Grid Guide Topics
Table of Contents
- Basic Firewall Configuration
- Time Zones Configuration
- Synchronizing a Network Time Protocol
- Create a Swap File
In most cases, there are a few additional steps that are highly recommended for setting up the basic configuration for a new server. In this guide, we will explain to you about a few additional recommended steps for new Ubuntu 18.04 servers.
Basic Firewall Configuration
A firewall is a protection from unauthorized access to a server. It is a network security device that monitors traffic to your server and allows or blocks a specific traffic based on predetermined security rules. This is just a basic level of security for a server.
Ubuntu ships a tool called ufw to configure the firewall policies. Our primary strategy is to lock down everything we don’t need to keep open.
By default, the SSH daemon runs on port 22, and if the default has been changed ufw can implement a rule by name. If you haven’t altered SSH port, you can enable the exception by using the following command.
$ sudo ufw allow ssh
If you have altered the SSH port, you will have to allow it by mentioning the actual port number, along with the TCP protocol.
$ sudo ufw allow 4444/tcp
This is a minimum firewall configuration. It will allow traffic on your SSH port and the remaining services will be inaccessible. You will need to open the firewall at each port wherever required only if you have planned to run additional services.
If you plan to run an HTTP web server, you need to allow access to port 80.
$ sudo ufw allow 80/tcp
If you plan to run an SSL/TLS enabled web server, you need to allow access to port 443.
$ sudo ufw allow 443/tcp
If you need email enabled SMTP, you need to open port 25.
$ sudo ufw allow 25/tcp
After adding the exceptions, you can review the selections by using the following command.
$ sudo ufw show added
If everything is fine, you can enable the firewall by using the command:
$ sudo ufw enable
Then, you will be asked a confirmation for your selection, type Y if you wish to continue. It will apply your exceptions, block all the remaining traffic, and configure the firewall at the boot automatically.
You will have to open the ports for any additional services that you may wish to configure in the future.
Configure Time Zones and Network Protocol Synchronization
The next step is to set localization settings and configuring the Network Time Protocol (NTP) synchronization.
The first step tells that your server is working under the correct time zone. The second step will manage your system to synchronize your system by the global network of NTP servers.
Time Zones Configuration
The first step is the configuration of servers Timezone. This can be done by reconfiguring the tzdata package.
$ sudo dpkg-reconfigure tzdata
You will be shown with a menu that can allow you to select a geographic location of your server.
Once your region is selected, then you can choose the specific time zone of a server.
Then the system will be updated to use your selected timezone and output will be printed on the screen.
Next step is the configuration of NTP.
Synchronizing a Network Time Protocol
Up to now, you have set your timezone and next step is you should configure NTP. This process will allow your system to sync with other servers and manages the system to more predictable in involving operations that depend on owing correct time.
To synchronize NTP, we have a service named ntp, which you can install from Ubuntu’s repositories.
sudo apt update sudo apt install ntp
All this process is about setting up NTP configuration on Ubuntu. This process will start automatically on each boot and automatically adjust the system time will be matched with global NTP servers throughout the day.
Create a Swap File
If we add swap to Linux server then it allows moving the less frequently accessed information from RAM to swap location on the disk. You can follow our guide to add swap space on Ubuntu 18.04. Accessing data which is available on disk is little slower than accessing in the RAM but having swap is makes difference like application alive and crashing.
Generally, the amount of swap is equal to or double the amount of RAM is good. By using the fallocate utility, to allocate the space for Swap file. For example, if you want 4 GB file then we can create a file by the following command.
sudo fallocate -l 4G /swapfile
Once the file is created, then we need to restrict the access to the file, so that other process cannot see the file. Use the following command to do so.
sudo chmod 600 /swapfile
Now we are having a file with required permissions. If we want to tell the system for swap then use the following command.
sudo mkswap /swapfile
Now the system can use the swap file by using the below command.
sudo swapon /swapfile
If you want to modify the system file instead of swap file then use the following command so that the server will automatically boot.
sudo sh -c ‘echo “/swapfile none swap sw 0 0” >> /etc/fstab’
These are the Additional Recommended steps for Ubuntu 18.04.