===== Ubuntu >= 18.04 =====
====Hostname====
Set hostname:
hostnamectl set-hostname myhostname
Get:
hostnamectl
Furthermore you have to edit
/etc/cloud/cloud.cfg
from
preserve_hostname: false
to
preserve_hostname: true
====Network====
You have to edit
/etc/netplan/*.yaml
Example:
01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp0s3:
dhcp4: no
dhcp6: no
addresses: [192.168.178.10/24]
gateway4: 192.168.178.1
nameservers:
addresses: [192.168.1.1,8.8.8.8,8.8.4.4]
search: [home.com, lab.com]
Another example:
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp4s0:
dhcp4: no
dhcp6: no
addresses: [192.168.1.100/24]
gateway4: 192.168.1.1
mtu: 1500
nameservers:
addresses: [192.168.1.1]
search: [local]
eno1:
dhcp4: no
dhcp6: no
bridges:
vmbr0:
dhcp4: no
dhcp6: no
interfaces: [eno1]
addresses: [10.0.0.100/24]
gateway4: 10.0.0.1
mtu: 1500
#nameservers:
# addresses: [8.8.8.8,8.8.4.4]
#parameters:
# stp: true
# forward-delay: 4
2 Interfaces:
network:
version: 2
renderer: networkd
ethernets:
ens3:
dhcp4: no
dhcp6: no
addresses: [10.0.0.100/24]
gateway4: 10.0.0.1
mtu: 1500
nameservers:
addresses: [10.0.0.1]
search: [home]
ens9:
dhcp4: no
dhcp6: no
addresses: [192.168.30.100/24]
===Commands===
sudo netplan try
sudo netplan apply #apply config
sudo netplan --debug apply #in case you run into some problems
====DNS====
systemctl status systemd-resolved.service
systemd-resolve --status
resolvectl status #to check which upstream nameservers your local resolver use
resolvectl flush-caches
/etc/systemd/resolved.conf
/etc/nsswitch.conf #change to: "hosts: files dns mdns4_minimal [NOTFOUND=return]"
Set dns suffix:
resolvectl domain ens9 local #set dns suffix/ domain for interface "ens9" to "local"
resolvectl domain eth0 mydomain.local
====Firewall====
systemctl status ufw.service
====Proxy====
System wide proxy:
sudo vi /etc/environment
http_proxy="http://my.proxyserver.net:8080/"
https_proxy="http://my.proxyserver.net:8080/"
ftp_proxy="http://my.proxyserver.net:8080/"
no_proxy="localhost,127.0.0.1,::1"
http_proxy="http://:@:/"
https_proxy="http://:@:/"
ftp_proxy="http://:@:/"
no_proxy=","
Just for apt/ apt-get:
vi /etc/apt/apt.conf
Acquire::http::Proxy "http://PROXY_FQDN_or_IP:8080";
Acquire::https::Proxy "https://PROXY_FQDN_or_IP:8080";
Acquire::ftp::proxy "ftp://PROXY_FQDN_or_IP:8080";
====System Time====
timedatectl status
timedatectl set-timezone UTC #set to UTC
timedatectl set-timezone CET #set to CEST
systemctl status systemd-timesyncd.service
/etc/systemd/timesyncd.conf
apt install chrony
/etc/chrony/chrony.conf
systemctl status chrony.service
systemctl restart chrony.service
systemctl is-enabled chrony.service
chronyc sourcestats
chronyc tracking
/etc/chrony/chrony.conf:
pool 0.ubuntu.pool.ntp.org iburst
pool 1.ubuntu.pool.ntp.org iburst
pool 2.ubuntu.pool.ntp.org iburst
====Misc====
# echo "alias ll='ls -l'" >> /etc/bash.bashrc
Make sure that this file is executed whenever an user enters a shell by adding the following in ~/.bashrc:
# Source global definitions
if [ -f /etc/bash.bashrc ]; then
. /etc/bash.bashrc
fi
Delete History:
history -d linenumber #linenumber
history -c #all history
====Certificates====
https://ubuntu.com/server/docs/security-trust-store
To install a selfsigned certificate:
sudo apt-get install -y ca-certificates
sudo cp local-ca.crt /usr/local/share/ca-certificates
sudo update-ca-certificates
**Note:** It is important to have the ".crt" extension on the file, otherwise it will not be processed.
====sudoers====
admin ALL = NOPASSWD: ALL
====arp====
arp -a #show all arp entries
arp -d entry #delete entry
ip -s -s neigh flush all #
====apt-key====
To add a key on the old apt-key way:
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 5072E1F5
or
apt-key adv --keyserver http-proxy=http://my-proxy:8080 hkp://keyserver.ubuntu.com:80 --recv 5072E1F5
**Note:** The ID "5072E1F5" you are getting by running previously "apt-get update"!
To solve **"apt-key" Deprecation** on Ubuntu, if you get a message like
http://de.archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details
Execute
apt-key list
Example output:
apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2023-01-21 [SC] [expires: 2031-01-19]
B8B8 0B5B 623E AB6A D877 5C45 B7C5 D7D6 3509 47F8
uid [ unknown] Debian Archive Automatic Signing Key (12/bookworm)
sub rsa4096 2023-01-21 [S] [expires: 2031-01-19]
Run
sudo apt-key export 350947F8 | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/debian.gpg
**Note:**
You get the id "350947F8" from the last 8 digits of "3509 47F8". When running "apt-key list" there may be several results and not just one like in the example. So just have a look on the domain names to identify the key you want to export.
On debian systems you have to export to
/usr/share/keyrings/
and not to
/etc/apt/trusted.gpg.d/ #works on ubuntu 22.04
!