Linux Server Build Walkthrough

Linux Server Build Walkthrough

Hello fellow admins! It's been a while, but I'm back in the saddle to discuss a foundational tool that should be in every admin's toolbox - the standard server build. My hope is that you can use this article as the basis for a standard build of your own, whether in the lab or in Production. First, a caveat - this article will cover a standard Linux build using Debian, intended for use as a server. That being said, the process could be easily modified for different Linux distributions or even Windows. If you're like me and you don't build servers enough to spend time on a standard server image, the important part is to develop a process that's easily repeatable. Let's get to it!

Step 1 - Configuring the Hardware

For the purpose of this walkthrough, we'll be installing Debian 12.8 on a guest virtual machine running atop Proxmox 8.2, however, the process can be applied to bare metal just as easily.

Debian Linux in 2024 can handle most any hardware change you throw its way, unless it's something really exotic. However, you'll obviously want to carefully plan your disk and filesystem layout ahead of time, as a change to either usually means a rebuild; rather than letting the installer configure it automatically, I always choose manual filesystem layout. While there are about a million different ways to lay out your filesystems, there's no one right way to do it (and just as many wrong ways to do it). Here's what I've settled on after years of tinkering:

  • /boot - 512 MB, ext4 filesystem
  • swap - 1024 MB
  • / - remaining space, ext4 filesystem, configured as an LVM volume group on top of a single LVM physical volume. This allows for flexibility down the road.

I would also recommend finalizing the hardware to the extent possible before beginning the install, as Linux has a habit of changing hardware IDs when new hardware is added; e.g. eth0 might become eth1 with the addition of a new network card. Also, I don't cover it here because I don't use it frequently, but Linux does support TPM and secure boot and that's definitely a decision to make before you start installing. You can technically change it later, but it won't be easy.

Now that your hardware is prepped, let's start the install process.

Step 2 - Installation Media

When choosing your installation media from the various downloads available, you're always, always, always better off to start small and add on vs. starting with an "everything but the kitchen sink" install image and removing packages later (or even worse, leaving them all intact). In Debian's case, my preferred install media is the one labeled "64-bit PC netinst iso" on the Debian website. Grab the media and prep it using Rufus or the install media creator of your choice.

Step 3 - The Install

I'm not going to screenshot the entire install process, but I will leave you with a few tips:

  • As mentioned previously, choose "Manual" partitioning, and then partition your disk(s) using the scheme you decided on in Step 1.
  • When creating your non-root user account, if you're planning to create a build image and/or configure external authentication, your user account should be something generic, as you'll only use it a few times. Especially don't use an account name you plan to use for external auth, as this will introduce extra steps into the process.
  • When choosing a Debian mirror, I usually stick with the default Debian.org mirrors. This was not always the case, but I've had issues with reliability and availability of some of the others recently.
  • Most Important: when prompted which packages to install, uncheck everything except "SSH Server"; NO desktops, NO standard packages, NO print server/web server (even if you'll need one later). This gives you the smallest possible installation as a starting point from which to add everything you need.
  • If you DO want to create a standard image, it should be created before moving to the next step.

Step 4 - Post-Install Setup

Note: if you're planning to create an image to accompany your standard build, this is the point in the process to do it. At this point, you should have root's password set, a non-root user account created, and a hostname assigned, but still be on a dynamic IP. It's easy enough to set a "generic" hostname here, take a snapshot/backup, then change the hostname back and continue. If you do create a standard image at this point, and/or if you've built your system from a standard image, all you need to do to bring the system up to date is perform an apt update && apt dist-upgrade. You can then continue with the steps below.

I keep my build instructions in a text file that I refer to from this point forward (a copy of which is located in The Solo Admin's Github repository under the "posts/linux-server-build-walkthrough" folder) and I'm not going to go through the whole thing step-by-step, but I will include a few of the key points here:

  • My first steps are:
    • Configure a static IPv4 address
    • Modify GRUB to provide a higher screen resolution (reboot)
    • Configure SSH/SSHD, including authorized_keys for the user you created during the install, along with a customized /etc/ssh/sshd_config (I'll leave building a customized config as an exercise for the reader).
    • Run apt-update to get latest Debian repo, then install basic packages:
apt install vim wget curl net-tools iproute2 man tcpdump dnsutils grc rsync telnet ncat zip unzip mlocate sudo letsencrypt lynx pandoc htop lsof strace git nmap linuxlogo hwinfo screen tmux fio gnupg
    • Copy all remaining standard config files, most importantly: .vimrc and .bashrc (see my previous article for info and a link to my standard .bashrc)
    • Configure vim as my default editor:
update-alternatives --config editor # choose "vim.basic" from the list
    • Disable IPv6 (this is a topic for future review, as I'm looking at IPv6)
    • Install and configure btop (I prefer to install from source using these instructions, but it can also be installed using apt).
    • Install other miscellaneous packages like lets-encrypt, nullmailer, etc.
  • After the previous steps, I reboot once more and check dmesg to make sure I'm not getting any boot errors.

Step 5 - Wrap-Up and Next Steps

With any luck, you've now got a Debian Linux server that's ready to be further customized as needed. My first step is to ensure that SSH login as my standard user account via public key authentication is working as expected. At this point, I also configure sudo and verify it's working, and verify that root cannot be logged into via password over SSH. If this is a Production machine, my next step is configuring Active Directory authentication, which we'll walk through in my next post.

*Note: I maintain a custom authorized_keys for root that only allows my "root" key, stored in my password safe, just in case AD auth isn't working. This step is optional, but it's saved my bacon on multiple occasions.

As always, if you're stuck and need help, or if there's anything I typo'ed or left out of the process, please don't hesitate to email me - matt@thesoloadmin.com.