Post-Installation Linux Setup Checklist

Setting up a Linux system after installation is critical to ensure the server is secure, stable, and ready for production use. New users, especially system administrators, must follow a clear post-installation checklist to avoid common pitfalls and optimize system performance. This article provides a practical, step-by-step checklist covering key tasks from system updates to security hardening, network setup, and backup planning. Follow this guide to establish a solid foundation for your Linux server environment.

Table of Contents

• 1. Verify System Information and Update Packages
• 2. Configure Network Settings and Hostname
• 3. Secure Your Linux Server: Basic Hardening Steps
• 4. Essential Software and Utilities Installation
• 5. Configure Timezone and Synchronize Time
• 6. Disk Management and Storage Optimization
• 7. Log Management and Monitoring Setup
• 8. Backup Strategy and Automation
• 9. Final Testing and Documentation
• Summary

1. Verify System Information and Update Packages

The first step after installing Linux is to confirm your system details and update all packages to their latest versions.

Check Linux Distribution and Kernel Version

Run these commands to check your distribution and kernel:

lsb_release -a
uname -r

Example output on Ubuntu 22.04 LTS:

Distributor ID: Ubuntu
Description:    Ubuntu 22.04 LTS
Release:        22.04
Codename:       jammy

5.15.0-46-generic

This information helps you understand your environment and troubleshoot compatibility issues.

Update System Packages Immediately

Update package lists and upgrade all installed software:

On Debian/Ubuntu:

sudo apt update
sudo apt upgrade -y

On CentOS/RHEL:

sudo yum update -y

Updating ensures you have the latest security patches and software fixes.

Enable Automatic Security Updates

For Debian/Ubuntu, install unattended-upgrades:

sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades

For CentOS/RHEL, enable the yum-cron service:

sudo yum install yum-cron -y
sudo systemctl enable yum-cron
sudo systemctl start yum-cron

Automatic updates help keep your server secure without manual intervention.

2. Configure Network Settings and Hostname

Proper network setup is critical for communication, management, and service accessibility.

Set Static IP or Configure DHCP

Most servers require a static IP to ensure consistent access.

Ubuntu (Netplan example):

Edit /etc/netplan/00-installer-config.yaml:

network:
  ethernets:
    eth0:
      addresses:
        - 192.168.1.100/24
      gateway4: 192.168.1.1
      nameservers:
        addresses:
          - 8.8.8.8
          - 8.8.4.4
  version: 2

Apply with:

sudo netplan apply

CentOS (NetworkManager CLI):

nmcli con mod eth0 ipv4.addresses 192.168.1.100/24
nmcli con mod eth0 ipv4.gateway 192.168.1.1
nmcli con mod eth0 ipv4.dns "8.8.8.8 8.8.4.4"
nmcli con mod eth0 ipv4.method manual
nmcli con up eth0

Set and Confirm Hostname

Set hostname with:

sudo hostnamectl set-hostname your-server-name

Verify:

hostnamectl

Edit /etc/hosts to map hostname to local IP:

127.0.0.1   localhost
192.168.1.100 your-server-name

Test Network Connectivity

Test basic connectivity and DNS resolution:

ping -c 3 8.8.8.8
ping -c 3 google.com
dig google.com
nslookup google.com

3. Secure Your Linux Server: Basic Hardening Steps

Security should be a priority from the start.

Create a New Sudo User and Disable Root SSH Login

Add a new user and grant sudo privileges:

sudo adduser adminuser
sudo usermod -aG sudo adminuser    # Ubuntu/Debian
sudo usermod -aG wheel adminuser   # CentOS/RHEL

Set a strong password for this user.

Disable root SSH login:

Edit /etc/ssh/sshd_config and set:

PermitRootLogin no

Change Default SSH Port and Enforce Key-Based Authentication

To change the SSH port, edit /etc/ssh/sshd_config:

Port 2222
PasswordAuthentication no
PubkeyAuthentication yes

Restart SSH:

sudo systemctl restart sshd

Copy your SSH public key to the new user:

ssh-copy-id -p 2222 adminuser@your-server-ip

Test SSH access with the new port and key.

Configure Firewall

Set up firewall rules to allow necessary traffic only.

Ubuntu (UFW example):

sudo ufw allow 2222/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

CentOS (firewalld example):

sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Install Fail2Ban for Intrusion Prevention

Fail2Ban scans logs and bans suspicious IPs.

Install Fail2Ban:

sudo apt install fail2ban -y          # Ubuntu/Debian
sudo yum install fail2ban -y          # CentOS/RHEL

Enable and start Fail2Ban:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Basic configuration is usually sufficient out of the box.

4. Essential Software and Utilities Installation

Install common tools that help with system management and networking.

Recommended Packages

• net-tools (includes ifconfig, netstat)
• vim or nano (text editors)
• curl and wget (download utilities)
• htop (interactive process viewer)
• tcpdump (network packet analyzer)
• git (version control)

Install on Ubuntu:

sudo apt install net-tools vim curl wget htop tcpdump git -y

Install on CentOS:

sudo yum install net-tools vim curl wget htop tcpdump git -y

Set Up Additional Repositories

For CentOS/RHEL, enable EPEL to access more packages:

sudo yum install epel-release -y
sudo yum update -y

5. Configure Timezone and Synchronize Time

Correct time settings are essential for logs and security.

Set Timezone

List available timezones:

timedatectl list-timezones

Set your timezone:

sudo timedatectl set-timezone America/New_York

Verify:

timedatectl

Configure NTP or Chrony

Use NTP or Chrony to synchronize time with servers.

Install Chrony (recommended):

sudo apt install chrony -y          # Ubuntu/Debian
sudo yum install chrony -y          # CentOS/RHEL

Enable and start service:

sudo systemctl enable chronyd
sudo systemctl start chronyd

Check synchronization:

chronyc tracking

6. Disk Management and Storage Optimization

Check disk layout and configure storage as needed.

Verify Disk Partitions and Usage

List block devices:

lsblk

Show disk space:

df -h

Set Up LVM (if required)

LVM allows flexible disk management.

Basic commands:

• Create physical volume:

sudo pvcreate /dev/sdb

• Create volume group:

sudo vgcreate vg_data /dev/sdb

• Create logical volume:

sudo lvcreate -L 50G -n lv_data vg_data

• Format and mount:

sudo mkfs.ext4 /dev/vg_data/lv_data
sudo mkdir /mnt/data
sudo mount /dev/vg_data/lv_data /mnt/data

Add mount to /etc/fstab:

/dev/vg_data/lv_data /mnt/data ext4 defaults 0 2

Configure Swap Space

Check current swap:

swapon --show

Create swap file if needed:

sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

Add to /etc/fstab:

/swapfile none swap sw 0 0

7. Log Management and Monitoring Setup

Proper logging and monitoring catch issues early.

Log Locations and Rotation

Linux stores logs in /var/log.

Configure logrotate to rotate and compress logs:

Check /etc/logrotate.conf and /etc/logrotate.d/ for configs.

Example to rotate /var/log/syslog weekly and keep 4 rotations:

/var/log/syslog {
    weekly
    rotate 4
    compress
    missingok
    notifempty
    create 640 syslog adm
    sharedscripts
    postrotate
        /usr/lib/rsyslog/rsyslog-rotate
    endscript
}

Set Up Monitoring Tools

Popular tools include:

• Nagios: Alerts and checks.
• Prometheus: Metrics collection.
• Grafana: Visualization dashboards.
• Netdata: Real-time system monitoring.

Choose based on your needs and scale.

8. Backup Strategy and Automation

Plan backups to prevent data loss.

Backup Essential Configuration Files

Backup files like:

• /etc/ssh/sshd_config
• /etc/network/interfaces or netplan configs
• /etc/fstab
• /etc/passwd, /etc/group

Use tar to archive:

tar czvf backup-config-$(date +%F).tar.gz /etc/ssh/sshd_config /etc/fstab /etc/passwd /etc/group

Automate Backups with Cron

Edit crontab with:

crontab -e

Add a daily backup at 2 AM:

0 2 * * * /usr/local/bin/backup-script.sh

Ensure your backup script handles incremental backups, remote copies, or cloud uploads.

9. Final Testing and Documentation

• Verify all services start correctly.
• Test network access and firewall rules.
• Document your setup and configurations.
• Store documentation in a safe location.

Summary

This checklist provides new Linux users with a comprehensive starting point for post-installation configuration focused on stability, security, and usability. Adjust the steps according to your specific distribution and organizational policies.