FSociety.pt

Infraestrutura Empresarial Segura | Four-Legged Firewall

View on GitHub

šŸ–„ļø InstalaĆ§Ć£o do Ubuntu Server 24.04.3 LTS

Guia de instalaĆ§Ć£o e configuraĆ§Ć£o inicial do sistema operativo para o Domain Controller

šŸ“‹ ƍndice

  1. Requisitos de Sistema
  2. InformaĆ§Ć£o da MĆ”quina Virtual
  3. Processo de InstalaĆ§Ć£o
  4. ConfiguraĆ§Ć£o de Rede
  5. ConfiguraĆ§Ć£o de Timezone e NTP
  6. InstalaĆ§Ć£o de Pacotes Base
  7. ConfiguraƧƵes de Sistema
  8. VerificaĆ§Ć£o PĆ³s-InstalaĆ§Ć£o
  9. ReferĆŖncias

šŸ’» Requisitos de Sistema

Hardware MĆ­nimo

Recurso Valor DescriĆ§Ć£o
vCPU 1 Processador virtual
RAM 1.4 GB MemĆ³ria mĆ­nima para Samba AD
Disco 24 GB EspaƧo para sistema e logs
Rede 1 NIC Interface na rede LAN

Software

Componente VersĆ£o DescriĆ§Ć£o
Sistema Operativo Ubuntu Server 24.04.3 LTS Noble Numbat
Kernel 6.8.0-88-generic Kernel Linux
Hypervisor Proxmox VE 8.x VirtualizaĆ§Ć£o KVM

šŸ–„ļø InformaĆ§Ć£o da MĆ”quina Virtual

ConfiguraĆ§Ć£o no Proxmox

# CriaĆ§Ć£o da VM no Proxmox
qm create 101 \
  --name dc \
  --memory 1434 \
  --cores 1 \
  --sockets 1 \
  --net0 virtio,bridge=vmbr1 \
  --scsihw virtio-scsi-pci \
  --scsi0 local-lvm:24 \
  --ide2 local:iso/ubuntu-24.04.3-live-server-amd64.iso,media=cdrom \
  --boot order=scsi0;ide2

ParĆ¢metros da VM

ParĆ¢metro Valor
VM ID 101
Nome dc
Bridge vmbr1 (LAN)
Tipo de Disco VirtIO SCSI
Tipo de Rede VirtIO

šŸ”§ Processo de InstalaĆ§Ć£o

1. Boot e SeleĆ§Ć£o de Idioma

  1. Iniciar a VM com a ISO do Ubuntu Server
  2. Selecionar idioma: PortuguĆŖs (Portugal)
  3. Selecionar layout de teclado: Portuguese

2. Tipo de InstalaĆ§Ć£o

  1. Selecionar Ubuntu Server (minimized)
  2. NĆ£o instalar OpenSSH durante a instalaĆ§Ć£o (serĆ” configurado depois)

3. ConfiguraĆ§Ć£o de Disco

MĆ©todo: Use entire disk
Disco: /dev/sda (24 GB)
LVM: Sim
EncriptaĆ§Ć£o: NĆ£o

Layout de PartiƧƵes:

PartiĆ§Ć£o Tamanho Ponto de Montagem Filesystem
/dev/sda1 1 GB /boot/efi FAT32 (EFI)
/dev/sda2 2 GB /boot ext4
/dev/sda3 ~21 GB LVM (ubuntu-vg) -
ubuntuā€“vg-ubuntuā€“lv ~21 GB / ext4

4. ConfiguraĆ§Ć£o de Utilizador

Campo Valor
Nome Administrador
Nome do servidor dc
Username sysadmin
Password [password segura]

5. InstalaĆ§Ć£o SSH (Opcional)

Durante a instalaĆ§Ć£o, pode optar por instalar o OpenSSH Server ou fazĆŖ-lo posteriormente.

šŸŒ ConfiguraĆ§Ć£o de Rede

Ficheiro Netplan

LocalizaĆ§Ć£o: /etc/netplan/00-installer-config.yaml

# ConfiguraĆ§Ć£o de rede estĆ”tica para Domain Controller
# dc.fsociety.pt - 192.168.1.10

network:
  version: 2
  renderer: networkd
  ethernets:
    ens18:
      addresses:
        - 192.168.1.10/24
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses:
          - 127.0.0.1
          - 192.168.1.1
        search:
          - fsociety.pt
      dhcp4: false
      dhcp6: false

Aplicar ConfiguraĆ§Ć£o

# Validar configuraĆ§Ć£o
sudo netplan try

# Aplicar configuraĆ§Ć£o
sudo netplan apply

# Verificar configuraĆ§Ć£o
ip addr show ens18
ip route show

VerificaĆ§Ć£o de Conectividade

# Testar gateway
ping -c 4 192.168.1.1

# Testar DNS externo
ping -c 4 8.8.8.8

# Testar resoluĆ§Ć£o de nomes
nslookup google.com

ā° ConfiguraĆ§Ć£o de Timezone e NTP

Configurar Timezone

# Verificar timezone atual
timedatectl

# Listar timezones disponĆ­veis
timedatectl list-timezones | grep Lisbon

# Definir timezone para Lisboa
sudo timedatectl set-timezone Europe/Lisbon

# Verificar alteraĆ§Ć£o
timedatectl

Configurar NTP

O systemd-timesyncd Ć© o cliente NTP padrĆ£o do Ubuntu.

# Verificar estado do NTP
timedatectl show-timesync --all

# Configurar servidores NTP
sudo nano /etc/systemd/timesyncd.conf

ConteĆŗdo de /etc/systemd/timesyncd.conf:

[Time]
NTP=pt.pool.ntp.org
FallbackNTP=0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org
RootDistanceMaxSec=5
PollIntervalMinSec=32
PollIntervalMaxSec=2048

# Reiniciar serviƧo NTP
sudo systemctl restart systemd-timesyncd

# Verificar sincronizaĆ§Ć£o
timedatectl timesync-status

SaĆ­da Esperada

               Local time: Mon 2025-12-02 18:30:00 WET
           Universal time: Mon 2025-12-02 18:30:00 UTC
                 RTC time: Mon 2025-12-02 18:30:00
                Time zone: Europe/Lisbon (WET, +0000)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

šŸ“¦ InstalaĆ§Ć£o de Pacotes Base

Atualizar Sistema

# Atualizar lista de pacotes
sudo apt update

# Atualizar pacotes instalados
sudo apt upgrade -y

# Instalar atualizaƧƵes de seguranƧa
sudo apt dist-upgrade -y

Pacotes Essenciais

# Ferramentas de sistema
sudo apt install -y \
    vim \
    htop \
    net-tools \
    curl \
    wget \
    gnupg \
    software-properties-common \
    apt-transport-https \
    ca-certificates \
    lsb-release

# Ferramentas de rede
sudo apt install -y \
    dnsutils \
    bind9-dnsutils \
    iputils-ping \
    traceroute \
    tcpdump \
    nmap

Pacotes para Samba AD DC

# Pacotes necessƔrios para Samba AD DC
sudo apt install -y \
    samba \
    samba-common \
    samba-common-bin \
    samba-dsdb-modules \
    samba-vfs-modules \
    winbind \
    libpam-winbind \
    libnss-winbind \
    krb5-user \
    krb5-config \
    libkrb5-dev

Durante a instalaĆ§Ć£o do krb5-user, fornecer:

Pergunta Resposta
Default Kerberos realm FSOCIETY.PT
Kerberos servers for your realm dc.fsociety.pt
Administrative server dc.fsociety.pt

Pacotes para DHCP

# ISC DHCP Server
sudo apt install -y isc-dhcp-server

Pacotes para FreeRADIUS

# FreeRADIUS com mĆ³dulo LDAP
sudo apt install -y \
    freeradius \
    freeradius-ldap \
    freeradius-utils

Pacotes para MonitorizaĆ§Ć£o

# Netdata para monitorizaĆ§Ć£o
curl -s https://my-netdata.io/kickstart.sh | sudo bash -s -- --stable-channel

āš™ļø ConfiguraƧƵes de Sistema

Hostname

# Definir hostname
sudo hostnamectl set-hostname dc

# Verificar hostname
hostnamectl

Ficheiro /etc/hosts

sudo nano /etc/hosts

ConteĆŗdo:

127.0.0.1       localhost
192.168.1.10    dc.fsociety.pt dc

# IPv6
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

Desativar systemd-resolved (Importante para Samba DNS)

# Parar e desativar systemd-resolved
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

# Remover link simbĆ³lico
sudo rm /etc/resolv.conf

# Criar novo resolv.conf
sudo nano /etc/resolv.conf

ConteĆŗdo de /etc/resolv.conf:

# DNS local do Samba AD
nameserver 127.0.0.1
nameserver 192.168.1.1
search fsociety.pt

# Proteger ficheiro contra alteraƧƵes automƔticas
sudo chattr +i /etc/resolv.conf

Limites de Sistema

sudo nano /etc/security/limits.conf

Adicionar no final:

# Limites para Samba
*               soft    nofile          16384
*               hard    nofile          32768

āœ… VerificaĆ§Ć£o PĆ³s-InstalaĆ§Ć£o

Verificar Sistema

# InformaĆ§Ć£o do sistema
hostnamectl

# Verificar kernel
uname -a

# Verificar memĆ³ria
free -h

# Verificar disco
df -h

Verificar Rede

# Interface de rede
ip addr show

# Tabela de routing
ip route show

# ResoluĆ§Ć£o DNS
cat /etc/resolv.conf

# Testar DNS
nslookup dc.fsociety.pt

Verificar ServiƧos

# Listar serviƧos ativos
systemctl list-units --type=service --state=running

# Verificar NTP
timedatectl status

Verificar Pacotes Instalados

# Verificar Samba
samba --version

# Verificar Kerberos
kinit --version

# Verificar DHCP
dhcpd --version

# Verificar FreeRADIUS
freeradius -v

SaĆ­da Esperada

# hostnamectl
 Static hostname: dc
       Icon name: computer-vm
         Chassis: vm šŸ–“
      Machine ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
         Boot ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  Virtualization: kvm
Operating System: Ubuntu 24.04.3 LTS
          Kernel: Linux 6.8.0-88-generic
    Architecture: x86-64

šŸ“š ReferĆŖncias

DocumentaĆ§Ć£o Oficial

Recurso URL
Ubuntu Server Guide https://ubuntu.com/server/docs
Netplan Documentation https://netplan.io/reference
Samba Wiki https://wiki.samba.org
systemd-timesyncd https://www.freedesktop.org/software/systemd/man/systemd-timesyncd.service.html

Artigos e Tutoriais

  1. Ubuntu 24.04 Server Installation - Canonical Documentation
  2. Setting Up Static IP on Ubuntu - Ubuntu Community Wiki
  3. Preparing Ubuntu for Samba AD DC - Samba Wiki

šŸŽ“ InformaĆ§Ć£o AcadĆ©mica

Campo InformaĆ§Ć£o
InstituiĆ§Ć£o ESTG - Instituto PolitĆ©cnico do Porto
Unidade Curricular AdministraĆ§Ć£o de Sistemas II
Ano Letivo 2025/2026
Autores Ryan Barbosa, Hugo Correia, Igor AraĆŗjo

šŸ”— NavegaĆ§Ć£o

Anterior ƍndice PrĆ³ximo
ā† README šŸ“š ƍndice Samba AD DC ā†’
**[ā¬†ļø Voltar ao Topo](#ļø-instalaĆ§Ć£o-do-ubuntu-server-24043-lts)** --- *ƚltima atualizaĆ§Ć£o: Dezembro 2025*