setupadmin@tin:~$ sudo apt update

Hit:1 http://ca.archive.ubuntu.com/ubuntu jammy InRelease

Hit:2 http://ca.archive.ubuntu.com/ubuntu jammy-updates InRelease

Hit:3 http://security.ubuntu.com/ubuntu jammy-security InRelease

Hit:4 http://ca.archive.ubuntu.com/ubuntu jammy-backports InRelease

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

2 packages can be upgraded. Run 'apt list --upgradable' to see them.

setupadmin@tin:~$ sudo apt upgrade

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

Calculating upgrade... Done

The following packages have been kept back:

python3-update-manager update-manager-core

0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.

Introduction

Describes production proven Bonsai Framework approach to setup of a Ubuntu Server version 22.

...

With a console login, you are for all intents and purposes physically at the server. Most hosted solution provide a web based interface to simulate this type of behaviour.

We'll start with console login in your virtual machine and you'll see something like below. Note your IPv4 address, in my case 10.0.0.211.

Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-91-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage


  System information as of Thu Dec 21 06:18:18 AM UTC 2023


  System load:            0.009765625
  Usage of /:             8.4% of 57.77GB
  Memory usage:           19%
  Swap usage:             0%
  Processes:              201
  Users logged in:        1
  IPv4 address for ens33: 10.0.0.211
  IPv6 address for ens33: 2607:fea8:52a1:ce00::a5c2
  IPv6 address for ens33: 2607:fea8:52a1:ce00:20c:29ff:fe64:cfb1

Expanded Security Maintenance for Applications is not enabled.

44 updates can be applied immediately.
To see these additional updates run: apt list --upgradable

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status

Last login: Thu Dec 21 06:14:05 2023
setupadmin@tin:~$ 

Security First

I usually immediately install fail2ban,

...

sudo locale-gen en_CA.UTF-8
sudo update-locale LANG=en_CA.UTF-8

setupadmin@tinman:~$ locale
LANG=en_CA.UTF-8
LC_CTYPE="en_CA.UTF-8"
LC_NUMERIC="en_CA.UTF-8"
LC_TIME="en_CA.UTF-8"
LC_COLLATE="en_CA.UTF-8"
LC_MONETARY="en_CA.UTF-8"
LC_MESSAGES="en_CA.UTF-8"
LC_PAPER="en_CA.UTF-8"
LC_NAME="en_CA.UTF-8"
LC_ADDRESS="en_CA.UTF-8"
LC_TELEPHONE="en_CA.UTF-8"
LC_MEASUREMENT="en_CA.UTF-8"
LC_IDENTIFICATION="en_CA.UTF-8"
LC_ALL=
setupadmin@tinman:~$

Update Repositories

As of Ubuntu 8.10 it this has been simplified. We used to have to edit the sources.list to point your server to the universe and multi no verse repository in order to install more popular packages. Now, even the minimal Server install already has what you need. So we can go straight to updating the indexes,Check if you're up to date,

sudo apt update
Hit:1 http://ca.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://ca.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:4 http://ca.archive.ubuntu.com/ubuntu jammy-backports InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
45 packages can be upgraded. Run 'apt list --upgradable' to see them.

In my case I have 45 packages that can be updated. I'll update them,

sudo apt-get update

If you are behind a proxy you may run into a problem with how the proxy is caching. To resolve the  GPG errors follow my instructions on resolving proxy caching issues with Ubuntu Updates.

 upgradeReading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
 ubuntu-pro-client-l10n
The following packages have been kept back:
 python3-update-manager update-manager-core
The following packages will be upgraded:
 apparmor apt apt-utils bind9-dnsutils bind9-host bind9-libs cloud-init cryptsetup cryptsetup-bin
 cryptsetup-initramfs distro-info-data git git-man initramfs-tools initramfs-tools-bin
 initramfs-tools-core irqbalance kpartx libapparmor1 libapt-pkg6.0 libcryptsetup12 libldap-2.5-0
 libldap-common libnetplan0 libnss-systemd libpam-systemd libsgutils2-2 libsystemd0 libudev1
 multipath-tools netplan.io python3-software-properties sg3-utils sg3-utils-udev
 software-properties-common sosreport systemd systemd-hwe-hwdb systemd-sysv systemd-timesyncd
 ubuntu-advantage-tools ubuntu-drivers-common udev
43 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 19.2 MB of archives.
After this operation, 5,565 kB disk space will be freed.
Do you want to continue? [Y/n]

Just hit "Enter" is the same as typing Y then hitting "Enter".

If you see a prompt to restart services, go ahead and move the cursor to OK, "Enter".

You can confirm you upgrade with running the "update command" again.

setupadmin@tin:~$ sudo apt update

Hit:1 http://ca.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://ca.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:4 http://ca.archive.ubuntu.com/ubuntu jammy-backports InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
2 packages can be upgraded. Run 'apt list --upgradable' to see them.

In this case there's two packages that have been held back. That's ok.

Update Server

General Upgrades

...

sudo apt-get dist-upgrade # upgrade to the newest kernel

...

sudo apt-get autoclean # use this if you only want to clean out nolonger used packages
sudo apt-get clean # clean out all downloaded packages - I usually use this one
sudo apt-get autoremove # cleans out unused packages

...

sudo reboot

Shutdown Server

Shutdown your server with this command,

sudo shutdown -h now

Next Steps

Continue to Ubuntu Firewall Software.

...