What the heck is pasāda?
Pasāda is an ancient Pāli word that means "clearness; brightness; joy; faith; the faculty of senses."
पसाद
Pasāda is an ancient Pāli word that means "clearness; brightness; joy; faith; the faculty of senses."
पसाद
Post OS Installation Tasks
The following outlines the post installation tasks that you should perform to configure your server for basic operation, such as network interface and firewall configuration, server localization, time synchronization, timezone configuration, etc.
By default, the OS installer attempts to dynamically obtain an IP address via DHCP. It is common practice to statically assign the host, gateway and DNS IP addresses. This example assumes a simple configuration with a single network interface. Detailed configuration information can be found in the Network Configuration section of the Ubuntu Server Guide. The following will walk you through how to statically assign your server's network configuration:
Open the server's network interfaces configuration file:
sudo nano /etc/network/interfaces
Set the following values, substituting the IP addresses relevant to your environment:
auto eth0
iface eth0 inet static
address 10.0.0.100
netmask 255.255.255.0
gateway 10.0.0.1
Open the DNS configuration file:
sudo nano /etc/resolv.conf
Enter the following values, substituting your own DNS and domain information:
nameserver 10.0.0.10
nameserver 10.0.0.11
domain example.com
search example.com
Now would be a good time to add A (host) and CNAME (alias) records for your server in DNS.
In some hosting enviroinments, it may be necessary to configure server localization settings after installation. For example, we are located in Toronto, Canada, however we used Rackspace Cloud Servers located in Chicago to test and build this recipe. We noticed that it was necessary to run the following to change from en_US to en_CA (US to Canadian English - yes, there's a difference):
sudo localedef -v -c -i en_CA -f UTF-8 en_CA.UTF-8
You may have configured the timezone data during initial installation, but if the server was deployed from the image you may need to reconfigure the timezone data.
sudo dpkg-reconfigure tzdata
If you are working as root, it is a good idea to create an administrative account to work from. The following commands will create a new user account named "admin", set the user's primary group to "staff", add the user to the "sudo" group and set the password:
sudo useradd -m -s /bin/bash -g staff -G sudo admin
passwd admin
If you have created an administrative user during install, you will need to add that user to a staff group so that information created by that user can be shared with others.
sudo usermod -g staff admin
Get the most recent list of available updates and install. We will use the apt-get command to update the system and then restart the server to implement the upgrades:
sudo apt-get update
sudo apt-get -y dist-upgrade
sudo /sbin/shutdown -r now
Now let's log back in and configure the iptables firewall to secure your server.
Allow traffic on local interface:
sudo iptables -A INPUT -i lo -j ACCEPT
Allow all traffic with established or related state:
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Allow ssh, http, and https traffic:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Set the default policy to drop instead of accept traffic:
sudo iptables -P INPUT DROP
Save the iptables configuration to /etc/iptables.rules:
sudo iptables-save | sudo tee /etc/iptables.rules
Create a startup script to restore rules on startup:
echo '#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0' | sudo tee /etc/network/if-pre-up.d/iptables
Create a shutdown script to save rules on shutdown:
echo '#!/bin/sh
if [ -f /etc/iptables.downrules ]; then
iptables-restore < /etc/iptables.downrules
fi
iptables-save -c > /etc/iptables.save
exit 0' | sudo tee /etc/network/if-post-down.d/iptables
Set the startup and shutdown scripts to be executable:
sudo chmod +x /etc/network/if-post-down.d/iptables /etc/network/if-pre-up.d/iptables
Install an NTP server to keep your server's time in sync:
sudo apt-get -y install ntp
Find an error? Know a better way? Please leave a comment and help improve this cookbook.