Post-Installation Configuration

Beginner Linux Server
aptnmcliuseraddufwssh

Objective

Perform essential post-installation tasks on a fresh Linux server: networking, user setup, package management, and security hardening.

Tools & Technologies

  • apt
  • nmcli
  • useradd
  • ufw
  • ssh

Key Commands

hostnamectl set-hostname server01
nmcli con mod eth0 ipv4.method manual
useradd -m -s /bin/bash admin
ufw allow ssh && ufw enable

Architecture Overview

flowchart LR subgraph Network A[Set static IP] --> B[Configure DNS] B --> C[Test connectivity] end subgraph Users D[Create admin user] --> E[Add to sudo group] E --> F[Setup SSH keys] end subgraph Security G[Enable firewall] --> H[Disable root SSH] H --> I[Auto-updates] end Network --> Users --> Security

Step-by-Step Process

01
Set Hostname & Network

Give the server a proper hostname and configure static IP addressing.

# Set hostname
hostnamectl set-hostname labserver01

# Configure static IP with nmcli
nmcli con mod 'Wired connection 1' \
  ipv4.method manual \
  ipv4.addresses '192.168.1.100/24' \
  ipv4.gateway '192.168.1.1' \
  ipv4.dns '1.1.1.1,8.8.8.8'
nmcli con up 'Wired connection 1'
02
Create Users & Groups

Create an admin user with sudo access.

sudo useradd -m -s /bin/bash -G sudo adminuser
sudo passwd adminuser

# Or on Debian/Ubuntu
sudo adduser adminuser
sudo usermod -aG sudo adminuser

# Verify
groups adminuser
sudo -l -U adminuser
03
Basic Firewall

Enable ufw and allow only needed services.

sudo apt install -y ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
sudo ufw status verbose
04
Automatic Security Updates

Configure unattended-upgrades to automatically install security patches.

sudo apt install -y unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
# Verify config
cat /etc/apt/apt.conf.d/50unattended-upgrades | grep -v '^//'

Challenges & Solutions

  • UFW rules are not persistent without ufw enable
  • nmcli changes require con up to take effect

Key Takeaways

  • Run full update immediately after fresh install
  • Create a non-root admin user before disabling root SSH access