4 posts tagged with "ubuntu"

0. Sizes for /boot and /boot/efi​

• /boot Partition: You could reduce the /boot partition size to around 200 MB. This should still be sufficient to hold the kernel and initramfs image. Be cautious, as going too small could lead to issues during unexpected updates or changes that might require space, such as security patches for the kernel.
• /boot/efi Partition: The EFI System Partition (/boot/efi) typically doesn't require much space if you're only using a few boot loaders. A size of 100 MB is often recommended as a minimum by many Linux distributions and should be more than adequate for most single-boot configurations.

1. Install pre-installed ubuntu server​

• Download pre-installed ubuntu server: Ubuntu Server 24.04 (Noble Numbat) Daily Build
• use mkusb - Community Help Wiki to flash: dus xxx.tar.xz

2. Remove Unnecessary Packages (compile envionrment)​

After installation, you can remove packages that are not necessary for your server's purpose:

• List installed packages:

dpkg-query -W --showformat='${Installed-Size}\t${Package}\n' | awk '{print $1/1024 " MB\t" $2}' | sort -n -r

• Remove unnecessary packages: sudo apt-get remove --purge package-name

sudo apt-get remove --purge build-essential autoconf automake gcc g++

3. Disable Unnecessary Services​

Ubuntu Server starts several services by default. Disabling services that are not needed can save system resources:

• Check running services: systemctl list-unit-files --state=enabled
• Disable a service: sudo systemctl disable service-name

4. Clean Up Apt Cache​

After installing or updating packages, clean up the APT cache to free up disk space:

sudo apt-get clean

5. Limit Installed Software​

Only install the software that is necessary for your server to function. Evaluate the need for each package before installing it.

6. Configure NoInstallRecommends​

By default, apt installs recommended packages along with dependencies. You can limit this behavior by configuring APT to not install recommended packages:

echo 'APT::Install-Recommends "0";' | sudo tee -a /etc/apt/apt.conf.d/01norecommends
echo 'APT::Install-Suggests "0";' | sudo tee -a /etc/apt/apt.conf.d/01norecommends

7. Use Lightweight Alternatives​

Where possible, use lightweight alternatives to common software. For example, use nginx instead of apache2 if you need a web server but require less overhead.

8. Optimize Configuration Files​

Review and optimize configuration files to ensure that no unnecessary modules or plugins are loaded.

9. Regularly Monitor and Audit​

Set up a routine to regularly check and audit your system:

• Use tools like ncdu (NCurses Disk Usage) to analyze disk usage.
• Use htop or top to monitor running processes and resource usage.

10. Use System Snapshots​

Before making significant changes, consider using tools like timeshift to take system snapshots. This allows you to revert back if the changes do not produce the desired effect.

11. Security and Updates​

Ensure your minimal server setup is secure and receives necessary security updates. Minimal installations can still be vulnerable to security risks.ƒqn

How To Download Packages With Dependencies Locally In Ubuntu, Debian, Linux Mint, Pop OSLink Text​

Method 1​

$ sudo apt-get install --download-only <package_name>

All downloaded files will be saved in /var/cache/apt/archives directory.

$ sudo dpkg -i *

Method 2​

if we have installed packages already, use the apt-rdepends

$ sudo apt install apt-rdepends

apt download $(apt-rdepends vim | grep -v "^ ")

if we get errors like this

E: Can't select candidate version from package debconf-2.0 as it has no candidate

delete version specified in name like this

$ apt-get download $(apt-rdepends vim | grep -v "^ " | sed 's/debconf-2.0/debconf/g')

Then

$ sudo dpkg -i *

SSSD and Active Directory​

1. install packages:

$ sudo apt install sssd-ad sssd-tools realmd adcli sssd-tools sssd libnss-sss libpam-sss adcli packagekit

2. join domain

$ sudo realm discover -v $DOMAIN
$ sudo realm join $DOMAIN

3. edit /etc/sssd/sssd.conf

$ vim /etc/sssd/sssd.conf

[sssd]
domains = ad1.example.com
config_file_version = 2
services = nss, pam

[domain/ad1.example.com]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AD1.EXAMPLE.COM
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = ad1.example.com
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad

# the following is not shown in ubuntu documentation,
# but is necessary for version after 22
ad_gpo_ignore_unreadable = True
ad_gpo_access_control = permissive

4. automatically create home directory

$ sudo pam-auth-update --enable mkhomedir

5. check

$ getent passwd $USERNAME@$DOMAIN

6. login

$ sudo login

ad-client login: $USERNAME@$DOMAIN
Password: 
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-24-generic x86_64)
...
Creating directory '/home/john@ad1.example.com'.
john@ad1.example.com@ad-client:~ 

• references
  • SSSD and Active Directory

Member Server in an Active Directory Domain​

1. Install packages:

$ sudo apt install realmd samba libnss-winbind samba-common-bin libpam-winbind winbind

2. Edit /etc/resolv.conf

nameserver # BD server ip address

3. find realm

$ sudo realm discover 

4. Realm join

$ sudo realm join -v --membership-software=samba --client-software=winbind $DOMAIN REALM

5. edit /etc/nsswitch.conf

passwd:         files systemd winbind
group:          files systemd winbind

6. automatically create home directory

$ sudo pam-auth-update --enable mkhomedir

7. see references for more detail

• references
  • Member Server in an Active Directory Domain