Skip to content

Instantly share code, notes, and snippets.

@TapeWerm

TapeWerm/Ubuntu Server 24.04 Aftersetup.md

Last active May 4, 2025 22:39
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save TapeWerm/47d835acbd10af9ea549298721c71298 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save TapeWerm/47d835acbd10af9ea549298721c71298 to your computer and use it in GitHub Desktop.
Download ZIP
Ubuntu Server 24.04 Aftersetup.md
Raw
Ubuntu Server 24.04 Aftersetup.md

After installing Ubuntu Server:

Time Zone

sudo timedatectl set-timezone America/Los_Angeles

SSH 2FA

sudo apt install libpam-google-authenticator
google-authenticator -tdw 17 -r 3 -R 30

Enter sudo nano /etc/pam.d/sshd, replace @include common-auth with the following, and write out (^G = Ctrl-G):

#@include common-auth

auth required pam_google_authenticator.so

Enter sudo nano /etc/ssh/sshd_config, replace KbdInteractiveAuthentication no with the following, and write out (^G = Ctrl-G):

KbdInteractiveAuthentication yes

AuthenticationMethods publickey,keyboard-interactive

sudo systemctl restart ssh

UFW

sudo apt install ufw
sudo ufw enable
sudo ufw allow ssh
sudo ufw allow 5201 # iperf

Minecraft Java Edition server:

sudo ufw allow proto tcp to 0.0.0.0/0 port 25565

Minecraft Bedrock Edition server:

sudo ufw allow proto udp to 0.0.0.0/0 port 19132
sudo ufw allow proto udp to ::/0 port 19133

Fail2Ban

sudo apt install fail2ban

Copy and paste this block:

echo '[DEFAULT]' | sudo tee -a /etc/fail2ban/jail.local
echo 'banaction = ufw' | sudo tee -a /etc/fail2ban/jail.local
echo '[sshd]' | sudo tee -a /etc/fail2ban/jail.local
echo 'enabled = true' | sudo tee -a /etc/fail2ban/jail.local
sudo systemctl enable --now fail2ban

Unattended Upgrades

sudo dpkg-reconfigure unattended-upgrades

Enter sudo nano /etc/apt/apt.conf.d/50unattended-upgrades, backspace the // from //Unattended-Upgrade::Automatic-Reboot "false";, change false to true, and write out (^G = Ctrl-G).

sudo unattended-upgrade --dry-run -v

If desktop says System is on battery power, stopping, backspace the // from // Unattended-Upgrade::OnlyOnACPower "true"; and change true to false.

Inadyn

sudo apt install inadyn

Enter sudo nano /etc/inadyn.conf, fill this in, and write out (^G = Ctrl-G):

allow-ipv6 = true
period = 300

provider no-ip.com:1 {
    username = $username
    password = $password
    hostname = $hostname.domain.tld
}

provider no-ip.com:2 {
    username = $username
    password = $password
    hostname = $hostname.domain.tld
    checkip-command = "ip -6 address show dev $ifname scope global primary | grep '^ *inet6' | head -n 1 | awk '{print $2}' | cut -d / -f 1"
}

Enter sudo nano /etc/default/inadyn, replace RUN_DAEMON="no" with RUN_DAEMON="yes", and write out (^G = Ctrl-G).

sudo systemctl restart inadyn

fstab

# List block devices and their filesystem info
lsblk -f
sudo mkdir /mnt/backup
# Mount external disk at boot
echo 'UUID=$uuid /mnt/backup $filesystem defaults 0 0' | sudo tee -a /etc/fstab
sudo mount -t $filesystem UUID=$uuid /mnt/backup

git

sudo apt install git
echo '*.swp' >> ~/.gitignore
git config --global core.excludesfile ~/.gitignore
git config --global core.editor vim
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment