Skip to Content

Minimal Ubuntu

Posted on

Ubuntu 18.04 “Bionic Beaver” is the latest LTS release (5 years support) of the popular Linux operating system. I use Ubuntu’s minimal install image to create a console-only base configuration that can be customized for various tasks and alternate desktops.

Let’s go!

First things first: A screenshot tour of installing Ubuntu on a single encrypted partition using LVM on LUKS.

0. First boot

Login …

Login

Run timedatectl to confirm system time+date is properly set …

$ timedatectl

1. Network

Check which network interfaces are detected and settings …

$ ip a

Wired interfaces are usually auto-configured by default and assigned an IP address courtesy of DHCP.

1.1 To assign a static address, deactivate the wired interface and create a new entry in /etc/network/interfaces. Sample entry for enp3s0

# The primary network interface
auto enp3s0
iface enp3s0 inet static
address 192.168.1.88
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.1

Bring up|down interface with sudo if{up,down} enp3s0.

1.2 Create a temporary wireless interface connection to WPA2 encrypted access points manually using wpa_supplicant + wpa_passphrase + dhclinet. Sample setup of wlp1s0

$ sudo ip link set wlp1s0 up            # bring up interface
$ iw dev wlp1s0 link                    # get link status
$ sudo iw dev wlp1s0 scan | grep SSID   # scan for access points
$ sudo -i                               # simulate a root login shell (for wpa_supplicant)
# wpa_supplicant -B -i wlp1s0 -c<(wpa_passphrase "MY_SSID" "MY_PASSPHRASE")   # connect to WPA/WPA2 ... '-B' sends the process to the background
#  exit
$ sudo dhclient wlp1s0                  # obtain IP address

1.3 More permanent configurations may be set in interfaces. Sample setup with a static IP address …

iface wlp1s0 inet static
address 192.168.1.77
netmask 255.255.255.0
gateway 192.168.1.1                                                              
wpa-ssid MY_SSID
wpa-psk MY_PASSPHRASE
dns-nameservers 8.8.8.8 8.8.4.4                                                  

Optional: Multiple wireless static IP address setups can be created with iface wlp1s0_NAME inet static and [de]activated with …

$ sudo if{up.down} wlp1s0=wlp1s0_NAME`.

1.4 Alternative setup using DHCP …

allow-hotplug wlp1s0
iface wlp1s0 inet dhcp
wpa-ssid MY_SSID
wpa-psk MY_PASSPHRASE                                       
dns-nameservers 8.8.8.8 8.8.4.4

1.5 Once a link is established install an (optional) network manager utility. Packages network-manager and network-manager-gnome provide the console nmcli and graphical nm-applet clients respectively. Comment out (deactivate) any entries in interfaces that will be managed by network-manager.

2. Upgrade

Apply security patches and package upgrades …

$ sudo apt update && sudo apt full-upgrade

3. Secure access using SSH keys

Create cryptographic keys, install the OpenSSH server, and secure remote access.

4. Sudo

To allow USERNAME (example: foo) to shutdown or reboot the system without entering a passphrase, first create the file /etc/sudoers.d/00-alias containing …

# Cmnd alias specification
Cmnd_Alias SHUTDOWN_CMDS = /sbin/poweroff, /sbin/reboot, /sbin/shutdown

If foo tries to use dmesg to read the contents of the kernel message buffer you will see …

dmesg: read kernel buffer failed: Operation not permitted

Turns out it is a (security) feature not a bug!

To allow foo to read the kernel log without being prompted for a passphrase - and use our newly-created Cmnd_Alias SHUTDOWN_CMDS - create the file /etc/sudoers.d/01-nopasswd containg the NOPASSWD option …

# Allow specified users to execute these commands without password
foo ALL=(ALL) NOPASSWD: SHUTDOWN_CMDS, /bin/dmesg

I add aliases for the commands in my ~/.bashrc to auto-include sudo

alias dmesg='sudo dmesg'
alias poweroff='sudo /sbin/poweroff'
alias reboot='sudo /sbin/reboot'
alias shutdown='sudo /sbin/shutdown'

5. SSD

Periodic TRIM optimizes performance on SSD storage. Confirm that the fstrim.timer status is active (waiting)

$ systemctl status fstrim.timer

If not, enable a weekly task that discards unused blocks on the drive …

$ sudo cp /usr/share/doc/util-linux/examples/fstrim.{service,timer} /etc/systemd/system/
$ sudo systemctl enable fstrim.timer

For troubleshooting and background information I found these links very helpful: 1. Configure Periodic TRIM for SSD Storage; 2. Luks, Issuing & Allowing Discards, Enabling Timers, Oh My!

6. GRUB

Add some colour, wallpaper, and a bit of sound.

Customize GRUB menu colours by creating /boot/grub/custom.cfg with …

set color_normal=white/black
set menu_color_normal=white/black
set menu_color_highlight=white/blue

Add wallpaper by saving an image to /boot/grub and edit settings in /etc/default/grub

# Wallpaper
GRUB_BACKGROUND="/boot/grub/wallpaper-grub.tga"

… and how about a wee bit of startup sound …

# Get a beep at grub start ... how about 'Close Encounters'?
GRUB_INIT_TUNE="480 900 2 1000 2 800 2 400 2 600 3"

Save changes and update the GRUB configuration …

$ sudo update-grub

7. Where to go next …

… is up to YOU. Open the task selection menu and install software collections with …

$ sudo tasksel

Select software

Lots of choices: maybe pick the “[x] Basic Ubuntu server”, the flagship “[x] Ubuntu desktop”, or my current favourite “[x] Ubuntu MATE desktop”. Or assemble your own using the lightweight Openbox window manager.

Happy hacking!