- For the new partition that we just created, we want to tell the installer what to use it for. So with “Use as” selected, hit Enter.
- Select “Physical Volume for LVM”, hit Enter.
- Select “Done setting up the partition”, hit Enter.
- Select “Configure the logical volume manager”, hit Enter.
- Select “Yes” to “Write the changes to disk”, hit Enter.
12. The next step is to create a Volume Group (VG).
- Select the “Create Volume Group” option, hit Enter.
- Creating a VG starts with giving it a name. Any name will do, but we use the standard of vg01, vg02, etc. For now we only have a single VG so we use vg01.
- Assign the PV we created earlier to the VG. By default, this is not selected. Use the Space Bar on the keyboard to select the partition representing the PV (This will usually be the 2nd entry, i.e. /dev/sda2).
- Select Continue.
13. Next, create the Logical Volumes.
With the PV and VG created, and the PV assigned to the VG, the next step is to create the Logical Volumes. A Logical Volume (LV) is LVM jargon for partition. We will create a number of LVs, one each for the following file-system directories:
- / (root), swap, /usr, /var, /tmp, /srv, /opt, /home, /backup, /sharewiz
- Select the option to create logical volumes, hit Enter.
We have to tell the installer what VG to create the LVs under. Since we created only one VG, vg01, that is the only one shown, hit Enter.
- Create the following logical volumes, by giving it the name swap, hit Enter. Suggested sizes in parenthesis.
- root (2G)
- usr (2G)
- var (2G)
- tmp (2G)
- srv (0.5G)
- opt (0.5G)
- home (0.5G)
- backup (4G)
- sharewiz (0.5G)
- The suggested sizes should be more than enough to install and get the system up and running. This leaves enough free space to grow any LV that needs it.
- It makes sense to leave some space unused so that you can later on expand your existing logical volumes or create new ones - this gives you more flexibility.
NOTE: If using Swap Partitions instead of Swap Files then also create a LV for Swap too.
- Note that the recommended size of a swap partition is twice the amount of memory in the system, so set this accordingly, such as 4G.
- Select “Display the configuration details” to check that all LVs are created okay. Hit Enter.
- Select “Finish”, hit Enter.
14. The final task is to assign a file-system and a mount point to each LV.
- Select the line “#1” for each LV, hit Enter.
- Set the mount point, hit Enter.
- Before pressing Enter, make a note of the LV name being worked on. This can be seen in the line above, for instance LV backup refers to the backup partition.
- Select “Use as”, hit Enter.
- Select “ext4 journalising file system” as the file-system, (for swap use the swap area file-system type), hit Enter.
- Set the mount point, hit Enter.
- If using a Swap Partition and not a Swap File, then for the swap partition use the swap area file-system type.
- For cases where the mount point is not one of / (root), /tmp, /usr, /var, /srv, /opt, /home select the Enter manually option.
- So, for the backup partition, simply use /backup as the manually entered name.
- Same for the sharewiz partition, simply use /sharewiz as the manually entered name.
- Select “Done setting up the partition”, hit Enter.
- Repeat the last five steps for the other logical volumes that you created.
15. Finally, select “Finish partitioning and write changes to disk”. Then confirm the changes and continue with the rest of the installation.
16. Afterwards, your new partitions are being created and formatted.
17. Enter the hostname.
If the system is to be called server1.sharewiz.net, enter server1.
18. Enter the full name of the Administrator of the system.
19. Enter the username for the Administrator account.
For example enter the user name administrator.
IMPORTANT: Do not use the user name admin as it is a reserved name on Ubuntu.
20. Enter a password for this Administration account.
This should be the adminpass selected earlier.
It's best to use a combination of letters, numbers and other characters.
21. Re-enter exactly the same password.
If you used a very weak password that consists of less than 8 characters you will be prompted whether you actually do want to use this weak password. As we want a very secure server, select “No” and re-enter a much stronger password.
22. We don't need an encrypted private directory, so choose “No” here.
23. The system will attempt to set the clock.
If it successfully shows the correct time zone then select “Yes”, else “No”.
The system will try to get the time from a network time server.
This may take some time, and the system may not be successful in doing this, as it might not have external internet access yet.
Ignore the error.
24. Now the base system will be being installed. Note that this may take a while.
The ALT-F4 key combination can be used to monitor what is actually happening with the install process.
Use the ALT-F1 key combination to return back to the normal install screen.
25. Leave the HTTP proxy line empty unless you're using a proxy server to connect to the Internet.
If using an HTTP proxy server enter the details such as http://192.168.5.6:3128.
26. Next the package manager apt gets configured.
The system will probably seem to pause for a long time (due to the fact that it cannot yet get external internet access).
This is optional, but to speed up the install a bit, press Enter to cancel the current step – and the graph should jump to around 80% completed.
Enter can be pressed once more to skip to the end of this step.
27. To update the server manually in order to have more control, select No automatic updates.
28. Only select the OpenSSH Server, by pressing the Space bar on your keyboard.
A choice of different types of server servers can be selected, but nevertheless don't select any of them now in order to have full control over what gets installed on the system.
The packages required on the system will be manually installed later on.
The only item to select here is OpenSSH server so that one can immediately connect to the system with an SSH client after the installation has finished.
29. The installation continues.
30. Select Yes to install GRUB boot loader to the master boot record.
31. The base system installation is now finished.
Remove the installation CD from the CD drive and hit Continue to reboot the system.
Continue
Continue to Initial Setup