You will take a raw Linux install and turn it into a consistent, patched, secure baseline every other server inherits. By the end the host is fully updated, time-synced, and managed through a non-root sudo account.

Learning Objectives

  • Patch the system and enable automatic security updates.
  • Set hostname, timezone, and time synchronization.
  • Create a non-root administrative user.
  • Time: ~1 hour · Difficulty: Beginner · Prereqs: a fresh VM with sudo access.

Architecture Overview

Environment Setup

You will need: the VM from the install lab with internet access and sudo.

Before you begin: confirm time and date are roughly correct so package signatures validate.

Step-by-Step Execution

01
Update the package index and upgrade

Patching first closes known vulnerabilities before the host does anything else.

sudo apt update && sudo apt full-upgrade -y
[ROOT REQUIRED] Refreshes the package list and applies all updates.
02
Enable automatic security updates

Unattended-upgrades applies security patches without manual intervention, shrinking your exposure window.

sudo apt install -y unattended-upgrades && sudo dpkg-reconfigure -plow unattended-upgrades
03
Set hostname, timezone, and NTP

Consistent identity and accurate time are prerequisites for correlating logs across hosts.

sudo hostnamectl set-hostname srv01 && sudo timedatectl set-timezone America/Toronto && sudo timedatectl set-ntp true
04
Create a non-root sudo user

Daily work should never use root directly; a sudo user gives auditable, revocable elevation.

$ sudo adduser taki && sudo usermod -aG sudo taki
Adding user `taki' ... Adding user `taki' to group `sudo' ...

Progress So Far

Testing & Validation

Run this final check:

timedatectl status && id taki && systemctl is-enabled unattended-upgrades

You should see NTP active, the user in the sudo group, and auto-updates enabled. If all checks pass, your baseline is ready.

Troubleshooting
  • apt update fails with signature errors: the clock is wrong; set time with sudo timedatectl set-ntp true and retry.
  • sudo: user not in sudoers: re-run usermod -aG sudo taki and start a fresh login.
  • Held-back packages: run sudo apt full-upgrade rather than plain upgrade.

Extension Ideas

Key Results

  • Brought a fresh host to a fully patched state in one pass.
  • Enabled automatic security updates, reducing the patch gap to under 24 hours.
  • Replaced direct root use with an auditable sudo account.
  • Standardized hostname, timezone, and NTP for log correlation.