Continuation of the installation and configuration guide for Ubuntu on the Thecus N5200 NAS. Initial post here
Original location where I first posted it in 2011 here: http://thecususergroup.proboards.com/thread/4226+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+Following on from my first post…
#===== UBUNTU INSTALLATION =====#
Useful links:
mixeduperic.com/linux/how-to-install-ubuntu-server-part-1.html
User security: www.devarticles.com/c/a/JavaScript/Building-a-Secure-Web-Server/2/
Download Ubuntu 10.04 LTS ISO. 32-bit.
Make bootable USB, I’m not going to describe this here. Just follow this guide: www.ubuntu.com/desktop/get-ubuntu/download
Plug in the USB stick and switch on the N5200 (still no hard drives).
At partitioning options select ‘guided, used entire disk and set up LVM’, use ‘max’ volume. Make sure you don’t select your USB stick by mistake.
Don’t auto update software and install OpenSSH as the only option on the software selection menu.
For everything else use the defaults. For network interfaces, eth0, is the network port on the actual motherboard i.e. the lower on down on the back of the N5200. I used this as I figured it would be better than using the one on the expansion card (eth1), just make sure and pick the right one when it asks you.
-> update packages on first run
apt-get update
apt-get upgrade
-> install vim (text editor), for some reason it didn’t install for me, it usually has done in the past.
apt-get install vim
>>>>> Make sure SSH is installed <<<<<
www.cyberciti.biz/faq/ubuntu-linux-openssh-server-installation-and-configuration/
apt-get install openssh-server openssh-client
Try SSH’ing into your new install from a PC. Might need to check your router to see what IP address has been assigned to the new install. Or run the ifconfig command in Ubuntu.
Now you can poweroff and replace all your drives. And disconnect your monitor and keyboard. From now on we’ll be using SSH from another PC.
>>>>> Basic OS hardening after installation <<<<<
-> Disable unneeded users
cp /etc/passwd /etc/passwd.original
vi /etc/passwd
Assign a ‘no login shell’ to disable access to unneded accounts: /bin/nologin
Delete users you know you don’t need (be cautious, deleting users can mess up your install!)
My file now looks like:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/nologin
games:x:5:60:games:/usr/games:/bin/nologin
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/nologin
mail:x:8:8:mail:/var/mail:/bin/nologin
news:x:9:9:news:/var/spool/news:/bin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/nologin
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/nologin
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/nologin
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
landscape:x:103:108::/var/lib/landscape:/bin/nologin
<adminuser>:x:1000:1000:<adminuser>,,,:/home/<adminuser>:/bin/bash -> this is the line created for the user configured on installation
-> Running processes
A fresh install won’t usually have any unneeded services but you can check all services with:
ps aux | less
netstat -a
Let’s move onto our RAID configuration…
Original location where I first posted it in 2011 here: http://thecususergroup.proboards.com/thread/4226+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+Following on from my first post…
#===== UBUNTU INSTALLATION =====#
Useful links:
mixeduperic.com/linux/how-to-install-ubuntu-server-part-1.html
User security: www.devarticles.com/c/a/JavaScript/Building-a-Secure-Web-Server/2/
Download Ubuntu 10.04 LTS ISO. 32-bit.
Make bootable USB, I’m not going to describe this here. Just follow this guide: www.ubuntu.com/desktop/get-ubuntu/download
Plug in the USB stick and switch on the N5200 (still no hard drives).
At partitioning options select ‘guided, used entire disk and set up LVM’, use ‘max’ volume. Make sure you don’t select your USB stick by mistake.
Don’t auto update software and install OpenSSH as the only option on the software selection menu.
For everything else use the defaults. For network interfaces, eth0, is the network port on the actual motherboard i.e. the lower on down on the back of the N5200. I used this as I figured it would be better than using the one on the expansion card (eth1), just make sure and pick the right one when it asks you.
-> update packages on first run
apt-get update
apt-get upgrade
-> install vim (text editor), for some reason it didn’t install for me, it usually has done in the past.
apt-get install vim
>>>>> Make sure SSH is installed <<<<<
www.cyberciti.biz/faq/ubuntu-linux-openssh-server-installation-and-configuration/
apt-get install openssh-server openssh-client
Try SSH’ing into your new install from a PC. Might need to check your router to see what IP address has been assigned to the new install. Or run the ifconfig command in Ubuntu.
Now you can poweroff and replace all your drives. And disconnect your monitor and keyboard. From now on we’ll be using SSH from another PC.
>>>>> Basic OS hardening after installation <<<<<
-> Disable unneeded users
cp /etc/passwd /etc/passwd.original
vi /etc/passwd
Assign a ‘no login shell’ to disable access to unneded accounts: /bin/nologin
Delete users you know you don’t need (be cautious, deleting users can mess up your install!)
My file now looks like:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/nologin
games:x:5:60:games:/usr/games:/bin/nologin
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/nologin
mail:x:8:8:mail:/var/mail:/bin/nologin
news:x:9:9:news:/var/spool/news:/bin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/nologin
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/nologin
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/nologin
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
landscape:x:103:108::/var/lib/landscape:/bin/nologin
<adminuser>:x:1000:1000:<adminuser>,,,:/home/<adminuser>:/bin/bash -> this is the line created for the user configured on installation
-> Running processes
A fresh install won’t usually have any unneeded services but you can check all services with:
ps aux | less
netstat -a
Let’s move onto our RAID configuration…