Using Ubuntu Server 12.04 LTS
This article discusses topics related to configuring, managing and maintaining Ubuntu Server 12.04 LTS Precise Pangolin, a long-term release of the popular Debian-based Linux operating system. Although it can be used and configured countless other ways, the rest of the articles in this wiki assume it is configured per this article.
Packages
Update packages
Ubuntu uses a package (aka software) management feature that makes it easy to both install new packages and maintain installed packages. The aptitude or apt-get commands, which must be run with root privileges, are used to update the server's database of available packages and their most recent versions, add new packages, and remove packages. For example, entering aptitude update with root privileges performs the update of the server's package database and aptitude upgrade will install all available updates. The update will usually take a minute or two to complete, and it is generally a good idea to upgrade available updates. This can conveniently be done with one simple entry using &&.
username@servername:~$ sudo aptitude update && sudo aptitude upgrade
Ubuntu will ask if available updates should be installed. Note the (Y/n) options stated are case-sensitive.
Ubuntu will automatically query daily for available updates and display them in the login message.
Fresh installs
There are nearly always important security updates available to a freshly installed OS, so running update and upgrade should generally be the first thing done after initializing a new server.
Rebooting after upgrade
Some upgrades will require a reboot of the server. To determine this, after running an upgrade, use the ll command to check whether or not the file /run/reboot-required exists in the /run/ directory.
username@servername:~$ ll /run/
If there is no reboot-required file listed in the directory, then no reboot is required for the upgrade Ubuntu just performed. However, sometimes services require restarting that were not restarted after a package was upgraded. This can cause issues with web related services, so be sure to verify that all web services are running correctly after an upgrade by visiting web pages that use all of the web services installed and make sure they load and behave as expected.
Upgrades may inform users that files to be installed are different from the current installation, and will then offer a number of options. Usually, the default will be to keep the installed file. However, in many cases this may not be optimal. Use the option to view the differences in files. The most common differences will be the new default portions of the new file and user customizations of the old file. Frequently the best way to handle this is to note the differences in the file, then select the option to install the new file and add the customizations to the new file after the upgrade has completed. Note that, conveniently, the upgrade process should save the previous file in the same directory as the old file with the format filename.dpkg-old.
Package management
Ubuntu Server 12.04 LTS, launched in April of 2012, will be maintained by Canonical Ltd. until April of 2017, so admins running the software can feel confident that the core of Ubuntu will be secure for a reasonably long period without having to upgrade the distribution. However, many third-party software packages have not been updated since 12.04 was launched.
It is important for admins to pay attention to the software versions being installed as security holes will get plugged in future releases of software, leaving the unmaintained versions as vulnerable vectors of attack to the servers running them. The reason a patched vulnerability is of greater concern is that it represents a public announcement that any server running old software will have this vulnerability, so the maintainers of the world's underground webcrawlers will promptly add the vulnerability as an additional item to scan for.
Here are four popular ways to manage software packages: the official 12.04 repositories, back-ports, personal package archives, and git.
Official repositories
The 12.04 repositories should generally be looked at with a skeptical eye, as most of the packages have not been updated since the release of 12.04. The most popular packages are updated, such as PHP, OpenSSL, OpenSSH, etc, but other packages, such as nginx, phpMyAdmin, git, ImageMagick, and a litany of others remain stuck in time. Check the Ubuntu Package Search page to search for the package to be installed and compare the version listed in the repository with the latest stable version at the software developer's project page, though note that some developers may choose to host their project pages with third parties such as sourceforge or GitHub.
Using the official repositories is the easiest of all methods to install and maintain a package. Entering the aptitude (or apt-get) and install commands, followed by the package name, will install the package based on the most recent update of the repositories. Everything from the 12.04 repositories is available by default with this command.
username@servername:~$ sudo aptitude install packagename
Upgrading packages installed this way will be done through via the normal update and upgrade commands.
Backports
Backports are a way to install a package that is in a newer Ubuntu release than the current release. The issue with backports is that the software may be configured in ways that are not compatible with the release being used (12.04, in this case). It is usually best to use backports only when the developer recommends it.
To install a backport version of a package, use the following command:
username@servername:~$ sudo aptitude install packagename/precise-backports
Since backports use the official repository, the available packages are updated and upgrades are installed through the update and upgrade commands.
Personal package archives
A personal package archive (PPA) is a tool for installing and maintaining packages not reviewed by the Ubuntu team but still using largely the same, convenient method for installing and upgrading as the official repositories use. PPAs are maintained through launchpad. There is an inherent security risk in using PPAs and they should be reviewed before being used. If the PPA is regularly updated, supports a large number of Ubuntu releases, has been around for a number of years and googling it does not reveal that anyone has had issues specifically related to the package, then there is a good chance that the package is a good one and is safe to use.
PPAs are not included as part of the default repositories, so each one will have to be added so that Ubuntu will check for packages in the PPA that are applicable to the release (12.04, in this case). While this can be done by editing text files, the add-apt-repository command, from the python-software-properties package, is commonly used to add packages to sources.list.
username@servername:~$ sudo aptitude install python-software-properties
Installing a PPA is done by getting the PPA's repository name, which is stated on the launchpad page for the PPA in the form of ppa:<repository name>. Adding the PPA adds a new source for updates to be pulled from, but the update command will need to be used for anything in the PPA to be installed.
Installing a PPA:
username@servername:~$ sudo add-apt-repository ppa:<repository name> username@servername:~$ sudo aptitude update username@servername:~$ sudo aptitude install packagename
Packages installed via PPA will be maintained through the update and upgrade commands.
Note that if the PPA offers a newer version of a package installed from some other source, such as the official Ubuntu repositories, then Ubuntu will upgrade to the newer version provided by the PPA.
git
Git is a tool used widely by developers for version management. To understand git a little better, it may be worthwhile to read the Wikipedia git article. Although git is not a tool unique to Ubuntu, or Linux for that matter, it is important for admins to understand the basics of installing and maintaining software using git before using it to install a package. Note that since git is intended to be a tool for developers, it is not generally advised to use it for package installation and management unless no other option is offered by the developer of the package.
For the latest version of git, it is best to use a PPA:
username@servername:~$ sudo add-apt-repository ppa:git-core/ppa username@servername:~$ sudo aptitude update | sudo aptitude install git
/var/run/
Ubuntu 12.04 does not use the /var/run/ directory. Instead, it uses the /run/ directory, with a symlink from /var/run/ to /run/. This is useful to know as many sites may discuss entries in /var/run/ and new users may not realize this directory is no longer used. Similarly, many configuration files have not been updated and may still point to /var/run/, yet will still run properly because of the symlink.
Additional useful packages
Some additional, minor, yet convenient packages.
unzip & zip
Installing the unzip package creates the unzip command, which can extract .zip compressed files, and vice-versa for zip.
username@servername:~$ sudo aptitude install unzip zip
To decompress a .zip file to the current directory, use the unzip command followed by the file location. As with everything in Ubuntu, sufficient privileges will be required.
username@servername:~$ unzip /path/to/filename.zip
The unzip command has several options for renaming and relocating decompressed data, instructions for which can be found in its man page, but most useful is the -d option.
username@servername:~$ unzip -d /target/decompress/directory/ /path/to/filename.zip
whois
Installing the whois package creates the whois command to conveniently and quickly retrieve a domain's whois record.
username@servername:~$ sudo aptitude install whois
When desiring to look up a domain's whois record, it can often be faster to establish an SSH session (if one isn't already running) to a server and run the whois command than to use a website service, which often requires logging in and dealing with CAPTCHA. To view the records in full, it is useful to run whois with the |less option.
username@servername:~$ whois example.com |less
lynx
Lynx is a text-based HTML browser than can be used from the command line with the lynx command. It can be used to quickly verify a page is loading, but note that it has no javascript or image capabilities.
username@servername:~$ sudo aptitude install lynx
To browse a website:
username@servername:~$ lynx example.com
To exit, simply enter q.
tar
The tar package is installed by default in Ubuntu. It is both a file format and a program. The program can be used to create and extract compressed tar files, which may be further compressed with the gzip (archivename.tar.gz) or bzip2 (archivename.tar.bz2) programs, which are also installed by default in Ubuntu. Files created with tar are commonly referred to as tarballs.
The biggest advantage tar has over zip is that the archive can be created to retain information such as file ownership and permissions. The biggest disadvantage is that tar files are generally only usable by *nix operating systems, so users of Windows will have to download some additional utility, such as 7-Zip, to extract the files.
Using tar
tar options.As popular as tar is, remembering the myriad options can be difficult, and it pretty much can't be used without options. Below is an option set that will allow compression and extraction to retain file ownership and permissions. Note that the options and their usage may not function as stated below in non-Ubuntu Linux distributions and other *nix operating systems.
Options for compressing with tar and gzip
This command will create archivename.tar.gz from the files or directories specified using the gzip program and will preserve ownership and permission information.
username@servername:~$ tar -cvf archivename.tar.gz fileordirectoryname1 fileordirectoryname2
Options for compressing with tar and bzip
To compress using bzip, simply use the above commands, but add the j option:
username@servername:~$ tar -jcvf archivename.tar.bz2 fileordirectoryname1 fileordirectoryname2
Extracting tarballs
This command will extract tarballs to the current directory and retain ownership and file permissions. Executing without sudo will perform the command, but will assign the current user as owner while retaining file permissions. Note that it may be somewhat inconvenient to use sudo unless it is known that the archive was created with correct ownership and permissions.
username@servername:~$ sudo tar -xvf archivename.tar.gz
Note that this option set will extract both gzip and bzip archives.
Adding the -C option will extract the archive to /directoryname/.
username@servername: sudo tar -xvf archivename.tar.gz -C /directoryname/
Session display name
Some admins may find they have many servers with the same prefix. For example, mail.example.com and mail.example2.com. Ubuntu will ignore everything after . (including the .), so in the example, .example.com and .example2.com will be removed at the command prompt and both sessions will be titled . This will also be communicated to SSH clients such as PuTTY. Making a change in the ~/.bashrc will change the display name in clients, making it easier to tell which session is which server with multiple sessions open.
username@servername:~$ nano .bashrc
Change:
# PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
Create a new line just below it, and add:
PS1='\[\e]0;\u@mail.example.com: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
From the above example, mail.example.com may be any text desired. To accomplish the same thing for the root user, perform the same edit to /root/.bashrc. Note the space between come: \: this is intentional so as to place a space between the command prompt and the cursor.