Initial Server Setup with Ubuntu 20.04 18.04 and 16.04

Initial Server Setup is a critical first step after deploying a fresh Ubuntu server instance. Proper configuration ensures security, stability, and optimal performance for hosting applications or services. This guide covers essential setup procedures for Ubuntu versions 20.04, 18.04, and 16.04, including user management, security hardening, and basic service configuration.

Prerequisites

Before beginning the server setup process, ensure you have the following requirements

• Fresh Ubuntu 20.04, 18.04, or 16.04 server instance

• Root access or user account with administrative privileges

• SSH client for remote server connection (e.g., OpenSSH, PuTTY)

• Server's public IP address

System Update and Package Management

The first step involves updating the package repository and upgrading installed packages to their latest versions. This ensures you have the most recent security patches and software updates.

sudo apt update

Update the package lists for available upgrades and new installations

sudo apt upgrade -y

The -y flag automatically confirms the upgrade process without manual intervention.

Creating Administrative User

Using the root account for daily operations poses security risks. Create a dedicated user account with sudo privileges for administrative tasks

sudo adduser newuser

Replace newuser with your desired username. The system will prompt for password and user information.

Granting Sudo Privileges

Add the new user to the sudo group to grant administrative privileges

sudo usermod -aG sudo newuser

This command modifies the user account by adding them to the sudo group, enabling execution of administrative commands.

SSH Security Configuration

Secure Shell (SSH) provides encrypted remote access to your server. Implementing key-based authentication significantly improves security over password-based login.

Generate SSH Key Pair

On your local machine, generate an SSH key pair

ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"

Deploy Public Key

Copy the public key to your server

ssh-copy-id newuser@your_server_ip

Disable Password Authentication

Edit the SSH configuration file to enhance security

sudo nano /etc/ssh/sshd_config

Modify the following directives

PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin no

Restart the SSH service to apply changes

sudo systemctl restart sshd

Firewall Configuration with UFW

Ubuntu's Uncomplicated Firewall (UFW) provides simplified firewall management. Configure basic firewall rules to protect your server from unauthorized access.

sudo ufw allow OpenSSH
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Enable the firewall

sudo ufw enable

Verify firewall status and rules

sudo ufw status verbose

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp (OpenSSH)          ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere

Automatic Security Updates

Configure automatic security updates to maintain system security without manual intervention

sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

Select "Yes" when prompted to enable automatic security updates.

Time Synchronization Configuration

Accurate time synchronization is crucial for system logs, security certificates, and distributed applications.

sudo timedatectl set-timezone America/New_York
sudo apt install ntp
sudo systemctl enable ntp
sudo systemctl start ntp

Verify time configuration

timedatectl status

Essential Service Installation

Web Server (Apache)

Install Apache web server for hosting websites

sudo apt install apache2
sudo ufw allow 'Apache Full'
sudo systemctl enable apache2

Database Server (MySQL)

Install and secure MySQL database server

sudo apt install mysql-server
sudo mysql_secure_installation

The security script will prompt you to configure root password, remove anonymous users, disable remote root login, and remove test databases.

System Maintenance

Regular system updates ensure ongoing security and stability

sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y

This command updates package lists, upgrades installed packages, and removes unnecessary packages automatically.

Conclusion

Proper initial server setup establishes a secure foundation for Ubuntu servers across versions 20.04, 18.04, and 16.04. Key elements include creating non-root administrative users, implementing SSH key authentication, configuring firewall rules, and enabling automatic security updates. These practices significantly enhance server security and provide a stable platform for hosting applications and services.