Ubuntu >= 18.04

Hostname

Set hostname:

hostnamectl set-hostname myhostname

Get:

hostnamectl

Furthermore you have to edit

/etc/cloud/cloud.cfg

from

preserve_hostname: false

to

preserve_hostname: true

Network

You have to edit

/etc/netplan/*.yaml

Example:

01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
 version: 2
 renderer: networkd
 ethernets:
   enp0s3:
     dhcp4: no
     dhcp6: no
     addresses: [192.168.178.10/24]
     gateway4: 192.168.178.1
     nameservers:
       addresses: [192.168.1.1,8.8.8.8,8.8.4.4]
       search: [home.com, lab.com]

Another example:

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
 version: 2
 renderer: networkd
 ethernets:
   enp4s0:
     dhcp4: no
     dhcp6: no
     addresses: [192.168.1.100/24]
     gateway4: 192.168.1.1
     mtu: 1500
     nameservers:
       addresses: [192.168.1.1]
       search: [local]
   eno1:
     dhcp4: no
     dhcp6: no
 bridges:
   vmbr0:
     dhcp4: no
     dhcp6: no
     interfaces: [eno1]
     addresses: [10.0.0.100/24]
     gateway4: 10.0.0.1
     mtu: 1500
     #nameservers:
     #  addresses: [8.8.8.8,8.8.4.4]
     #parameters:
     #  stp: true
     #  forward-delay: 4

2 Interfaces:

network:
 version: 2
 renderer: networkd
 ethernets:
   ens3:
     dhcp4: no
     dhcp6: no
     addresses: [10.0.0.100/24]
     gateway4: 10.0.0.1
     mtu: 1500
     nameservers:
       addresses: [10.0.0.1]
       search: [home]
   ens9:
     dhcp4: no
     dhcp6: no
     addresses: [192.168.30.100/24]

Commands

sudo netplan try
sudo netplan apply                                   #apply config
sudo netplan --debug apply                           #in case you run into some problems

DNS

systemctl status systemd-resolved.service
systemd-resolve --status
resolvectl status                                    #to check which upstream nameservers your local resolver use
resolvectl flush-caches
/etc/systemd/resolved.conf
/etc/nsswitch.conf                                   #change to: "hosts:          files dns mdns4_minimal [NOTFOUND=return]"

Set dns suffix:

resolvectl domain ens9 local                         #set dns suffix/ domain for interface "ens9" to "local"
resolvectl domain eth0 mydomain.local

Firewall

systemctl status ufw.service

Proxy

System wide proxy:

sudo vi /etc/environment
http_proxy="http://my.proxyserver.net:8080/"
https_proxy="http://my.proxyserver.net:8080/"
ftp_proxy="http://my.proxyserver.net:8080/"
no_proxy="localhost,127.0.0.1,::1"
http_proxy="http://<username>:<password>@<hostname>:<port>/"
https_proxy="http://<username>:<password>@<hostname>:<port>/"
ftp_proxy="http://<username>:<password>@<hostname>:<port>/"
no_proxy="<pattern>,<pattern>"

Just for apt/ apt-get:

vi /etc/apt/apt.conf
Acquire::http::Proxy "http://PROXY_FQDN_or_IP:8080";
Acquire::https::Proxy "https://PROXY_FQDN_or_IP:8080";
Acquire::ftp::proxy "ftp://PROXY_FQDN_or_IP:8080";

System Time

timedatectl status
timedatectl set-timezone UTC                     #set to UTC
timedatectl set-timezone CET                     #set to CEST
systemctl status systemd-timesyncd.service
/etc/systemd/timesyncd.conf
apt install chrony
/etc/chrony/chrony.conf
systemctl status chrony.service
systemctl restart chrony.service
systemctl is-enabled chrony.service
chronyc sourcestats
chronyc tracking

/etc/chrony/chrony.conf:

pool 0.ubuntu.pool.ntp.org iburst
pool 1.ubuntu.pool.ntp.org iburst
pool 2.ubuntu.pool.ntp.org iburst

Misc

# echo "alias ll='ls -l'" >> /etc/bash.bashrc

Make sure that this file is executed whenever an user enters a shell by adding the following in ~/.bashrc:

# Source global definitions
if [ -f /etc/bash.bashrc ]; then
    . /etc/bash.bashrc
fi

Delete History:

history -d linenumber      #linenumber
history -c                 #all history

Certificates

https://ubuntu.com/server/docs/security-trust-store

To install a selfsigned certificate:

sudo apt-get install -y ca-certificates
sudo cp local-ca.crt /usr/local/share/ca-certificates
sudo update-ca-certificates

Note: It is important to have the “.crt” extension on the file, otherwise it will not be processed.

sudoers

admin      ALL = NOPASSWD: ALL

arp

arp -a                                  #show all arp entries
arp -d entry                            #delete entry
ip -s -s neigh flush all                #

apt-key

To add a key on the old apt-key way:

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 5072E1F5

or

apt-key adv --keyserver http-proxy=http://my-proxy:8080 hkp://keyserver.ubuntu.com:80 --recv 5072E1F5

Note: The ID “5072E1F5” you are getting by running previously “apt-get update”!

To solve “apt-key” Deprecation on Ubuntu, if you get a message like

http://de.archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details

Execute

apt-key list

Example output:

apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2023-01-21 [SC] [expires: 2031-01-19]
      B8B8 0B5B 623E AB6A D877  5C45 B7C5 D7D6 3509 47F8
uid           [ unknown] Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
sub   rsa4096 2023-01-21 [S] [expires: 2031-01-19]

Run

sudo apt-key export 350947F8 | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/debian.gpg

Note:

You get the id “350947F8” from the last 8 digits of “3509 47F8”. When running “apt-key list” there may be several results and not just one like in the example. So just have a look on the domain names to identify the key you want to export.

On debian systems you have to export to

/usr/share/keyrings/

and not to

/etc/apt/trusted.gpg.d/       #works on ubuntu 22.04

!

linux/ubuntu/ubuntu18.txt · Last modified: 2024/01/24 14:55 by tmade
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki