• Aptitude
  • apt get update
  • aptitude build scripts

• Sysadmin stuff
  • Make non-root default user

• SSH
  • No root login

• Docker

Aptitude

Ubuntu 16.04 LTS

Fresh dev machine apt script

Runs apt-get for all the dev things you need. Ubuntu 16.04 LTS.

#!/bin/sh
#
# Run as root
# 
# Use the -s flag to simulate this command before actually running it,
# as libraries tend to shift around a lot between Ubuntu versions.

echo "export EDITOR=\"vim\"" >> ~/.bash_profile

# Stupid ubuntu packages
# http://askubuntu.com/questions/593433/error-sudo-add-apt-repository-command-not-found#639431
apt-get install software-properties-common

apt-get install -y \
	vim \
	aptitude \
	build-essential \
	checkinstall \
	make \
	m4 \
	bison \
	flex \
	tar \
	perl \
	binutils \
	sed \
	gawk \
	\
	git \
	wget \
	curl \
	docker \
	\
	python2.7 \
	python3 python3-pip \
	\
	libreadline-gplv2-dev  \
	libncursesw5-dev \
	libssl-dev

Dotfiles

Wait until you create a user to install any dotfiles, of course. Root remains plain and uncontaminated.

Unix dotfiles - yargwid repo https://github.com/charlesreid1/yargwid

Mirror: http://git.charlesreid1.com/charlesreid1/yargwid

Users

See Unix/Sysadmin

Add a non-root user

#!/bin/sh

export USERNAME="zappa"

echo "Making user ${USERNAME}"
useradd ${USERNAME}

echo "Setting home directory /home/${USERNAME}"
mkdir -p /home/${HOME}
chown ${USERNAME} /home/${HOME}
usermod -d /home/${HOME} ${USERNAME}

echo "Setting ${USERNAME} shell to bash"
usermod -s /bin/bash ${USERNAME}

echo "If you want to add ${USERNAME} to sudo group, run the command yourself:"
echo ""
echo "    usermod -G sudo ${USERNAME}"
echo ""

echo "Set password for ${USERNAME}:"
passwd ${USERNAME}

Once user is in sudo group, no need to add them to sudoers file.

SSH

SSHD Config

Set up sshd config file:

$ sudo vim /etc/ssh/sshd_config

Specifically, here are the keys to change:

PermitRootLogin no

then restart the sshd service:

$ sudo service sshd restart

SSL

This covers how you get an SSL certificate to run encrypted services on a server.

Lets Encrypt

Getting a certificate for the domain associated with the new node:

• Visit Let's Encrypt website https://letsencrypt.org/
• If command line access, redirected to CertBot https://certbot.eff.org/
• Run commands to install certbot command line utility

Installing Certbot

CertBot directs me to run the following as sudo:

#!/bin/sh

add-apt-repository ppa:certbot/certbot
apt-get update
apt-get -y install certbot 

Obtaining a cert from the "webroot" plugin (of certbot) requires access to the root web directory. Certbot will use this access to get certificates and put them in the right place. (Where?)

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

Side note: installing Apache to test certificates

Plan is to use Docker for running server images, but am trying to get ssl set up first.

Really quick, let's install an apache web server just to see how this all works.

sudo apt-get install apache2

This installs apache2 to the default location. We can now put a quick "hello world" html file into the web root, which is by default at /var/www/html. (If we don't know where it is, we can check the default apache config file which is in /etc/apache2/, and that will specify the web root location.)

Create a hello world page:

$ echo "<h2>OHAI WERLD</h2>" > /var/www/html/index.html

May need to be sudo, since by default my /var/www/ was owned by root.

Now start the apache service:

$ sudo service apache2 restart

Now you can visit your new machine's IP address in the web browser and see "OHAI WERLD".

Note that if you set up any A Name records for a domain to forward to your server, you can also check those now.

This Apache server does not have SSL set up yet, we'll do that once we generate the SSL certificates.

Docker

Installing

See Docker/Installing

$ apt-get install docker

Flag