Ubuntu System Administration Guide Ubuntu Desktop, Server, security, and DevOps automation (Mattias Hemmingsson) (z-library.sk, 1lib.sk, z-lib.sk)

Ubuntu System Administration Guide Ubuntu Desktop, Server, security, and DevOps automation Mattias Hemmingsson www.bpbonline.com

First Edition 2025 Copyright © BPB Publications, India eISBN: 978-93-65897-883 All Rights Reserved. No part of this publication may be reproduced, distributed or transmitted in any form or by any means or stored in a database or retrieval system, without the prior written permission of the publisher with the exception to the program listings which may be entered, stored and executed in a computer system, but they can not be reproduced by the means of publication, photocopy, recording, or by any electronic and mechanical means. LIMITS OF LIABILITY AND DISCLAIMER OF WARRANTY The information contained in this book is true to correct and the best of author’s and publisher’s knowledge. The author has made every effort to ensure the accuracy of these publications, but publisher cannot be held responsible for any loss or damage arising from any information in this book. All trademarks referred to in the book are acknowledged as properties of their respective owners but BPB Publications cannot guarantee the accuracy of this information. www.bpbonline.com

Dedicated to This book is dedicated to you, the reader who has opened it and is taking the first steps on your Linux journey. I am honored to be a part of that adventure with you. My family and friends, thank you for your unwavering support and encouragement throughout this incredible challenge.

About the Author Mattias Hemmingsson is a seasoned IT professional with over two decades of experience in designing, building, and securing modern IT infrastructure. With deep roots in cloud computing, DevOps, and system architecture, he has successfully led the development and operations of high-availability systems for mission-critical environments, especially within the financial sector, where stability and performance are non- negotiable. Mattias specializes in a wide range of technologies, including Kubernetes, Docker, Jenkins, GitLab CI, and cloud platforms such as AWS and Google Cloud. His skill set spans server orchestration, infrastructure as code, and containerized application delivery. A true advocate for developer productivity, he has implemented CI/CD pipelines, automated monitoring systems, and scalable platform services that have helped teams deploy faster with greater reliability. Security is a cornerstone of Mattias’s expertise. He has worked extensively in IT security and compliance, securing high-performance payment gateways and writing security policies to meet industry and regulatory standards. He actively manages vulnerability assessments, runs enterprise- grade security scanners, and participates in incident response operations. His security knowledge bridges the technical and procedural, ranging from configuring firewall rules to training development teams in secure coding practices. As a full-stack developer, Mattias works with both Python and JavaScript, building frontend and backend systems using popular frameworks like Next.js and Vue. He brings a unique blend of hands-on coding ability and

infrastructure mastery, making him equally at home writing applications or deploying them in scalable, production-ready environments. Mattias also plays an active role in the tech community. He co-hosts the DevSecOps Talks podcast and YouTube channel, where he shares insights on the intersection of development, operations, and security. He teaches classes on DevSecOps practices and serves as the local organizer for one of Stockholm’s tech meetups, helping others stay informed and connected in the ever-evolving world of IT. Through his blog, Life and Shell, Mattias documents his professional journey, sharing practical tips and deep dives into real-world solutions for fellow developers, sysadmins, and security professionals. His work reflects a passion not just for running services, but for securing them, ensuring they are both compliant and resilient. Whether building infrastructure, writing code, or leading training sessions, Mattias brings a comprehensive understanding of modern systems from their initial setup to their long-term security and scalability.

❖ About the Reviewers Nathan Molete is a skilled Linux DevOps engineer with a strong background in cloud computing, automation, and infrastructure management. With extensive experience in Linux systems administration, networking, and application deployment, he specializes in ensuring the reliability, scalability, and security of enterprise IT environments. Nathan is proficient in automation tools like Ansible and Terraform, enabling efficient configuration management and infrastructure as code (IaC) practices. He has expertise in containerization technologies, including Docker and Podman, as well as orchestration platforms like Kubernetes and Minikube. His hands-on experience with CI/CD pipelines, using Jenkins and Git, allows him to streamline software delivery and improve operational efficiency. Working in both production and test environments, he is responsible for maintaining optimal system performance, troubleshooting complex issues, and implementing best practices for high availability and security. His knowledge spans across web servers such as Apache and NGINX, database management with MySQL and PostgreSQL, and cloud platforms like Azure. Passionate about open-source technologies, Nathan continuously seeks to enhance systems and workflows through automation and innovation. With a detail-oriented and problem-solving mindset, he plays a crucial role in optimizing IT infrastructure, ensuring

❖ seamless operations, and driving digital transformation within organizations. Cyrus is a software developer, educator, and content creator with expertise in React, Next.js, and modern web technologies. He has developed educational platforms, built scalable web applications, and created a LinkedIn Learning course, Testing in React with Vitest, completed by over 1,000 learners. Passionate about empowering others, Cyrus shares insights on testing performance optimization and cutting-edge tools, helping developers build smarter, more efficient applications.

Acknowledgement I want to express my sincere gratitude to all those who contributed to the completion of this book. First and foremost, I extend my heartfelt appreciation to my family and friends for their unwavering support, patience, and encouragement throughout this journey. Your belief in me has been a constant source of strength. I am especially thankful to my colleagues and friends from Fareoffice, Enterprise Car Rental, and Booli. Your valuable input, insights, and constructive feedback have been instrumental in shaping the direction and content of this book. A special note of thanks goes to my close friends and neighbors for your patience in listening, your thoughtful feedback, and your enduring support. Your honest perspectives helped refine and elevate the quality of the work. I am also deeply grateful to BPB Publications for their expert guidance and dedication in bringing this book to life. Your professionalism and support made the publishing process a smooth and rewarding experience. I would like to sincerely appreciate the reviewers, technical experts, and editors who contributed their time and expertise to reviewing this manuscript. Your insightful comments and suggestions have significantly enhanced its clarity, depth, and accuracy. Lastly, to the readers, thank you for your interest and support. Knowing that this book may inform, inspire, or assist you is the most rewarding outcome of all.

To everyone who played a part in making this book a reality, thank you.

Preface Linux is swiftly establishing itself as the foundation of today’s digital infrastructure, playing a central role in everything from personal desktops and enterprise-grade web servers to cutting-edge cloud platforms, smart home devices, and embedded IoT systems. Its presence extends into nearly every corner of computing. Whether you are browsing a website, deploying an app in the cloud, or working on a development project, chances are that Linux is working behind the scenes. For aspiring developers, IT professionals, and system administrators, learning Linux is not just an option, it is a strategic advantage. Seasoned professionals often recommend starting with Linux before venturing into other tools such as Docker, Kubernetes, or even advanced cloud-native frameworks. Why is that? Because Linux provides deep insight into how operating systems function. It teaches you how processes run and interact, how file systems are organized, how networks are structured and secured, and how permissions and users are managed. These are the core concepts that underpin all modern computing tools. By mastering Linux, you develop a strong mental model of how systems operate—one that allows you to troubleshoot more effectively, script more efficiently, and deploy with greater precision. It builds the kind of confidence that lets you approach complex technologies like container orchestration, virtualization, and continuous integration pipelines with a solid understanding of what is really happening behind the scenes. This book is centered on Ubuntu, one of the most accessible and widely adopted Linux distributionsributions in the world. Ubuntu is known for its balance of power, simplicity, and versatility. It delivers the full capabilities

of Linux in a package that is approachable for newcomers yet robust enough for professionals managing enterprise environments. With its regular updates, strong community support, and broad compatibility with both open-source and commercial software, Ubuntu serves as an ideal entry point into the Linux ecosystem. Whether you are looking to replace your current operating system and use Ubuntu as your daily desktop driver, or you are interested in deploying servers, managing virtual machines, hosting applications, or building your own cloud infrastructure, this book will walk you through everything you need to get started. Ubuntu provides a secure, stable, and customizable platform that can grow with your needs, supporting everything from basic productivity tasks to advanced server-side operations, software development, and DevOps workflows. In short, learning Ubuntu and Linux opens doors. It gives you the freedom to explore, experiment, and take control of your computing environment. It lays the groundwork for further exploration into the vast world of open- source technologies. This book is your roadmap to getting there, with practical guides, hands-on exercises, and real-world use cases that will help you build both confidence and capability as a Linux user. Chapter 1: Getting Familiar with Ubuntu Ecosystem - This chapter introduces the Linux and Ubuntu ecosystem, starting with the history of Linux and its evolution into one of the most widely used operating systems. It explores the Linux stack, popular distributions, and Ubuntu’s development, release cycle, and various editions. The chapter highlights the growing importance of Linux in servers, IoT, and cloud computing. Readers are also introduced to key Ubuntu-based systems like Mint and Pop!_OS, and other Linux distributionsros like Red Hat and Alpine. To prepare for upcoming hands-on exercises, the chapter concludes by guiding readers to create GitHub and Blogger accounts for saving code and documenting progress.

Chapter 2: Install, Upgrade, and Configure Ubuntu Desktop - This chapter guides readers through installing and configuring Ubuntu Desktop. It begins with downloading the Ubuntu ISO, creating a bootable USB using tools like Etcher, and performing installation via USB or dual-boot with Windows. It covers pre-installed Linux options, basic troubleshooting, and verifying hardware compatibility. The chapter also introduces software installation using the Ubuntu Software Center, Snap Store, and terminal commands. Readers learn how to update and upgrade Ubuntu, manage apps, and back up configurations using the .config folder and Git. By the end, users will have a fully functional Ubuntu system ready for further customization. Chapter 3: Environments and Window Managers - This chapter explores customizing Ubuntu with the i3 tiling window manager, offering efficient window navigation through keyboard shortcuts. It covers installing and configuring i3, setting screen resolutions, adding custom startup scripts, and improving usability with tools like sound controllers, screenshot utilities, and lock screens. The chapter also introduces essential productivity tools, including email clients, password managers, file encryption with PGP, and communication apps like Slack and Teams. For developers, it explains setting up Git, creating SSH keys, and using code editors like VS Code and PyCharm. By the end, readers have a fully personalized and productive Ubuntu environment. Chapter 4: Setting up Firewall, VPN, and Wi-Fi Networks - This chapter covers essential networking tools in Ubuntu, focusing on connectivity and security. It explains how to configure DHCP and static IP addresses, connect to VLANs and wireless networks, and mask your device's MAC address for privacy. It introduces VPN setup using OpenVPN and WireGuard, and demonstrates encrypting DNS traffic with DNSS for added protection. Readers also learn to configure custom firewall rules using iptables and safeguard their systems with ClamAV antivirus. By the end, users can confidently connect to, secure, and manage networks on Ubuntu Desktop in both personal and professional environments.

Chapter 5: Preparing Virtualization Environment - This chapter introduces virtualization in Ubuntu using KVM, enabling users to run multiple isolated operating systems on a single host. It covers installing KVM, setting up network bridges, and creating virtual machines (VMs). Readers learn to manage VM settings, take snapshots, and enable device passthrough like GPUs. The chapter also explores alternative tools such as VirtualBox, VMware, and Vagrant for VM creation and sharing. Guidance is provided on converting VM image formats for compatibility across platforms. By the end, users can effectively create, configure, and manage VMs and virtual environments for both testing and development purposes. Chapter 6: Up and Running with Kubernetes and Docker - This chapter introduces Docker and Kubernetes as essential tools for containerized development. It covers Docker installation, running a Minecraft server container, and managing multi-service applications like WordPress and Metabase using Docker Compose. Readers learn to connect multiple containers, persist data, and streamline development with local volumes. The chapter then transitions to Kubernetes using Minikube, demonstrating how to deploy WordPress and MySQL with Kubernetes manifests. Key concepts include namespaces, services, deployments, and load balancers. By the end, readers can run, scale, and manage containers locally using Docker and Kubernetes for efficient, isolated application development and testing. Chapter 7: Install Ubuntu Server on Metal, Cloud, and Network - This chapter explores various methods to install and manage Ubuntu Server across physical machines, virtual environments, and cloud platforms. It covers using SSH keys for secure access, installing via USB or VM, and deploying on cloud providers like Google Cloud and Hetzner. Readers also learn about scalable server provisioning using machine as a service (MAAS), including PXE booting and automated installations. Concepts like cattle vs. pets emphasize treating servers as disposable for easier management. By chapter’s end, users can confidently set up single or multiple Ubuntu Servers suited to local or enterprise-grade infrastructure..

Chapter 8: Keeping Check on Your Ubuntu Server - This chapter explores tools and techniques for monitoring and securing Ubuntu Servers. It begins with basic Linux commands like top, netstat, and du for local performance insights. For GUI monitoring, Cockpit is introduced, while Grafana, Prometheus, and Node Exporter enable the visualization of scalable server metrics. Filebeat, Elasticsearch, and Kibana are used for centralized log collection and analysis. Security tools such as Fail2Ban and OSSEC help detect intrusion attempts and automate responses. Readers learn to create dashboards, configure alerts, and integrate logs and metrics into unified views—building a robust foundation for proactive server management and security. Chapter 9: Setup Advanced Network, Firewall and VPN Servers - This chapter guides configuring Ubuntu Server as a network firewall and router. It covers setting up network interfaces, VLANs, and routing using Netplan, and securing traffic with iptables. You learn to install and configure dnsmasq as both a DHCP and DNS server, enabling client IP management and domain resolution. The chapter also details creating secure VPN tunnels using OpenVPN and WireGuard, including certificate generation and client-server configurations. By the end, you'll have a fully functional Ubuntu-based router capable of secure communication and traffic control for both local and remote networks. Chapter 10: Running Virtualization Server Environment - This chapter explores setting up an Ubuntu Server as a virtualization host using KVM. It guides installing and managing VMs via CLI, desktop GUI (Virtual Machine Manager), and a web interface (Cockpit). The chapter also introduces containerization using Podman, a Docker alternative, to deploy a monitoring stack with Grafana, Prometheus, Loki, and Promtail. Detailed setup for container-based metrics and log collection from multiple servers is provided, using podman-compose. The chapter concludes by contrasting virtualization and containers, emphasizing containers for lightweight, scalable service deployment and preparing readers for Kubernetes in the next chapter.

Chapter 11: Setup Webserver, Deploy and Run Webapps - This chapter explores setting up web servers and deploying web applications on Ubuntu. It begins with installing Apache and NGINX, configuring domains, and serving web content. Two databases are introduced: MariaDB (SQL) and MongoDB (NoSQL), including setup, usage, and backup processes. Practical deployments include WordPress and Observium, demonstrating PHP app hosting and virtual host configurations. Rocket.Chat is deployed via Docker, connected to MongoDB. The chapter also covers performance tuning for web servers and emphasizes using proper database users for security. By the end, readers can host, optimize, and manage web apps and databases on Ubuntu Servers. Chapter 12: Kubernetes Run and Setup - This chapter guides readers through setting up a Kubernetes cluster on Ubuntu Servers using kubeadm. It covers preparing master and worker nodes, disabling swap, and installing core components. The chapter introduces Helm for managing Kubernetes packages and demonstrates deploying essential services like OpenEBS for storage, Prometheus and Grafana for monitoring, and Traefik with MetalLB for ingress and load balancing. A full WordPress deployment, including MySQL, is configured and accessed using both NodePort and ingress routes. The chapter concludes with basic kubectl commands for troubleshooting and managing the cluster, forming a strong foundation for further automation. Chapter 13: Task Automations, CI/CD Pipeline, and Service Deployment - This chapter focuses on automating infrastructure tasks using Bash, Ansible, and Terraform to ensure repeatable, reliable server and service setups. It starts with creating reusable Bash scripts, then advances to Ansible for managing tasks across multiple servers via Docker containers. The chapter introduces building and pushing Docker images, running host- level tasks from containers, and deploying applications to Kubernetes using Terraform. These automation techniques form a complete CI/CD pipeline foundation. By the end, readers gain the tools to configure, deploy, and

manage services efficiently, marking a transition to professional DevOps practices within Linux and Ubuntu environments.

Code Bundle and Coloured Images Please follow the link to download the Code Bundle and the Coloured Images of the book: https://rebrand.ly/ou09t8w The code bundle for the book is also hosted on GitHub at https://github.com/bpbpublications/Ubuntu-System- Administration-Guide. In case there’s an update to the code, it will be updated on the existing GitHub repository. We have code bundles from our rich catalogue of books and videos available at https://github.com/bpbpublications. Check them out! Errata We take immense pride in our work at BPB Publications and follow best practices to ensure the accuracy of our content to provide with an indulging reading experience to our subscribers. Our readers are our mirrors, and we use their inputs to reflect and improve upon human errors, if any, that may have occurred during the publishing processes involved. To let us maintain the quality and help us reach out to any readers who might be having difficulties due to any unforeseen errors, please write to us at : errata@bpbonline.com Your support, suggestions and feedbacks are highly appreciated by the BPB Publications’ Family.

Did you know that BPB offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.bpbonline.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at : business@bpbonline.com for more details. At www.bpbonline.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on BPB books and eBooks. Piracy If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at business@bpbonline.com with a link to the material. If you are interested in becoming an author If there is a topic that you have expertise in, and you are interested in either writing or contributing to a book, please visit www.bpbonline.com. We have worked with thousands of developers and tech professionals, just like you, to help them share their insights with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.