Skip to content

Instantly share code, notes, and snippets.

@TapeWerm

TapeWerm/Ubuntu Server 22.04 Aftersetup.md

Last active July 22, 2024 06:29
Show Gist options
  • Save TapeWerm/d65ae4aeb6653b669e68b0fb25ec27f3 to your computer and use it in GitHub Desktop.
Save TapeWerm/d65ae4aeb6653b669e68b0fb25ec27f3 to your computer and use it in GitHub Desktop.
Download ZIP
Ubuntu Server 22.04 Aftersetup.md - The setup after you set yourself up
Raw
Ubuntu Server 22.04 Aftersetup.md

The setup after you set yourself up

After installing Ubuntu Server:

Time Zone

sudo dpkg-reconfigure tzdata

SSH 2FA

sudo apt install libpam-google-authenticator
google-authenticator -tdw 17 -r 3 -R 30

Enter sudo nano /etc/pam.d/sshd, replace @include common-auth with the following, and write out (^G = Ctrl-G):

#@include common-auth

auth required pam_google_authenticator.so

Enter sudo nano /etc/ssh/sshd_config, replace KbdInteractiveAuthentication no with the following, and write out (^G = Ctrl-G):

KbdInteractiveAuthentication yes

AuthenticationMethods publickey,keyboard-interactive

UFW

sudo apt install ufw
sudo ufw enable
sudo ufw allow ssh
sudo ufw allow 5201 # iperf

Minecraft Java Edition server:

sudo ufw allow proto tcp to 0.0.0.0/0 port 25565

Minecraft Bedrock Edition server:

sudo ufw allow proto udp to 0.0.0.0/0 port 19132
sudo ufw allow proto udp to ::/0 port 19133

Fail2Ban

sudo apt install fail2ban

Copy and paste this block:

echo [DEFAULT] | sudo tee -a /etc/fail2ban/jail.local
echo banaction = ufw | sudo tee -a /etc/fail2ban/jail.local
echo [sshd] | sudo tee -a /etc/fail2ban/jail.local
echo enabled = true | sudo tee -a /etc/fail2ban/jail.local
sudo systemctl enable --now fail2ban

Unattended Upgrades

sudo dpkg-reconfigure unattended-upgrades

Enter sudo nano /etc/apt/apt.conf.d/50unattended-upgrades, backspace the // from // Unattended-Upgrade::Automatic-Reboot "true";, and write out (^G = Ctrl-G).

sudo unattended-upgrade --dry-run -v

If desktop says System is on battery power, stopping, backspace the // from // Unattended-Upgrade::OnlyOnACPower "true"; and change true to false.

Inadyn

# https://bugs.launchpad.net/ubuntu/+source/inadyn/+bug/1992327
sudo sed -ie '/^             --background \\$/d' /etc/init.d/inadyn
sudo systemctl daemon-reload
sudo truncate -s 0 /etc/inadyn.conf

Enter sudo nano /etc/inadyn.conf, fill this in, and write out (^G = Ctrl-G):

allow-ipv6 = true
period = 300

provider no-ip.com:1 {
    username = $username
    password = $password
    hostname = $hostname.domain.tld
}

provider no-ip.com:2 {
    username = $username
    password = $password
    hostname = $hostname.domain.tld
    checkip-command = "ip -6 address show dev $ifname scope global primary | grep '^\ *inet6' | head -n 1 | awk '{print $2}' | cut -d / -f 1"
}

Enter sudo nano /etc/default/inadyn, replace RUN_DAEMON="no" with RUN_DAEMON="yes", and write out (^G = Ctrl-G).

sudo systemctl restart inadyn

fstab

# List block devices and their filesystem info
lsblk -f
sudo mkdir /mnt/backup
# Mount external disk at boot
echo UUID=$uuid /mnt/backup $filesystem defaults 0 0 | sudo tee -a /etc/fstab
sudo mount -t $filesystem UUID=$uuid /mnt/backup

git

sudo apt install git
echo '*.swp' >> ~/.gitignore
git config --global core.excludesfile ~/.gitignore
git config --global core.editor vim
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment