System Administration tips for Ubuntu


Ubuntu Security Information Tracker

Use dropbear to remotely unlock a fully encrypted disk via ssh

If you've enabled full disk encryption, you will need to enter a password to unlock the disk during boot-up.  If you are sitting in front of your desktop, no problem.  But if you want to be able to unlock the disk remotely via ssh, and let the system complete boot-up even if you are not in front of the video console, then here are the steps

  1. http://blog.netpacket.co.uk/2016/12/05/unlocking-ubuntu-server-16-encrypted-luks-using-dropbear-ssh/
    1. update: if the above link is not found, you can google search for "dropbear ssh ubuntu luks encryption" for the steps
  2. After following the above steps, I create an entry called "unlock" in my ~/.ssh/config file on my Mac laptop.  So after I boot my Ubuntu 16.04 LTS Desktop VM (using the VirtualBox CLI), then I type 'ssh unlock', and type 'unlock' when presented with the busybox prompt.  I am prompted to enter a password to unlock the encrypted disk.  After that, the system will boot up, then I can ssh in remotely.
    Host unlock
    Hostname 192.168.56.101
    User root
    IdentityFile /Users/ksa/.ssh/id_rsa_ubuntu_unlock
    StrictHostKeyChecking no

Use Landscape or Cockpit to centrally manage and monitor Ubuntu machines

If you have a group of 10 or fewer Ubuntu hosts you administer, you can install "Landscape On Premises Edition" in a VM to manage those hosts for free.

  1. https://landscape.canonical.com/set-up-on-prem

In addition to Landscape (or an alternative) is Cockpit which you can use to centrally manage CentOS, RedHat, Fedora, and Ubuntu hosts:

  1. http://www.configserverfirewall.com/ubuntu-linux/install-cockpit-ubuntu-16-04/

Software update, query, management

https://www.digitalocean.com/community/tutorials/ubuntu-and-debian-package-management-essentials
https://help.ubuntu.com/lts/serverguide/package-management.html
https://help.ubuntu.com/lts/serverguide/automatic-updates.html

When there's more than one way to perform an action, multiple commands are listed.  There is some overlap is these commands.  Some are better suited for interactive use and might have enhanced usability features, and others might be better suited to run inside a script.  Many of these examples have auto-completion available (tab) for both actions and package names. 

If you install a VM using a "server" image, then you can install the desktop related packages (and get a GUI login screen, etc) using 'apt install ubuntu-desktop' or 'apt install ubuntu-gnome-desktop'

CommandRelevent PathnamePackage NamePurpose / Notes
apt update 


update repository metadata
apt upgrade


install all pending updates
apt-cache policy
/etc/apt/sources.list
/etc/apt/sources.list.d/

list repository sources

/var/log/apt/
/var/log/dpkg.log
/var/log/aptitude
/var/log/unattended-upgrades/

log file locations relevent to software management
dpkg-query --list
dpkg --get-selections 


list all installed packages
dpkg-query --listfiles <package-name>


list all files owned by <package-name>
dpkg-query --search <filename-pattern>


find out which installed package owns a filename
apt-file search <filename-pattern>

apt-filefind out which package would install <filename-pattern>.
package does not need to be installed already
aptitude install <package-name>
apt install <package-name>
apt-get install <package-name>

 aptitudeinstall <package-name{ 
tip: use tab completion for actions and package names
apt show <package-name>
aptitude show <package-name>


show details about <package-name>, including repository
debconf-show <package-name>

/var/cache/debconf


show configuration options and current values of <package-name>
dpkg-reconfigure <package-name>


reconfigures packages after they have already been installed.
it will ask configuration questions, much
like when the package
was first installed.

aptitude changelog <package-name>


displays the changelog for <package-name> 
aptitude search <package-name-pattern>
apt search <package-name-pattern>
apt-cache search <package-name-pattern>


search for packages which match <package-name-pattern>
aptitude download <package-name>


downloads the .deb file for the given package to the current directory
aptitude --simulate <action> 


print the actions that would normally be performed, but don't
actually
perform them.
this does not require root privileges.

man deb


man page describing deb package format
dpkg-deb --raw-extract <package.deb> <directory>


extracts contents of <package-deb> to <directory>, including the
control information files into a DEBIAN subdirectory
apt-cache search meta package 


list of all meta packages (a package name that installs a group of other packages)
aptitude search ~o


list of packages which do not have an associated repository (ie, they cannot be downloaded or updated via the standard apt repositories on the host)



There is no content with the specified labels