HOW-TO Setup Ubuntu Server in the Cloud - Part I

I just bought a server in the Cloud to run my development tools (i.e. SVN, JIRA, MySQL etc.). It is a 8.04 Ubuntu server with root access. So I need this server to work the way I want it, so here are the steps I took to prepare it:

1. Change the .bashrc file
I am so used to typing 'll' in the command line as alias for 'ls -lsa' that the first thing I changed was the .bashrc file to have the standard aliases enabled.

Type:

root@XXXCNN4730:/# vi ~/.bashrc

Find the lines below and remove the comment marker '#' from the beginning of the line.

# some more ls aliases
alias ll='ls -l'
alias la='ls -A'
alias l='ls -CF'

Remember that I was logged in as root in my server, so I will need to change this later for any new user I create as well.

2. Change the SSH port
The place I work at does not allow us to connect to lower ports from our network. The 443 is usually enabled in the companies firewalls so people can connect to HTTPS sites. I chose to use this port as the default for my ssh server, but one can choose whatever port you like.
Type:

root@XXXCNN4730:/# vi /etc/ssh/sshd_config

Find the line with the Port number and change it:

Port 443

Reload the sshd configuration:

root@XXXCNN4730:/# /etc/init.d/ssh reload

For a more thorough HOW-TO on ssh check this other post.

3. Disable root access
Allowing remote root access is a security risk that should be avoided at all costs. The best approach for this matter would be to create a new user and add it to the 'sudoers' list, i.e. allow this user to issue command as root after it is logged in. In the command below you might want to change 'users' to another group and 'dambrosio' to the user name you want to create.

root@XXXCNN4730:/# adduser --ingroup users dambrosio
Adding user `dambrosio' ...
Adding new user `dambrosio' (1000) with group `users' ...
Creating home directory `/home/dambrosio' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for dambrosio
Enter the new value, or press ENTER for the default
        Full Name []: Daniel Ambrosio
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [y/N] y

Now we need to add this newly created user to the 'sudoers' list, allowing to issue commands as if it were logged in as root.

root@XXXCNN4730:/# visudo

The editor will open the sudoers list and you will need to add a line with the privileges specification for the new user. Once more, remember to change 'dambrosio' to the name of your new user.

# User privilege specification
root    ALL=(ALL) ALL
dambrosio       ALL=(ALL) ALL

Now test it! Open a new terminal window and log in as the new user through ssh. Remember to change the '.bashrc' file for this user as well and issue the command below. Note that the logged in user changes from dambrosio to root, even though it still at dambrosio's home path. The password you need to type is the one you just used to log in as dambrosio.

dambrosio@XXXCNN4730:~$ sudo su
[sudo] password for dambrosio:
root@XXXCNN4730:/home/dambrosio#

Be sure that the command above is really working before proceeding.
To disable the ssh access for the root user, open the sshd_config file again:

root@XXXCNN4730:/# vi /etc/ssh/sshd_config

Find the 'PermitRootLogin' option and change it from 'yes' to 'no' and reload the sshd_config file again:

root@XXXCNN4730:/# /etc/init.d/ssh reload

Now test if the access is really closed:

ssh root@xxxcnn4730 -p 443
login as: root
root@xxxcnn4730's password:
Access denied

4. Install the locate tool
The 'locate' tool is used to find files in your system. My Cloud server did not have it installed by default, so I did the installation and updated its database.

dambrosio@XXXCNN4730:/home/dambrosio# sudo apt-get install locate
dambrosio@XXXCNN4730:/home/dambrosio# sudo updatedb

Of course we do not want to run the updatedb command every time we change something in the file system, so I will add an entry to the crontab to run the updatedb every day at 04:30 AM. Believe it or not, this server did not come with 'cron' nor 'crontab' installed.

dambrosio@XXXCNN4730:/home/dambrosio# sudo apt-get install cron
dambrosio@XXXCNN4730:/home/dambrosio# crontab -e

Now add this to the file opened in the editor:

30 04 * * * /usr/bin/updatedb

Go to Part II of the Setup Ubuntu Server in the Cloud Series: Install and configure a Firewall.