Installing Ubuntu Server

    How to Install Ubuntu Server on Bare Metal: A Simple Guide

    As network engineers and sysadmins, setting up a reliable server environment is a fundamental task in our everyday work. Ubuntu Server, a popular Linux distribution known for its stability, ease of use, and strong community support, is often a go-to choice. Today, I’m going to walk you through the steps to install Ubuntu Server on bare metal, and share some network security best practices you should implement after installation.

    Step 1: Download the Ubuntu Server ISO

    First things first, head over to the official Ubuntu website and download the latest version of Ubuntu Server. Make sure to choose the version that’s appropriate for your hardware (either 64-bit or ARM, depending on your system).

    Step 2: Create a Bootable USB Drive

    You’ll need a bootable USB drive to install Ubuntu Server. Use a tool like Rufus (on Windows) or Etcher (on Linux/macOS) to burn the ISO to the USB.

    Step 3: Boot From USB

    Plug the bootable USB drive into your server and power it on. Enter the BIOS/UEFI settings (typically by pressing a key like F2 or DEL during startup), and configure the system to boot from the USB.

    Step 4: Install Ubuntu Server

    Once you’ve booted from the USB, you’ll be greeted with the Ubuntu Server installer. Follow the on-screen instructions:

    1. Choose your language and keyboard layout.
    2. Select the network interface to configure the server’s IP (Static is always recommended for a server, however you can set it to DHCP if your environment requires it).
    3. Choose your storage configuration.
    4. Set your hostname (this is how your server will identify itself on the network).
    5. Create a user account and set a strong password.
    6. Choose the software to install (for a minimal setup, you can skip additional software and install it later).
    7. Wait for the installation to finish and reboot.

    Step 5: Log in and Update the System

    Once your server has rebooted, log in using the username and password you set during the installation. The first thing you should do is update the system:

    sudo apt update && sudo apt upgrade -y

    This ensures that your server has the latest patches and security updates, which is a critical first step.

    Step 6: Network Security Best Practices

    Now that you’ve got Ubuntu Server up and running, it’s time to tighten up the security. Here are some network security best practices you should implement immediately:

    1. Secure SSH Access

    By default, SSH allows remote login to your server. To improve security:

    • Disable root login: Edit the SSH config file to prevent root login.
    sudo nano /etc/ssh/sshd_config

    Change PermitRootLogin yes to PermitRootLogin no.

    Use key-based authentication: Disable password authentication to make your server more secure.

    sudo nano /etc/ssh/sshd_config
    • Set PasswordAuthentication no and ensure that PubkeyAuthentication yes is enabled.

    Restart the SSH service after making changes:

    sudo systemctl restart sshd
    1. Configure a Firewall

    Ubuntu comes with UFW (Uncomplicated Firewall) pre-installed. To configure basic firewall rules:

    sudo ufw allow OpenSSH   # Allow SSH connections
sudo ufw enable          # Enable the firewall

    If your server will host web services, you can allow HTTP and HTTPS traffic as well:

    sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

    Check the status to confirm the firewall is active:

    sudo ufw status

    3. Keep Software Up-to-date

    One of the easiest ways to stay secure is to ensure your system and applications are always up to date. Enable automatic security updates to make life easier.

    sudo apt install unattended-upgrades

    4. Disable Unused Services

    Review the services running on your server and disable any that aren’t needed. For example, if you’re not running a mail server or FTP service, disable them to reduce your attack surface:

    sudo systemctl disable postfix
sudo systemctl stop postfix

    Final Thoughts

    Installing Ubuntu Server on bare metal is just the beginning of setting up a secure and stable environment. By following these network security best practices, you can ensure that your server is not only running efficiently but also protected against common threats. Always remember, security is an ongoing process, so keep monitoring your system and stay updated with the latest patches.

    Good luck!

    Leave a Reply

    Your email address will not be published. Required fields are marked *