Grid Guides

Explore How System On Grid Can Work For You

Grid Guide Topics

Additional Recommended Steps for New Ubuntu 18.04 Servers

Table Of Contents

    ## Table of Contents
    – [Introduction](#introduction
    – [Basic Firewall Configuration](#basic-firewall-configuration
    – [Time Zones Configuration](#time-zones-configuration
    – [Synchronizing a Network Time Protocol](#synchronizing-a-network-time-protocol
    – [Create a Swap File](#create-a-swap-file
    – [Conclusion](#conclusion

    ## Introduction
    In most cases, there are a few additional steps that are highly recommended for setting up the basic configuration for a new server. In this guide, we will explain to you about a few additional recommended steps for new Ubuntu 18.04 servers.

    ## Basic Firewall Configuration

    A firewall is a protection from unauthorized access to a server. It is a network security device that monitors traffic to your server and allows or blocks a specific traffic based on predetermined security rules. This is just a basic level of security for a server.

    Ubuntu ships a tool called ufw to configure the firewall policies. Our primary strategy is to lock down everything we don’t need to keep open.

    We will configure the rules that define the exceptions to our privacy policy before we enable our firewall. While doing so, to maintain the access for remote administration, we need to create an exception for SSH connections.

    By default, the SSH daemon runs on port 22, and if the default has been changed ufw can implement a rule by name. If you haven’t altered SSH port, you can enable the exception by using the following command.
    $ sudo ufw allow ssh
    If you have altered the SSH port, you will have to allow it by mentioning the actual port number, along with the TCP protocol.
    $ sudo ufw allow 4444/tcp

    This is a minimum firewall configuration. It will allow traffic on your SSH port and the remaining services will be inaccessible. You will need to open the firewall at each port wherever required only if you have planned to run additional services.

    If you plan to run an HTTP web server, you need to allow access to port 80.
    $ sudo ufw allow 80/tcp
    If you plan to run an SSL/TLS enabled web server, you need to allow access to port 443.
    $ sudo ufw allow 443/tcp
    If you need email enabled SMTP, you need to open port 25.
    $ sudo ufw allow 25/tcp
    After adding the exceptions, you can review the selections by using the following command.
    $ sudo ufw show added
    If everything is fine, you can enable the firewall by using the command:
    $ sudo ufw enable
    Then, you will be asked a confirmation for your selection, type Y if you wish to continue. It will apply your exceptions, block all the remaining traffic, and configure the firewall at the boot automatically.

    You will have to open the ports for any additional services that you may wish to configure in the future.

    ## Configure Time Zones and Network Protocol Synchronization
    The next step is to set localization settings and configuring the Network Time Protocol (NTP synchronization.

    The first step tells that your server is working under the correct time zone. The second step will manage your system to synchronize your system by the global network of NTP servers.
    ## Time Zones Configuration

    The first step is the configuration of servers Timezone. This can be done by reconfiguring the tzdata package.
    $ sudo dpkg-reconfigure tzdata
    You will be shown with a menu that can allow you to select a geographic location of your server.


    Once your region is selected, then you can choose the specific time zone of a server.


    Then the system will be updated to use your selected timezone and output will be printed on the screen.


    Next step is the configuration of NTP.
    ## Synchronizing a Network Time Protocol

    Up to now, you have set your timezone and next step is you should configure NTP.
    This process will allow your system to sync with other servers and manages the system to more predictable in involving operations that depend on owing correct time.

    To synchronize NTP, we have a service named ntp, which you can install from
    Ubuntu’s repositories.
    sudo apt update
    sudo apt install ntp
    All this process is about setting up NTP configuration on Ubuntu.
    This process will start automatically on each boot and automatically adjust the system time will be matched with global NTP servers throughout the day.
    ## Create a Swap File
    If we add swap to Linux server then it allows moving the less frequently accessed information from RAM to swap location on the disk. You can follow our guide to [add swap space on Ubuntu 18.04](–how-to-add-swap-space-on-ubuntu-18.04. Accessing data which is available on disk is little slower than accessing in the RAM but having swap is makes difference like application alive and crashing.

    Generally, the amount of swap is equal to or double the amount of RAM is good.
    By using the fallocate utility, to allocate the space for Swap file.
    For example, if you want 4 GB file then we can create a file by the following command.
    sudo fallocate -l 4G /swapfile
    Once the file is created, then we need to restrict the access to the file, so that other process cannot see the file. Use the following command to do so.
    sudo chmod 600 /swapfile
    Now we are having a file with required permissions. If we want to tell the system for swap then use the following command.
    sudo mkswap /swapfile
    Now the system can use the swap file by using the below command.
    sudo swapon /swapfile
    If you want to modify the system file instead of swap file then use the following command so that the server will automatically boot.
    sudo sh -c ‘echo “/swapfile none swap sw 0 0” >> /etc/fstab’
    ## Conclusion
    These are the Additional Recommended steps for Ubuntu 18.04.