Back to Ubuntu Server Administration

Ubuntu Server Administration — SKILL.md

Raw skill file that agents receive when using this skill

Download
---
name: "Ubuntu Server Administration"
description: "Skill for Ubuntu Server Administration — auto-generated from documentation"
version: "1.0.0"
author: "skynet"
category: "ops"
agents: ["claude-code", "codex", "gemini"]
tags: ["ubuntu-admin", "ops", "auto-generated"]
---

# Ubuntu Server Administration

---
name: Ubuntu Server Administration
description: Essential Ubuntu server management skills for system administrators, covering installation, configuration, security hardening, service management, and troubleshooting common issues
metadata:
  author: skynet
  version: 1.0.0
category: ops
---

# Ubuntu Server Administration

## Initial Server Setup

### Post-Installation Configuration
```bash
# Update system packages
sudo apt update && sudo apt upgrade -y

# Create administrative user
sudo adduser admin
sudo usermod -aG sudo admin

# Configure timezone
sudo timedatectl set-timezone America/New_York
sudo timedatectl list-timezones | grep -i york

# Set hostname
sudo hostnamectl set-hostname myserver
echo "127.0.0.1 myserver" | sudo tee -a /etc/hosts
```

### SSH Security Hardening
```bash
# Backup original SSH config
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

# Edit SSH configuration
sudo nano /etc/ssh/sshd_config

# Key settings to modify:
Port 2222
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
AllowUsers admin
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2

# Restart SSH service
sudo systemctl restart ssh
sudo systemctl enable ssh
```

## Package Management

### APT Operations
```bash
# Search for packages
apt search nginx
apt show nginx

# Install packages
sudo apt install nginx mysql-server php-fpm
sudo apt install --no-install-recommends package-name

# Remove packages
sudo apt remove package-name
sudo apt purge package-name  # Remove config files too
sudo apt autoremove  # Clean orphaned dependencies

# Hold packages from updates
sudo apt-mark hold linux-image-generic
sudo apt-mark unhold linux-image-generic

# Repository management
sudo add-apt-repository ppa:ondrej/php
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys KEY_ID
```

## Service Management with Systemd

### Service Operations
```bash
# Service status and control
sudo systemctl status nginx
sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx
sudo systemctl reload nginx
sudo systemctl enable nginx
sudo systemctl disable nginx

# View service logs
sudo journalctl -u nginx
sudo journalctl -u nginx -f  # Follow logs
sudo journalctl -u nginx --since "2023-01-01"
sudo journalctl -u nginx --lines 50

# Create custom service
sudo nano /etc/systemd/system/myapp.service
```

### Custom Service Example
```ini
[Unit]
Description=My Application
After=network.target

[Service]
Type=simple
User=www-data
WorkingDirectory=/opt/myapp
ExecStart=/usr/bin/python3 /opt/myapp/app.py
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
```

## Network Configuration

### Netplan Configuration
```bash
# Edit network configuration
sudo nano /etc/netplan/00-installer-config.yaml
```

```yaml
network:
  version: 2
  ethernets:
    enp0s3:
      dhcp4: false
      addresses:
        - 192.168.1.100/24
      gateway4: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 1.1.1.1]
```

```bash
# Apply network changes
sudo netplan try  # Test configuration
sudo netplan apply

# Network troubleshooting
ip addr show
ip route show
ss -tuln  # Show listening ports
netstat -tuln
```

## Firewall Management (UFW)

### UFW Configuration
```bash
# Enable UFW
sudo ufw enable
sudo ufw status verbose

# Basic rules
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow specific services
sudo ufw allow ssh
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow from 192.168.1.0/24 to any port 3306

# Advanced rules
sudo ufw allow from 203.0.113.4 to any port 22
sudo ufw deny from 198.51.100.0/24

# Remove rules
sudo ufw delete allow 80/tcp
sudo ufw --force reset  # Reset all rules
```

## Storage Management

### Disk Operations
```bash
# View disk usage
df -h
du -sh /var/log/*
lsblk
fdisk -l

# Mount operations
sudo mkdir /mnt/backup
sudo mount /dev/sdb1 /mnt/backup
sudo umount /mnt/backup

# Permanent mounts in /etc/fstab
echo "/dev/sdb1 /mnt/backup ext4 defaults 0 2" | sudo tee -a /etc/fstab

# Format new disk
sudo fdisk /dev/sdb  # Create partition
sudo mkfs.ext4 /dev/sdb1

# LVM operations
sudo pvcreate /dev/sdb1
sudo vgcreate vg_data /dev/sdb1
sudo lvcreate -L 50G -n lv_data vg_data
sudo mkfs.ext4 /dev/vg_data/lv_data
```

## User Management

### User Operations
```bash
# Create users
sudo adduser john
sudo useradd -m -s /bin/bash -G sudo jane

# Password management
sudo passwd john
sudo passwd -l john  # Lock account
sudo passwd -u john  # Unlock account

# Group management
sudo groupadd developers
sudo usermod -aG developers john
groups john

# Set user limits
sudo nano /etc/security/limits.conf
# john hard nproc 100
# @developers soft nofile 4096
```

## Log Management

### Log Analysis
```bash
# System logs
sudo tail -f /var/log/syslog
sudo journalctl --since "1 hour ago"
sudo journalctl --since "2023-01-01" --until "2023-01-31"

# Application logs
sudo tail -f /var/log/apache2/error.log
sudo tail -f /var/log/nginx/access.log

# Log rotation
sudo nano /etc/logrotate.d/myapp
```

```bash
/var/log/myapp/*.log {
    daily
    rotate 30
    compress
    delaycompress
    missingok
    create 644 www-data www-data
}
```

## Troubleshooting Guide

### Common Issues and Solutions

#### Service Won't Start
```bash
# Error: "Job for nginx.service failed"
sudo systemctl status nginx  # Check status
sudo journalctl -xe  # View detailed errors
sudo nginx -t  # Test configuration
sudo systemctl daemon-reload  # Reload systemd
```

#### Disk Space Issues
```bash
# Error: "No space left on device"
df -h  # Check disk usage
du -h /var | sort -hr | head -10  # Find large directories
sudo find /var/log -type f -size +100M  # Find large log files
sudo journalctl --vacuum-time=7d  # Clean old journal logs
```

#### Network Connectivity Issues
```bash
# Test connectivity
ping -c 4 8.8.8.8
dig google.com
nslookup google.com

# Check routing
ip route get 8.8.8.8
traceroute google.com

# Check DNS
cat /etc/resolv.conf
systemd-resolve --status
```

#### Permission Denied Errors
```bash
# Check file permissions
ls -la /path/to/file
sudo chown user:group /path/to/file
sudo chmod 644 /path/to/file

# SELinux/AppArmor issues (if applicable)
sudo aa-status  # AppArmor status
sudo aa-complain /usr/sbin/nginx  # Set to complain mode
```

## Performance Monitoring

### System Monitoring
```bash
# System resources
htop
iostat -x 1
vmstat 1
sar -u 1 10

# Memory usage
free -h
cat /proc/meminfo

# Network monitoring
iftop
nethogs
ss -i  # Socket statistics

# Process monitoring
ps aux --sort=-%cpu | head
ps aux --sort=-%mem | head
pgrep -f nginx
```

### Automated Monitoring Script
```bash
#!/bin/bash
# System health check
echo "=== System Health Check $(date) ==="
echo "Load Average: $(uptime | awk -F'load average:' '{print $2}')"
echo "Memory Usage: $(free | grep Mem | awk '{printf("%.2f%%", $3/$2 * 100.0)}')"
echo "Disk Usage: $(df -h / | awk 'NR==2{printf "%s", $5}')"
echo "Active Connections: $(ss -t | wc -l)"
```

## Backup Strategies

### Automated Backup Script
```bash
#!/bin/bash
# Daily backup script
BACKUP_DIR="/backup/$(date +%Y%m%d)"
mkdir -p $BACKUP_DIR

# Database backup
mysqldump -u root -p$DB_PASSWORD --all-databases > $BACKUP_DIR/databases.sql

# Configuration backup
tar -czf $BACKUP_DIR/config.tar.gz /etc

# Application data
rsync -av /var/www/ $BACKUP_DIR/www/

# Cleanup old backups (keep 7 days)
find /backup -type d -mtime +7 -exec rm -rf {} +
```

## Decision Tree: Service Deployment

```
New Service Deployment
├── Is it a web application?
│   ├── Yes → Configure nginx/apache, SSL certificates, firewall rules
│   └── No → Continue to service type
├── Does it need a database?
│   ├── Yes → Install MySQL/PostgreSQL, create database and user
│   └── No → Continue
├── Does it need persistent storage?
│   ├── Yes → Create mount point, configure permissions
│   └── No → Continue
└── Create systemd service → Enable and start service → Monitor logs
```

This skill covers essential Ubuntu server administration tasks with practical, copy-pasteable commands for real-world scenarios.

curl -s https://skills.skynet.ceo/api/skills/ubuntu-admin/skill.md