Another important aspect of security is keeping track of compliance. Servers simply won’t let you know by themselves whether they’re behind on updates, and without some sort of service performing some sort of monitoring, you really won’t know what’s going on with your servers unless you check.

To solve this problem, Canonical offers a custom service known as Landscape. Landscape allows you to manage your entire fleet of Ubuntu servers from a single page. Landscape will allow you to list any servers that need security updates, automate common tasks, create your own repositories, and more. It presents these features in an attractive user interface. With such a service, it’s easy to tell which of your servers need a security update, or a reboot in order to apply a patch.

There are two ways you can utilize Landscape. You can host it yourself (referred to by Canonical as an on-premises installation) or you can simply subscribe to Canonical’s hosted version. The latter is the absolute easiest way to get on board with Landscape, but there is an additional cost penalty. At the time of writing, the current cost is $0.01 USD per hour for the hosted version. If you install it on-premises, you won’t have to pay any fees for the first ten servers, but it will be up to you to maintain it and keep it running.

In this section, I’ll walk you through hosting this service yourself. However, there are some important considerations to keep in mind. First, Landscape will have some modest resource requirements. Therefore, a bottom-tier Virtual Private Servers (VPS) from a provider such as DigitalOcean will simply not cut it. At the minimum, you’ll want 2 GB of RAM, and 1 CPU core. Second, I advise against setting up Landscape on an existing server alongside other hosted resources. While it’s certainly possible to share it with other resources, it may conflict with any web server configuration you may have applied. Last, Landscape will only work with LTS editions of Ubuntu. If you’re running something other than an LTS release of Ubuntu Server, the required packages won’t appear in the repositories.

Setup of the Landscape server is relatively easy, there are only three commands to run. The following website lists all the commands required to set up the service:

https://landscape.canonical.com/set-up-on-prem

I will list the commands within this section as well, but I also wanted you to have the URL for Canonical’s official installation instructions in case any of the commands change for any reason, so if the following commands don’t work, check the website. At the time of writing, the following commands will install the Landscape software on your server:

sudo add-apt-repository ppa:landscape/17.03
sudo apt update
sudo apt install landscape-server-quickstart

Once the process completes, you should be able to access Landscape by simply typing the IP address of your server in a browser window. Ignore the warning regarding SSL, since we haven’t actually generated any certificates. You should see a page welcoming you to Landscape, which gives you some fields to fill out:

Next, you should see the main interface for Landscape, but we haven’t actually added a system to this service yet so at this point it’s not very useful:

Adding a system to the Landscape service is quite easy, and the instructions are actually on your Landscape instance itself. To view the instructions, click on Computers at the top of the screen, then click on the  instructions in the middle of the screen. Or, simply access this URL:

https://<IP_Address>/account/standalone/computers

The commands the instructions page will give you will look similar to the following ones:

sudo apt update
sudo apt install landscape-client
sudo landscape-config --computer-title "My Server" --account-name standalone --url https://<IP_ADDRESS>/message-system --ping-url http://<IP_Address>/ping
  

The last of the three commands will ask you a series of questions, and if you’re in a hurry, you can accept the defaults for each. I recommend you take your time and read through them though, as some of the optional features may be useful to you. For example, the ability to execute scripts on servers is disabled by default, but you’ll be asked whether you want to enable this during the process. It may be a good idea to benefit from that feature, but it’s not required.

After you set up the client on your server, you should see a computer listed that is waiting for approval on the Landscape page. It will look something like this:

To accept the server, click on the server’s name (which is shown under the Name section), which will bring you to another page that will allow you to configure details, such as its name and tags. Click the Accept button on that page to finish the process. The server will now be listed on the Landscape homepage, and you’ll be able to interact with it within the interface.

To get started with managing the servers you’ve added, click on the Computers tab at the very top of the page. A list of all the servers associated with your Landscape server will appear there:

Next, select a server by clicking on the text underneath the Name column that corresponds to the server you’d like to manage. This will bring you to a page specific to that server, showing you various details about it as well as giving you a menu of actions you can perform against it. The menu will look like the following:

Here’s a list of the common items in this menu and a short description of what each one does:

• Info: Shows basic information about the server, such as what model of processor it has, RAM, and other system information.
• Activities: The Activities section shows the status of any commands you’ve given the server to perform through the interface, such as installing a package. The following is an example screenshot of what the Activities page looks like when you’ve instructed a server to install a package:

• Hardware: Provides more specific details about hardware devices installed on the server.
• Monitoring: This section allows you to view information regarding resource utilization:

• Scripts: If enabled, you’ll be able to paste a script here in a format such as Bash, and have it run against the server.
• Processes: Return a list of processes running on the server. You can end and even kill processes here as well.
• Packages: Here, you can search for a package, and even install it on the server without having to enter a single shell command.
• Users: Here, you can create, delete, and modify users on the system.
• Reports: In this section, you can report on specific information regarding your server. Most notably for our purposes in this chapter, you can report on security update compliance.

As I’m sure you can see, you can do some really neat things within Landscape. We only scratched the surface in this section. This service provides you with a central interface through which you can manage your servers. You can manage users, run scripts, install packages, and more. I’ll leave it up to you to spend some time thoroughly exploring Landscape to experiment with all of the things you can do with it. In addition, I’ll also include a link to the official documentation pages at the end of this chapter if you would like to explore this service even more.