Preparations

• Open your server text file.
• Open the PowerShell.

_______________________________________________

Update your working server text file

Add these lines to your server text file. Be sure to replace the IP and password where necessary.

######
ssh root@Your-IP
Your Password
systemctl status sshd
who
######
ip a
ufw status
apt update
apt list --upgradable
apt upgrade
apt dist-upgrade
apt autoremove
###
apt install tree
-->  to use:  tree /var/<dir>/   --> shows directory structure
-->  -p -d -u  -pug
###
apt install net-tools
###
-->  who is established?   
netstat -na | grep 'ESTA'
-->  (doesn't mean they are logged in)
###
-->  to see logins:
last -a | grep -i still  -->  shows active 
###
-->  who is there:
who -uH 
-->  (can use w or who above)   -->  https://www.howtoforge.com/how-to-find-active-ssh-connections-on-linux/
###
-->  quits listing:
q
###
-->  shows file structure:
df
###
-->  list of all users:
cat /etc/passwd
###
-->  is user there?
grep user /etc/passwd
###  -->  to delete user:   userdel -r user
###
-->  add user:
useradd -m user  --> -m creates home
--> create a 32 character password for this username, just like you did for root:
passwd user
-->  add to sudo group in case you do sudo commands in the future:
usermod -aG sudo user
groups user
###  -->  Take SNAPSHOT, name it ROOT
reboot

After you have made the changes, save the file and let's go!

_______________________________________________

Check some server things

Login to your Ubuntu server with PowerShell.

systemctl status sshd

Type q to stop the listing.

You will probably see a somewhat clean display as the server was rebooted in the last section. The hackers will continue to try to get in. But you have secured the server so they are basically just pounding their heads on the wall. The word active should be green. This is good.

who

This is another verification. You should just see root with Your-IP. This is good.

ip a

You should see some more lines of technical jargon. The important thing is there should be no lines starting with inet6. This means only IPv4 traffic can access your Ubuntu server.

It's probably a good time to talk about what happens if things don't go the right way while you are working here. I will create a troubleshooting file but in the meantime, go back to the section that did work. You can also go into your server VPS account and power down your server with the power button. You can even use the reinstall icon and completely start over. This was discussed a bit in the Access the Ubuntu Server section.

Time to check the firewall status:

ufw status

There should only be port 22/tcp open at this time with Your-IP.

_______________________________________________

Update your Ubuntu server files

Let's check for server upgrade files. The upgrades may sometimes take some time. You will see a progress bar. Wait until it finishes before you press on. Enter the following commands:

apt update

This should end with All packages are up to date.

Recently, apt update has been deprecated. This means it will work right now but will not some time in the future. I will tell you how to bypass this warning later on in the Domain Optimization section of the tutorial.

apt list --upgradable

apt upgrade

There will probably be nothing to update this early in your Ubuntu server's life. But you may see some things that can be removed. Ignore that command for a moment.

apt dist-upgrade

Should nothing need be done, proceed to the next command.

apt autoremove

If there is something to remove, press the Y key. Wait for the activity to end. You should be at root.

You will see that we go through the file update process almost every time we log back into the server. In fact, it's something the administrator needs to do every few days to make sure the server is properly updated and secured.

_______________________________________________

A D V E R T I S E M E N T

_______________________________________________

Install some things and look around the Ubuntu server

Time to install a few server tools. We don't need them right now but it's more practice.

apt install tree

Now that tree is installed, DO NOT run the tree command, yet. It could fill your terminal screen to overflow! We will use it later on. Tree shows you things like directory structure and owner/group.
To use(later, please!): tree /var/(dir)/
Use these extensions to see different views of the structure: -p -d -u -pug

apt install net-tools

You should have seen a few lines of code go by and return to the root command. Now, let's look around a bit before we load Apache.

netstat -na | grep 'ESTA'

You'll probably see two ESTABLISHED connections. In this example, one is your IP on some huge port number and the other is your VPS server's on port 22. Notice the ESTA is in red to show the word match from your command. But you may see other IP's here with ESTABLISHED. Strange as it may seem, this does not mean they are logged into your server. It only means they have established a connection to the server and are trying to get in. They won't.

root@V-601:~# netstat -na | grep 'ESTA'
tcp       0     52 45.32.145.198:22        76.213.65.34:53925      ESTABLISHED
root@RR-V-601:~#

Now try this:

last -a | grep -i still

The last command shows who is still doing something on your server. You should be there and the system boot should be there. That's all.

The next command should only show you logged into your server:

who -uH

The df command shows a lot of info about your server and how space is used. It will probably be confusing, but you may recognize some of the numbers:

df

The next command is interesting in that it will show you every user on your server. It will also tell you if they are logged in or not. As you can imagine, some system users like root will be there. Most in the list are system related and they will show nologin.

cat /etc/passwd

You can look for specific users with the following command:

grep root /etc/passwd

_______________________________________________

A D V E R T I S E M E N T

_______________________________________________

Add a user to the Ubuntu server

Now, let's add a user to the server. We will also add the user to the sudo group. First, think of a username, like dilbert. Make up your own, of course. The -m also creates a home directory for the user on your server.

useradd -m dilbert

Create and enter a 32 character password for this username, just like you did for root.

passwd dilbert

What is sudo? The official pronunciation is soo-doo. However, an alternate pronunciation, a homophone of 'pseudo', is also common. That would be soo-dough. Sudo stands for super user do, a user with permission to work at the root level, but with possibly more restricted actions than the root user. Most tutorials want you to use sudo commands instead of root. I would suggest using sudo as a safety-net after your server is fully installed and running. Why? Most linux-types would say to prevent you from accidentally doing something dangerous like erasing your boot disk. Sudo makes this harder to do. Personally, I use root and am very careful with what I type into the shell.

Add the user to the sudo group.

usermod -aG sudo dilbert

Now, make sure the addition took place:

groups dilbert

You will see that the user has been added to two groups, one that matches the username and one in sudo.

OK, if you got this far with no errors and are happy with the way you loaded the server to this point, you may want to take a Snapshot of your server settings. I highly recommend this! You can do this by using your Nightly browser. Go to your server VPS account. Click your server name and select Snapshots. Wait until it is finsihed before proceeeding or rebooting. The Snapshot stores a complete 'redo' file for you to reload your server to this point if you have issues. After the Snapshot, if you really feel adventurous, you could Destroy your server and start over, for the practice. If you decide to go on, enter the next command:

reboot

That's it for Ubuntu server prep! You are ready to install the Apache web server, PHP, MySQL and phpMyAdmin. And maybe a few more things as well. Take a break. When you come back, go to Apache Installation.

Apache Installation

_______________________________________________

COMMENTS - Final Ubuntu Server Configuration

Leave a comment.
Moderator approval may be required before posting.