Which settings in this doc has to be adapted ?

Some settings only apply to one computer (e.g. IP) or to the admins. These settings are written in italic like : 128.178.x.y

How to partition my server ?

Basically, a server only needs 2 partitions :

More partitions could be useful :

NB. It's a good idea to put the partition that might one day need extension as the last partition.

What to remember once the server is installed ?


A) ● OS Install

Download Ubuntu 16.04 server 64bits from here










B) ● OS Updates

sudo apt update && sudo apt dist-upgrade; /usr/lib/update-notifier/update-motd-reboot-required
sudo reboot && exit

The 1st command is a shortcut to fetch the list of the updates available; apply them (after listing them and asking the admin his agreement); and finally display a message if the reboot is required (or no message).

The second reboots the server and exit the terminal. It's useful to exit the terminal before so that bash history is saved.

C) ● Server Basics

Common packages. (pick those you need)


Mount/umount EPFL's NAS on the server

sudo vi /etc/apt/sources.list.d/enacrepo.list
deb xenial main    # pour Ubuntu 16.04 LTS
wget -q -O- | sudo apt-key add -
sudo apt update && sudo apt install enacdrives
vi /etc/enacdrives.conf
Linux_CIFS_method = mount.cifs

Vi Improved

Edit files from command line with vi (which alias to vim)

sudo apt install vim


Nice output of a whole tree of files

sudo apt install tree


Use multiple shell windows and keep them active even after logout (alternative to tmux)

sudo apt install screen


Use multiple shell windows and keep them active even after logout (alternative to screen)

sudo apt install tmux


Follow several logs in one console

sudo apt install multitail


System monitoring tool

sudo pip3 install Glances


Bandwidth usage monitoring

sudo apt install iftop


Versatile resource statistics tool

sudo apt install dstat

essential packages for compilation

sudo apt install build-essential


Browse differences between 2 or 3 files or folders (and be able to merge them)

sudo apt install meld


distributed version control system

sudo apt install git

Python 2

sudo apt install python-dev python-pip

Python 3

sudo apt install python3-dev python3-pip

Python Virtualenv

sudo apt install virtualenv

D) ● Additional admin users on the server

You can have multiple admin-users :

sudo groupadd username
sudo useradd -m -c "Full User Name" -g username -G adm,cdrom,sudo,dip,plugdev,lxd,lpadmin,sambashare -s /bin/bash username
sudo passwd username

E) ● Additional non-admin users on the server

You can have multiple non-admin users :

sudo groupadd username
sudo useradd -m -c "Full User Name" -g username -s /bin/bash username
sudo passwd username

F) ● VMwareTools

This only applies to VMware virtual machines

sudo apt install open-vm-tools

G) ● Mail config

This is useful for the case the server wants to notify the admins of a problem, like an error while running a cron or whatever else that would use the command mail. You, as admin, might also want to use that command mail in your scripts.

Note : Sending emails at EPFL requires authentication (using port 465 SSL/TLS). However if you don't want to use an account and store username + password on the server, you can use port 25 (no authentication) and refer in the FROM field to a service account ( redirected to

To simplify the procedure, one can use the default service account named or a customized one like which is equivalent to the first one.

Here is how to set it up :

sudo apt install mailutils ssmtp
sudo vi /etc/ssmtp/ssmtp.conf
sudo vi /etc/ssmtp/revaliases
echo test | sudo mail -s test1

H) ● NTP

NTP adjusts the server's time to the time reference servers.

sudo apt install ntp
sudo vi /etc/ntp.conf
server 128.178.x.1
sudo service ntp restart

I) ● Firewall

This will set up your server's firewall. To set up EPFL's firewall, you can contact

Default policy of a secure firewall config is to deny everything coming to the server and then allow only the expected protocols. This is what the following setup does.

For each admin and user's IP who need to ssh, add an incoming rule permission. Then add other protocols rules (like 80 port for http, 443 for https, ...)

sudo ufw disable
sudo ufw --force reset
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow proto tcp from 128.178.x.y to any port 22
sudo ufw allow proto tcp from any to any port 80
sudo ufw --force enable

sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       128.178.x.y
80/tcp                     ALLOW       Anywhere
80/tcp (v6)                ALLOW       Anywhere (v6)

J) ● Clonezilla setup

Clonezilla is a great tool to make cold image of your server. Here is how to set it up so that you can dualboot on it without CD-drive (or iso to map).

sudo wget -O /clone_sys/clonezilla-live-20160529-xenial-amd64.iso
sudo ln -s clonezilla-live-20160529-xenial-amd64.iso /clone_sys/clonezilla.iso

df -h /clone_sys/

sudo vi /etc/grub.d/40_custom
# Note: adapt it to match the partition /clone_sys.
# On my server it's on sda2 which is converted to (hd0,2)
menuentry "Clonezilla live" {
    set root=(hd0,2)
    set isofile="/clonezilla.iso"
    loopback loop $isofile
    linux (loop)/live/vmlinuz boot=live live-config noswap nolocales edd=on nomodeset ocs_live_run=\"ocs-live-general\" ocs_live_extra_param=\"\" ocs_live_keymap=\"\" ocs_live_batch=\"no\" ocs_lang=\"\" vga=788 ip=frommedia nosplash toram=filesystem.squashfs findiso=$isofile
    initrd (loop)/live/initrd.img
sudo vi /etc/default/grub
sudo update-grub2
less /boot/grub/grub.cfg

K) ● Monitored with Icinga2

sudo vi /etc/apt/sources.list.d/enacrepo.list
deb xenial main    # pour Ubuntu 16.04 LTS
wget -q -O- | sudo apt-key add -
sudo apt update && sudo apt install enac-monitoring

Follow the dedicated documentation to enable and have access to the monitoring with ENAC-IT.

L) ● Backup

This is not documented here since it depends much on the data hosted on your server.

If you need help, please contact . We'll need to know :


Visit for further information and support.