Introduction
Whether you're setting up a new server, a development workstation, or a virtual machine, having a systematic approach to system configuration is crucial. This guide covers everything from basic system updates to advanced security hardening, development tools installation, and environment customization.
This tutorial uses Ubuntu as an example, but most steps are applicable to other Debian-based distributions with minor modifications.
System Update and Upgrade
The first and most important step is to ensure your system has the latest security patches and software updates. This establishes a secure foundation for all subsequent configurations.
# Update package lists from repositories
sudo apt update
# Upgrade all installed packages to their latest versions
sudo apt upgrade -y
# Remove packages that are no longer needed
sudo apt autoremove -y
# Clear the local repository of retrieved package files
sudo apt autocleanWhy this matters: Keeping your system updated protects against known vulnerabilities and ensures compatibility with newer software.
Note: If you encounter errors related to system language and locale settings (such as "locale: Cannot set LC_* to default locale" or "perl: warning: Setting locale failed"), please refer to the comprehensive guide: Guide to Configuring Multi-Language Locale Support on Ubuntu Linux.
Install Essential Development Tools
Every Linux system benefits from having basic compilation and development tools, even if you're not planning to do extensive development work.
# Install core development toolchain (GCC, G++, make, etc.)
sudo apt install build-essential -y
# Install additional build automation tools
sudo apt install autoconf automake cmake -y
# Verify the installation
gcc --version
make --versionWhat you get: build-essential provides the GNU compiler collection, make, and other tools needed to compile software from source.
Create a Regular User Account
For security best practices, avoid using the root account for daily operations. Instead, create a regular user account with sudo privileges.
# Create a new user (replace 'username' with your desired username)
sudo adduser username
# Add the user to the sudo group for administrative privileges
sudo usermod -aG sudo username
# Switch to the new user
su - usernameSecurity note: Running commands as a regular user with sudo provides an audit trail and prevents accidental system-wide changes.
Setting Root Password (Optional)
If you need to enable the root account or switch between su and sudo privilege escalation methods, you can set a root password.
To set the root password:
# Set password for root user
sudo passwd rootAfter pressing Enter, you'll be prompted to enter your current sudo user's password, then set a new password for the root account. If your account doesn't have a password set yet, you can directly set a new password.
Note: If you only need to use sudo instead of directly switching to root, simply ensure your account is in the sudo group. In this case, you only need to set your regular user password.
Changing Your User Password
To change the password for your current user account (the password used when running sudo commands):
# Change current user's password
passwdFollow the prompts to enter your current password and then your new password.
Troubleshooting password change errors:
If you encounter the error passwd: Authentication token manipulation error with a message indicating the password was not changed, this usually means the current operation lacks sufficient permissions or there's an issue with the system's authentication service (such as the /etc/shadow file or PAM services).
Solution: Use sudo to elevate privileges:
# Change password with sudo privileges (replace 'username' with your username)
sudo passwd usernameFor example:
sudo passwd zhengqingweiThen follow the prompts to enter the sudo user's current password, followed by the new password.
Install Essential System Utilities
Install a comprehensive set of command-line tools that will make system administration and daily tasks more efficient.
# Text editors
sudo apt install vim neovim nano emacs -y
# Network utilities
sudo apt install curl wget net-tools openssh-server -y
# System monitoring tools
sudo apt install htop glances iotop -y
# File management utilities
sudo apt install tree ranger rsync -y
# Compression and archive tools
sudo apt install unzip zip p7zip-full -y
# Version control
sudo apt install git -y
# Terminal multiplexers and utilities
sudo apt install tmux screen mc ncdu -yTool highlights:
- htop/glances: Interactive system monitors
- tmux/screen: Terminal multiplexers for session management
- ncdu: Disk usage analyzer with ncurses interface
- ranger: Console file manager with VI key bindings
Configure SSH Service
Secure remote access is essential for server management. Let's set up and harden SSH configuration.
# Install OpenSSH server
sudo apt install openssh-server -y
# Start and enable SSH service to run on boot
sudo systemctl start ssh
sudo systemctl enable ssh
# Backup the original configuration file
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
# Edit SSH configuration
sudo nano /etc/ssh/sshd_configRecommended SSH security settings:
- Change the default port (e.g.,
Port 2222) - Disable root login (
PermitRootLogin no) - Disable password authentication and enable key-based authentication
- Limit login attempts to prevent brute force attacks
After making changes, restart the SSH service:
sudo systemctl restart sshConfigure Firewall
Set up UFW (Uncomplicated Firewall) to protect your system from unauthorized access.
# Install UFW (usually pre-installed on Ubuntu)
sudo apt install ufw -y
# Set default policies: deny all incoming, allow all outgoing
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow SSH connections (use your custom port if changed)
sudo ufw allow ssh
# Or if you changed the SSH port:
# sudo ufw allow 2222/tcp
# Enable the firewall
sudo ufw enable
# Check firewall status and rules
sudo ufw status verboseImportant: Always allow SSH before enabling UFW to avoid locking yourself out of a remote system.
Install Programming Languages and Runtimes
Set up development environments for popular programming languages.
# Python and related tools
sudo apt install python3 python3-pip python3-venv -y
# Node.js and npm (LTS version)
curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash -
sudo apt install nodejs -y
# Java Development Kit
sudo apt install default-jdk -y
# Go programming language
sudo apt install golang-go -y
# Rust programming language
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | shNote: For Python projects, always use virtual environments (python3 -m venv) to isolate dependencies.
System Security Hardening
Implement additional security measures to protect your system from common threats.
# Install and configure fail2ban to prevent brute-force attacks
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
# Enable automatic security updates
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades
# Disable unnecessary services
sudo systemctl disable bluetooth
sudo systemctl disable cupsFail2ban monitors log files and bans IPs that show malicious behavior, such as too many failed login attempts.
Configure Timezone and Time Synchronization
Accurate system time is crucial for logs, scheduled tasks, and security certificates.
# Check current timezone
timedatectl
# Set timezone (adjust to your location)
sudo timedatectl set-timezone Asia/Shanghai
# Enable NTP time synchronization
sudo timedatectl set-ntp true
# Verify time settings
timedatectl statusCommon timezones: America/New_York, Europe/London, Asia/Tokyo, UTC
Install Additional Useful Software
Depending on your use case, you may want to install these additional tools.
# Multimedia codecs and support
sudo apt install ubuntu-restricted-extras -y
# Network diagnostic tools
sudo apt install nmap tcpdump tshark -y
# Database clients
sudo apt install mysql-client postgresql-client -y
# Document conversion tool
sudo apt install pandoc -y
# Container and orchestration tools
sudo apt install docker.io docker-compose -y
sudo usermod -aG docker $USERNote: Log out and back in for Docker group membership to take effect.
Install AI-Powered CLI Tools
Modern AI tools can significantly boost productivity directly from the command line.
# Google Gemini CLI
sudo npm install -g @google/gemini-cli
# GitHub Copilot CLI
sudo npm install -g @github/copilot
# Cursor CLI (if available)
sudo curl https://cursor.com/install -fsSL | bashThese tools provide AI-assisted coding, command suggestions, and natural language query capabilities in your terminal.
These tools provide AI-assisted coding, command suggestions, and natural language query capabilities in your terminal.
Configure Shell Environment
Enhance your shell experience with modern configurations and useful aliases.
# Install Zsh (optional but recommended)
sudo apt install zsh -y
# Install Oh My Zsh framework for Zsh configuration
sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
# Or configure your existing bash shell
nano ~/.bashrcAdd useful aliases to your .bashrc or .zshrc:
# Common aliases for easier navigation and safer operations
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'
alias grep='grep --color=auto'
alias rm='rm -i' # Interactive mode for deletions
alias cp='cp -i' # Interactive mode for copying
alias mv='mv -i' # Interactive mode for moving
# System shortcuts
alias update='sudo apt update && sudo apt upgrade -y'
alias ports='netstat -tulanp'
# Environment variables
export EDITOR=vim
export HISTSIZE=10000
export HISTFILESIZE=20000After editing, reload your configuration:
source ~/.bashrc # or source ~/.zshrcSystem Backup and Monitoring
Set up basic monitoring and prepare for system maintenance.
# Install system statistics collector
sudo apt install sysstat -y
sudo systemctl enable sysstat
# Configure log rotation to prevent disk space issues
sudo nano /etc/logrotate.conf
# Create a directory for custom scripts
mkdir -p ~/scriptsConsider setting up automated backups using tools like rsync, restic, or borg for important data.
Documentation and Help System
Ensure you have access to comprehensive system documentation.
# Install manual pages and development documentation
sudo apt install man-db manpages-dev -y
# Install info documentation system
sudo apt install info -y
# Update the manual page database
sudo mandbNow you can use man <command> to access detailed documentation for any installed command.
Install Miniconda for Package Management
For data science and machine learning workflows, Miniconda provides an excellent Python environment manager.
For ARM64/aarch64 Linux systems:
# Download Miniconda for ARM architecture
wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-aarch64.sh -O ~/miniconda_arm.sh
# Install Miniconda
bash ~/miniconda_arm.sh -b -p $HOME/miniconda3
# Initialize conda
source ~/miniconda3/etc/profile.d/conda.sh
conda init
# Restart your shell or source your configuration
source ~/.bashrcFor x86_64 systems, use Miniconda3-latest-Linux-x86_64.sh instead.
For macOS systems, use the following method to install:
wget https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-arm64.sh -O ~/opt/miniconda_macos.sh # Download Miniconda for macOS ARM64 (M1/M2 chip)
bash ~/opt/miniconda_macos.sh -b -p $HOME/opt/miniconda3 # Install Miniconda
source ~/opt/miniconda3/etc/profile.d/conda.sh # Initialize conda
conda init zsh
source ~/.zshrc Note: For Intel-based Macs, replace MacOSX-arm64.sh with MacOSX-x86_64.sh in the download URL.
Create and activate a conda environment:
# Create a new environment with Python 3.11
conda create -n myenv python=3.11
# Activate the environment
conda activate myenv
# Install common packages
conda install numpy pandas jupyterInstall Homebrew (Linuxbrew) Package Manager
Homebrew, also known as Linuxbrew on Linux systems, is a powerful package manager that provides easy installation and management of software packages.
Prerequisites
Before installing Homebrew, ensure your system has the necessary tools:
- build-essential (for Debian/Ubuntu systems) or equivalent development tools
- git and curl should be pre-installed
These requirements are already covered in the previous sections of this guide.
Official Installation Command
Install Homebrew using the official installation script. Run this command as a regular user (not root):
# Install Homebrew/Linuxbrew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"This command will automatically download and install Linuxbrew to ~/.linuxbrew (or /home/linuxbrew/.linuxbrew if you have sudo permissions).
Configure Environment Variables
After installation, you need to add Homebrew to your PATH. Follow the on-screen instructions, or manually configure:
For bash users:
# Add Homebrew to your profile
echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.profile
# Apply the changes to current session
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"For zsh users:
# Add Homebrew to your zsh profile
echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.zprofile
# Apply the changes to current session
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"Verify Installation
Confirm that Homebrew is properly installed and configured:
# Check Homebrew version
brew --version
# Run Homebrew doctor to check for issues
brew doctor
# Update Homebrew to the latest version
brew updateIf the version command outputs correctly, Homebrew is successfully installed and ready to use.
Common Homebrew commands:
# Install a package
brew install package_name
# Search for packages
brew search package_name
# List installed packages
brew list
# Update all packages
brew upgrade
# Remove a package
brew uninstall package_nameInstall x-cmd Toolkit
x-cmd is a powerful command-line toolkit that provides shortcuts and enhancements for common tasks.
# Install x-cmd
eval "$(curl https://get.x-cmd.com)"
# Update completion resources manually
x advise man updatex-cmd provides intelligent command suggestions, package management, and various utilities that enhance your shell experience.
Post-Configuration Verification
After completing all configurations, verify your system is properly set up:
# Check overall system status
systemctl status
# Check disk space usage
df -h
# Check memory usage
free -h
# Display system information
uname -a
# Test network connectivity
ping -c 3 google.com
# List enabled services
systemctl list-unit-files --state=enabled
# Check firewall status
sudo ufw status
# Check for available updates
sudo apt list --upgradable
# Verify installed programming languages
python3 --version
node --version
java --version
go versionMaintenance Best Practices
To keep your system healthy and secure:
- Regular Updates: Run
sudo apt update && sudo apt upgradeweekly - Monitor Logs: Check
/var/log/for system issues - Backup Important Data: Implement automated backup solutions
- Review Security: Periodically check
sudo ufw statusand fail2ban logs - Clean Up: Use
sudo apt autoremoveandsudo apt autocleanmonthly - Monitor Resources: Use
htoporglancesto track system performance - Update Documentation: Keep notes of custom configurations
Quick Setup Script
The main installation commands from above have been consolidated into the following setup script, which you can copy directly into a bash file:
#!/bin/bash
# System Update
sudo apt update && sudo apt upgrade -y
sudo apt autoremove -y && sudo apt autoclean
# Essential Development Tools
sudo apt install build-essential autoconf automake cmake -y
# Essential System Utilities
sudo apt install vim neovim nano emacs curl wget net-tools openssh-server htop glances iotop tree ranger rsync unzip zip p7zip-full git tmux screen mc ncdu -y
# Configure SSH
sudo systemctl start ssh
sudo systemctl enable ssh
# Configure Firewall (UFW)
sudo apt install ufw -y
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
# sudo ufw enable # Uncomment to enable after verifying SSH access
# Install Programming Languages
sudo apt install python3 python3-pip python3-venv -y
curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash -
sudo apt install nodejs -y
sudo apt install default-jdk -y
sudo apt install golang-go -y
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
# Security Hardening
sudo apt install fail2ban unattended-upgrades -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
# Documentation
sudo apt install man-db manpages-dev info -y
sudo mandb
# Additional Tools (Optional)
sudo apt install ubuntu-restricted-extras nmap tcpdump tshark mysql-client postgresql-client pandoc docker.io docker-compose -y
echo "System setup complete! Please configure your user account and specific tools manually."Conclusion
You now have a fully configured Linux system with:
- Updated and secured base system
- Essential development tools and programming languages
- Hardened SSH and firewall configuration
- Comprehensive system utilities
- Modern shell environment with aliases
- AI-powered CLI tools
- Package management with Miniconda and Homebrew
- Enhanced command-line toolkit (x-cmd)
- Monitoring and documentation tools
This setup provides a solid foundation for development, server administration, or general-purpose computing. Customize further based on your specific needs and workflow preferences.
Remember that system configuration is an ongoing process. As you work with your system, you'll discover additional tools and optimizations that suit your particular use cases. Keep learning and refining your setup!