Ubuntu Server Administration

--- name: Ubuntu Server Administration description: Essential Ubuntu server management skills for system administrators, covering installation, configuration, security hardening, service management, and troubleshooting common issues metadata: author: skynet version: 1.0.0 category: ops --- # Ubuntu Server Administration ## Initial Server Setup ### Post-Installation Configuration ```bash # Update system packages sudo apt update && sudo apt upgrade -y # Create administrative user sudo adduser admin sudo usermod -aG sudo admin # Configure timezone sudo timedatectl set-timezone America/New_York sudo timedatectl list-timezones | grep -i york # Set hostname sudo hostnamectl set-hostname myserver echo "127.0.0.1 myserver" | sudo tee -a /etc/hosts ``` ### SSH Security Hardening ```bash # Backup original SSH config sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup # Edit SSH configuration sudo nano /etc/ssh/sshd_config # Key settings to modify: Port 2222 PermitRootLogin no PasswordAuthentication no PubkeyAuthentication yes AllowUsers admin MaxAuthTries 3 ClientAliveInterval 300 ClientAliveCountMax 2 # Restart SSH service sudo systemctl restart ssh sudo systemctl enable ssh ``` ## Package Management ### APT Operations ```bash # Search for packages apt search nginx apt show nginx # Install packages sudo apt install nginx mysql-server php-fpm sudo apt install --no-install-recommends package-name # Remove packages sudo apt remove package-name sudo apt purge package-name # Remove config files too sudo apt autoremove # Clean orphaned dependencies # Hold packages from updates sudo apt-mark hold linux-image-generic sudo apt-mark unhold linux-image-generic # Repository management sudo add-apt-repository ppa:ondrej/php sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys KEY_ID ``` ## Service Management with Systemd ### Service Operations ```bash # Service status and control sudo systemctl status nginx sudo systemctl start nginx sudo systemctl stop nginx sudo systemctl restart nginx sudo systemctl reload nginx sudo systemctl enable nginx sudo systemctl disable nginx # View service logs sudo journalctl -u nginx sudo journalctl -u nginx -f # Follow logs sudo journalctl -u nginx --since "2023-01-01" sudo journalctl -u nginx --lines 50 # Create custom service sudo nano /etc/systemd/system/myapp.service ``` ### Custom Service Example ```ini [Unit] Description=My Application After=network.target [Service] Type=simple User=www-data WorkingDirectory=/opt/myapp ExecStart=/usr/bin/python3 /opt/myapp/app.py Restart=always RestartSec=10 [Install] WantedBy=multi-user.target ``` ## Network Configuration ### Netplan Configuration ```bash # Edit network configuration sudo nano /etc/netplan/00-installer-config.yaml ``` ```yaml network: version: 2 ethernets: enp0s3: dhcp4: false addresses: - 192.168.1.100/24 gateway4: 192.168.1.1 nameservers: addresses: [8.8.8.8, 1.1.1.1] ``` ```bash # Apply network changes sudo netplan try # Test configuration sudo netplan apply # Network troubleshooting ip addr show ip route show ss -tuln # Show listening ports netstat -tuln ``` ## Firewall Management (UFW) ### UFW Configuration ```bash # Enable UFW sudo ufw enable sudo ufw status verbose # Basic rules sudo ufw default deny incoming sudo ufw default allow outgoing # Allow specific services sudo ufw allow ssh sudo ufw allow 22/tcp sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw allow from 192.168.1.0/24 to any port 3306 # Advanced rules sudo ufw allow from 203.0.113.4 to any port 22 sudo ufw deny from 198.51.100.0/24 # Remove rules sudo ufw delete allow 80/tcp sudo ufw --force reset # Reset all rules ``` ## Storage Management ### Disk Operations ```bash # View disk usage df -h du -sh /var/log/* lsblk fdisk -l # Mount operations sudo mkdir /mnt/backup sudo mount /dev/sdb1 /mnt/backup sudo umount /mnt/backup # Permanent mounts in /etc/fstab echo "/dev/sdb1 /mnt/backup ext4 defaults 0 2" | sudo tee -a /etc/fstab # Format new disk sudo fdisk /dev/sdb # Create partition sudo mkfs.ext4 /dev/sdb1 # LVM operations sudo pvcreate /dev/sdb1 sudo vgcreate vg_data /dev/sdb1 sudo lvcreate -L 50G -n lv_data vg_data sudo mkfs.ext4 /dev/vg_data/lv_data ``` ## User Management ### User Operations ```bash # Create users sudo adduser john sudo useradd -m -s /bin/bash -G sudo jane # Password management sudo passwd john sudo passwd -l john # Lock account sudo passwd -u john # Unlock account # Group management sudo groupadd developers sudo usermod -aG developers john groups john # Set user limits sudo nano /etc/security/limits.conf # john hard nproc 100 # @developers soft nofile 4096 ``` ## Log Management ### Log Analysis ```bash # System logs sudo tail -f /var/log/syslog sudo journalctl --since "1 hour ago" sudo journalctl --since "2023-01-01" --until "2023-01-31" # Application logs sudo tail -f /var/log/apache2/error.log sudo tail -f /var/log/nginx/access.log # Log rotation sudo nano /etc/logrotate.d/myapp ``` ```bash /var/log/myapp/*.log { daily rotate 30 compress delaycompress missingok create 644 www-data www-data } ``` ## Troubleshooting Guide ### Common Issues and Solutions #### Service Won't Start ```bash # Error: "Job for nginx.service failed" sudo systemctl status nginx # Check status sudo journalctl -xe # View detailed errors sudo nginx -t # Test configuration sudo systemctl daemon-reload # Reload systemd ``` #### Disk Space Issues ```bash # Error: "No space left on device" df -h # Check disk usage du -h /var | sort -hr | head -10 # Find large directories sudo find /var/log -type f -size +100M # Find large log files sudo journalctl --vacuum-time=7d # Clean old journal logs ``` #### Network Connectivity Issues ```bash # Test connectivity ping -c 4 8.8.8.8 dig google.com nslookup google.com # Check routing ip route get 8.8.8.8 traceroute google.com # Check DNS cat /etc/resolv.conf systemd-resolve --status ``` #### Permission Denied Errors ```bash # Check file permissions ls -la /path/to/file sudo chown user:group /path/to/file sudo chmod 644 /path/to/file # SELinux/AppArmor issues (if applicable) sudo aa-status # AppArmor status sudo aa-complain /usr/sbin/nginx # Set to complain mode ``` ## Performance Monitoring ### System Monitoring ```bash # System resources htop iostat -x 1 vmstat 1 sar -u 1 10 # Memory usage free -h cat /proc/meminfo # Network monitoring iftop nethogs ss -i # Socket statistics # Process monitoring ps aux --sort=-%cpu | head ps aux --sort=-%mem | head pgrep -f nginx ``` ### Automated Monitoring Script ```bash #!/bin/bash # System health check echo "=== System Health Check $(date) ===" echo "Load Average: $(uptime | awk -F'load average:' '{print $2}')" echo "Memory Usage: $(free | grep Mem | awk '{printf("%.2f%%", $3/$2 * 100.0)}')" echo "Disk Usage: $(df -h / | awk 'NR==2{printf "%s", $5}')" echo "Active Connections: $(ss -t | wc -l)" ``` ## Backup Strategies ### Automated Backup Script ```bash #!/bin/bash # Daily backup script BACKUP_DIR="/backup/$(date +%Y%m%d)" mkdir -p $BACKUP_DIR # Database backup mysqldump -u root -p$DB_PASSWORD --all-databases > $BACKUP_DIR/databases.sql # Configuration backup tar -czf $BACKUP_DIR/config.tar.gz /etc # Application data rsync -av /var/www/ $BACKUP_DIR/www/ # Cleanup old backups (keep 7 days) find /backup -type d -mtime +7 -exec rm -rf {} + ``` ## Decision Tree: Service Deployment ``` New Service Deployment ├── Is it a web application? │ ├── Yes → Configure nginx/apache, SSL certificates, firewall rules │ └── No → Continue to service type ├── Does it need a database? │ ├── Yes → Install MySQL/PostgreSQL, create database and user │ └── No → Continue ├── Does it need persistent storage? │ ├── Yes → Create mount point, configure permissions │ └── No → Continue └── Create systemd service → Enable and start service → Monitor logs ``` This skill covers essential Ubuntu server administration tasks with practical, copy-pasteable commands for real-world scenarios.