I'm basing this on an Ubuntu 17.10 install.
Base system only, no additional peripherals. Install SSH server components on install.
Let the installer set up a non-privileged user for you.
Network configuration is in /etc/network/interfaces. Your install will set this up based on your selections.
apt-get install lsof vim screen nmap links lynx sudo curl wget zsh unzip zip snmp mlocate traceroute man pciutils rsync tshark ntpdate ntp telnet bsd-mailx
/etc/cron.daily/mlocate.cron # build the locate database in advance of needing it
The default firewall in Ubuntu is ufw which is their generic netfilter firewall:
ufw allow 22/tcp
ufw allow 443/tcp
ufw enable
You can check the functioning of this via ufw status. Enabling the firewall will warn you that SSH connections might get disrupted - I had no disruption running the commands above.
Firewall-aside, I hate network ports being listened on that I'm in control of. lsof -i -n will show you LLMNR listening which you can disable by editing /etc/systemd/resolved.conf , setting LLMNR=0 and then systemctl restart systemd-resolved.service
At this point you have a relatively clean install of Ubuntu.
Now for SugarCRM prerequisites:
apt-get install mariadb-client mariadb-server postfix
systemctl enable mariadb.service
apt-get install apache2
a2enmod ssl
# Edit /etc/apache2/ports.conf and comment out "Listen 80"
systemctl restart apache2
apt-get install phpmyadmin
# Let it reconfigure apache2
/usr/bin/mysql -e "GRANT ALL ON *.* TO 'adminuser'@'localhost' IDENTIFIED BY 'SOME_RANDOM_PASSWORD' WITH GRANT OPTION"
# Set up an admin user within MySQL
apt-get install php-imap
For SugarCRM install, see http://support.sugarcrm.com/Documentation/Sugar_Versions/7.9/Pro/Installation_and_Upgrade_Guide/:
apt-get install elasticsearch
apt-get install php-bcmath php-libsodium php-memcached
apt-get install memcached
Edit both /etc/php/7.1/{cli,apache2}/php.ini . I had to change the following to conform to the SugarCRM instructions:
date.timezone
max_execution_time
max_input_time
memory_limit
post_max_size
session.cookie_httponly
session.cookie_lifetime
session.gc_maxlifetime
session.save_handler
upload_max_filesize
The install instructions don't touch on it but if you're using memcached then you need to adjust session.save_path = "localhost:11211"
Frustratingly, Ubuntu 17.10 (as of 2017-12-06) distributes a broken copy of elasticsearch as per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829078 . It appears to be an upstream issue but still frustrating. So you need to follow https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html#deb-repo :
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-6.x.list
apt-get install elasticsearch
Within /etc/elasticsearch/elasticsearch.yml I only set the following:
cluster.name
node.name
path.data
path.logs
bootstrap.memory_lock
network.host