Repetitive Linux setup tasks (Ub 14.04)

Server

/etc/network/interfaces
#public
iface eth0 inet static
address x.x.x.x
netmask 255.255.255.0
network x.x.x.0
broadcast x.x.x.255
gateway x.x.x.1

#private
iface eth1 inet static
address x.x.x.x
netmask 255.x.x.x

/etc/hostname
/etc/hosts
127.0.0.1     localhost
192.168.1.32  <hostname> <fqdn>

ifdown -a
ifup -a
ifconfig -a

sudo passwd

Disable IPv6
/etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

SSH

/etc/ssh/sshd_config
Port
ListenAddress
LoginGraceTime
PermitRootLogin
AllowUsers username
AuthorizedKeysFile
PasswordAuthentication
PrintMotd no
PrintLastLog no
AllowTcpForwarding no
X11Forwarding no
PermitUserEnvironment no

1.  puttygen
2.  generate keys
3.  assign passphrase
4.  login to server
5.  mkdir /home/<username>/.ssh
6.  chmod 700 .ssh
7.  vi /home/<username>/.ssh/authorized_keys
8.  edit pubkey, single line:
	"ssh-rsa AAAAB3NzaC1yc2EAA...." blah, blah, blah
9. chmod 600 authorized_keys
10. sudo service ssh restart
11. Putty client > Connection > SSH > Auth > private key
12. Putty client > <username>@<serverIP>

iptables

#need this
sudo apt-get install iptables-persistent
#list
sudo iptables -L --line-numbers
sudo iptables -S
#delete chain
sudo iptables -X <chain-name>
#Delete rule
sudo iptables -D INPUT <line-number>
#existing and related
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#ssh
sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#default drop rule
sudo iptables -A INPUT -j DROP
#default drop policy
sudo iptables -P INPUT DROP
#save manually
sudo service iptables-persistent save
#backup
sudo iptables-save > ~/iptables-rules.fw
#list rules by "-t"able
sudo iptables -t nat -L

Apache

apt-get update
apt-get install apache2 apache2-doc
vi /etc/apache2/apache2.conf
Add "ServerName localhost"
Change "LogLevel Info" (troubleshooting)
vi /etc/apache2/sites-available/000-default.conf
Add virtual hosts as needed
a2ensite /etc/apache2/sites-available/000-default.conf (enable site)
apache2ctl restart (also "graceful")

Postgre

apt-get install postgresql-9.3 postgresql-contrib-9.3 postgresql-doc-9.3
which psql
Alias /postgredoc /usr/share/doc/postgresql-doc-9.3/html
Require all granted

Misc

http://www.cyberciti.biz/faq/setting-up-an-network-interfaces-file/
http://stackoverflow.com/questions/22078114/design-pattern-for-logging-from-a-web-server-worker-as-an-unprivileged-user-in-p
http://ubuntuserverhelp.com/sudo-timeout/

ps -eo pid,etime,euser,rss,vsz,pmem,comm,args --sort comm --cols 100 | grep "nginx\|gunicorn"

vi search/replace in file

:%s/OLD/NEW/g

Leave a Reply

Your email address will not be published. Required fields are marked *