Overview
Having deployed scalable applications across multiple environments, I understand the intricacies of setting up a reliable operating system. This guide walks through installing Ubuntu 24.04 LTS, verifying installation media, applying post-install hardening (UFW, fail2ban, SSH), and installing essential developer tooling such as Docker from the official repository. The instructions focus on practical, reproducible commands and troubleshooting tips for real-world desktops and servers.
Follow the examples and commands to get an operational Ubuntu 24.04 LTS system suitable for development and production tasks, with explicit security and operational notes to reduce common pitfalls.
Introduction to Ubuntu 24.04 LTS: What’s New?
Key Features and Enhancements
Ubuntu 24.04 LTS introduces updates that improve usability and platform stability. Notable changes include an updated GNOME desktop, Wayland as the default display server where supported, and a refined installer experience that simplifies initial configuration. Kernel and driver updates in this LTS release improve hardware compatibility and performance across a broad set of devices.
- Updated GNOME desktop (improved responsiveness and usability)
- Wayland enabled by default where supported
- Streamlined installer with clearer partitioning options
- Updated kernel and drivers for broader hardware support
| Feature | Description | Benefit |
|---|---|---|
| GNOME | Updated desktop experience | Improved productivity and responsiveness |
| Wayland | Modern display server | Better handling of modern GPUs and HiDPI |
| Installer | Refined installation flow | Easier configuration and fewer clicks |
| Hardware Support | Updated kernel/drivers | Better compatibility with newer devices |
Preparing for Installation: System Requirements and Media
Minimum System Requirements
Before installing Ubuntu 24.04 LTS, verify your hardware meets the minimum requirements. For a smooth desktop experience the recommended minimum is:
- Processor: Dual-core CPU (modern 64-bit)
- RAM: 4 GB (8 GB recommended for development / multitasking)
- Disk: 25 GB free (50 GB or more recommended for development)
- Graphics: GPU with OpenGL 3.3 support for full desktop effects
- Installation media: USB flash drive (4 GB+), or DVD
For server installations, adjust RAM and storage to match workload requirements (e.g., database servers typically require more RAM and I/O-optimized disks).
Creating Bootable Media
Preferred tools for creating a bootable USB:
- Rufus (Windows)
- balenaEtcher (Windows, macOS, Linux)
- dd (Linux/macOS) — use carefully and confirm the device path
# Example (Linux) - replace /dev/sdX with your USB device
sudo dd if=ubuntu-24.04-desktop-amd64.iso of=/dev/sdX bs=4M status=progress conv=fsync
sync
Always confirm the correct target device (lsblk, fdisk -l) before running dd to avoid overwriting internal drives.
UEFI vs Legacy Boot (BIOS)
Choosing the correct boot mode is a common source of confusion and drive/bootloader issues. Use UEFI+GPT for modern systems when possible; Legacy BIOS (MBR) is typically used only for older hardware. Key points and actionable checks:
- UEFI advantages: faster boot, larger disks (GPT), Secure Boot support, better partitioning features.
- Legacy (BIOS) advantages: compatibility with very old hardware or OSes that don't support UEFI.
How to detect current boot mode
# Returns UEFI if the firmware exposes the EFI sysfs directory
[ -d /sys/firmware/efi ] && echo "UEFI boot mode detected" || echo "Legacy BIOS mode detected"
When dual-booting
If you plan to dual-boot with Windows, ensure both OSes use the same boot mode. Windows installed in UEFI mode requires Ubuntu to be installed in UEFI mode as well (GPT + EFI System Partition). Mixing modes leads to bootloader issues and makes managing GRUB more difficult.
Creating an EFI System Partition (when using UEFI)
If you partition manually for UEFI, create a FAT32 EFI System Partition (ESP) and mount it at /boot/efi. Typical size: 512 MiB. Example using parted:
# Example: create GPT label and EFI partition on /dev/sda (destructive - ensure correct disk)
sudo parted /dev/sda --script mklabel gpt \
mkpart ESP fat32 1MiB 513MiB set 1 boot on
# Format the partition (example partition /dev/sda1)
sudo mkfs.fat -F32 /dev/sda1
During the installer partitioning step, assign the EFI partition as /boot/efi (FAT32). If Secure Boot is enabled, third-party kernel modules (e.g., unsigned NVIDIA modules) may require signing or MOK enrollment — the installer usually handles common drivers via the "Install third-party software" option.
Troubleshooting tips
- If GRUB doesn't show after install, check whether firmware is configured for the same mode (UEFI vs Legacy) and that the ESP contains an Ubuntu entry (ls /boot/efi/EFI).
- To check Secure Boot status: install and use the mokutil tool if available (
sudo mokutil --sb-state) or inspect firmware settings in UEFI menus. - If you need to enroll keys for third-party modules, the installer or dkms packages will prompt for MOK enrollment at reboot; follow on-screen instructions carefully.
Verify ISO Integrity (Checksums & Signatures)
Verifying the downloaded ISO ensures the image was not corrupted or tampered with. Official checksums and signatures are published on Ubuntu's site (visit the downloads page on https://www.ubuntu.com/ to locate them). Two common verification steps:
1) SHA256 checksum verification
# Compute the SHA256 for the ISO you downloaded
sha256sum ubuntu-24.04-desktop-amd64.iso
# Compare the printed hash with the SHA256 value published on https://www.ubuntu.com/
If the checksums match exactly, the ISO file is intact.
2) GPG signature verification (recommended for additional security)
Ubuntu provides signed checksum files (e.g., SHA256SUMS and SHA256SUMS.gpg). To verify the signature:
# Download SHA256SUMS and SHA256SUMS.gpg from the Ubuntu downloads area
# Then verify the signed checksum file (requires GPG and the Ubuntu signing key)
gpg --verify SHA256SUMS.gpg SHA256SUMS
# If the signature checks out, compare the relevant SHA256 entry in SHA256SUMS to your iso file
sha256sum -c --ignore-missing SHA256SUMS
Ensure you trust the public key used to sign the checksums (confirm the key fingerprint published by Ubuntu before trusting it). For the authoritative checksum/signature files, check Ubuntu's official download pages on https://www.ubuntu.com/.
Step-by-Step Installation Process: From Boot to Desktop
Installing Ubuntu 24.04 LTS
Boot from the USB drive or DVD you created. On the welcome screen choose 'Install Ubuntu'. The installer will walk you through language, keyboard layout, updates, and partitioning options. Recommended options during installation:
- Enable 'Download updates while installing' if you have an active internet connection
- Enable 'Install third-party software' to get proprietary drivers and codecs (useful for some Wi-Fi and GPU drivers)
- Choose manual partitioning for dual-boot systems or LVM if you need flexible volume management
Typical install duration: 20–40 minutes depending on hardware and whether you download updates during install.
| Step | Action | Notes |
|---|---|---|
| Boot | From USB/DVD | Access installation screen |
| Select Install | Choose installation option | Try or Install |
| Configure | Set language and layout | Ensure correct settings |
| Partition | Choose installation type | Option for dual-boot or custom layout |
Initial Setup: Configuring Your New Ubuntu Environment
Personalizing and System Settings
After the installer finishes and you reboot, complete the first-time setup: create your user account, set timezone, and configure your keyboard layout.
# Reconfigure keyboard layout if needed
sudo dpkg-reconfigure keyboard-configuration
Other recommended post-install tasks:
- Enable automatic updates for security packages via Software & Updates → Updates
- Create a regular user account and avoid using root directly
- Configure system snapshots (e.g., using Timeshift or Btrfs snapshots if using Btrfs)
Configuring Firewall (UFW) — Post-install Security
Configuring a host firewall immediately after installation is a critical security step. Ubuntu includes UFW (Uncomplicated Firewall) as a front end to iptables, which is suitable for most desktop and server use-cases.
Basic UFW setup
# Set safe defaults: deny incoming, allow outgoing
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow SSH (important to avoid locking yourself out if managing remotely)
sudo ufw allow OpenSSH
# Allow common services (example: HTTP/HTTPS)
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Enable the firewall
sudo ufw enable
# Check status and rules
sudo ufw status verbose
Notes and best practices:
- Always run
sudo ufw allow OpenSSHbefore enabling UFW if you use SSH access remotely. - Use
sudo ufw status numberedto reference and delete rules (e.g.,sudo ufw delete 2). - Enable logging for troubleshooting:
sudo ufw logging on.
Docker, containers and UFW
Docker manipulates iptables directly and can bypass UFW rules. To keep predictable firewall behavior:
- Run Docker with
"iptables": falsein/etc/docker/daemon.jsonand manage Docker network exposure explicitly via UFW rules, or - Keep Docker's default behavior but be explicit about published ports with
docker run -p host_port:container_portand only open those host ports in UFW.
{
"iptables": false
}
If you change Docker's iptables behavior, restart Docker (e.g., sudo systemctl restart docker) and explicitly add firewall rules for container traffic.
Additional hardening
- Install fail2ban to reduce brute-force attempts against SSH:
sudo apt install fail2ban. Create a local config in/etc/fail2ban/jail.d/to tunemaxretryandbantime. - Limit SSH to key-based authentication and disable password login in
/etc/ssh/sshd_config(PasswordAuthentication no).
# Example: basic fail2ban installation and enable
sudo apt update && sudo apt install -y fail2ban
sudo systemctl enable --now fail2ban
# Example: simple local jail to protect ssh (create /etc/fail2ban/jail.d/sshd.local)
# [sshd]
# enabled = true
# port = ssh
# maxretry = 5
Essential Software and Updates: Making Ubuntu Work for You
Installing Necessary Applications
Install core tooling for productivity and development. Examples and commands:
# Update package lists and upgrade system
sudo apt update && sudo apt upgrade -y
# Install common tools
sudo apt install -y build-essential curl git vim ufw fail2ban ca-certificates gnupg lsb-release
Install Docker (official repository) — explicit steps
The following steps install Docker Engine (docker-ce), the Docker CLI, containerd, and the docker-compose plugin from Docker's official repository. This method uses the keyring approach (apt-key is deprecated).
# 1) Create keyrings directory (if it doesn't exist)
sudo mkdir -p /etc/apt/keyrings
# 2) Download Docker's GPG key and dearmor it into the keyrings dir
curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
# 3) Add the Docker apt repository (uses the system architecture and release codename)
# Note: $(lsb_release -cs) evaluates to the Ubuntu codename (e.g., jammy, lunar, etc.)
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" |
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# 4) Update apt and install Docker packages
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# 5) Enable and start Docker
sudo systemctl enable --now docker
# 6) Verify installation
docker --version
sudo docker run --rm hello-world
Security and operational notes:
- Adding your user to the
dockergroup grants privileges equivalent to root for container operations; prefer usingsudofor production machines unless you understand the risks:sudo usermod -aG docker $USER(you must log out/in). - If you prefer to avoid Docker manipulating iptables, set
{ "iptables": false }in/etc/docker/daemon.json, then manage forwarding and NAT via UFW or explicit iptables rules. Restart Docker after changes:sudo systemctl restart docker. - If the GPG key step fails, ensure the packages
gnupgandca-certificatesare installed and that outbound HTTPS is allowed by your network/firewall.
For container orchestration and reproducible deployments, consider using Docker Compose via the plugin (installed above) or alternative runtimes depending on your environment.
Security & Maintenance
- Keep security updates automatic or regularly apply updates: use unattended-upgrades (configure via apt).
- Use strong user account practices: minimal sudoers, SSH keys, and sudo session auditing.
- Use disk encryption at install time for laptops and portable devices.
Troubleshooting Common Issues: Tips and Resources
Identifying Installation Problems
If a package fails or services don't start, check system logs and package state first:
# View system journal for errors since last boot
sudo journalctl -b -p err
# Check apt logs and recent installs
less /var/log/apt/history.log
# Attempt to fix broken packages
sudo apt --fix-broken install
sudo dpkg --configure -a
When a package is missing dependencies, the two fix commands above often resolve the problem. If a package is held back, inspect /etc/apt/preferences.d/ and apt policy output.
Network Connectivity Issues
For Wi-Fi or network issues:
# Bring Wi-Fi radio up using NetworkManager CLI
nmcli radio wifi on
# Restart NetworkManager service
sudo systemctl restart NetworkManager
# Test connectivity
ping -c 4 8.8.8.8
ping -c 4 ubuntu.com
If the adapter is missing, check lspci or lsusb to identify the device and look for proprietary drivers under Software & Updates → Additional Drivers.
UFW & Firewall Troubleshooting
Common UFW troubleshooting commands:
sudo ufw status verbose
sudo ufw status numbered
# Delete a rule by number
sudo ufw delete 3
# Disable and re-enable to reset (careful when on remote SSH)
sudo ufw disable
sudo ufw enable
If using SSH remotely, verify you have an open rule for OpenSSH before enabling UFW.
Docker Troubleshooting
- If
docker run hello-worldfails, check the Docker service logs:sudo journalctl -u docker -n 200. - For permission errors after adding your user to the docker group, re-login or reboot; if problems persist, avoid group access and use
sudo docker <cmd>. - If containers can't reach the network when
iptablesis disabled, ensure appropriate NAT/forwarding rules are created and UFW is configured to allow forwarding for container subnets.
Key Takeaways
- Ubuntu 24.04 LTS requires a minimum of 4 GB RAM and 25 GB of storage for a recommended desktop installation.
- Create bootable USB drives with Rufus or Etcher, and always verify the ISO checksum before installing.
- Enable and configure the firewall (UFW) immediately post-install to reduce exposure; allow OpenSSH before enabling UFW if you manage the system remotely.
- Install Docker from Docker's official repository using the keyring approach, and verify with
docker --versionandsudo docker run --rm hello-world. - Use apt to manage packages and keep security updates current:
sudo apt update && sudo apt upgrade -y.
Frequently Asked Questions
- How do I create a bootable USB for Ubuntu 24.04?
- Use Rufus on Windows or balenaEtcher on macOS/Linux. Download the Ubuntu ISO from the official site (see https://www.ubuntu.com/), select the ISO in the tool, choose your USB device, and write. If you prefer the command line on Linux/macOS, use dd as shown earlier but double-check the destination device first.
- What should I do if my Wi-Fi doesn’t work after installation?
- Confirm the adapter is enabled (
nmcli radio), check Additional Drivers in Software & Updates for proprietary drivers, and test connectivity withping. If a driver is missing, the Additional Drivers tab often lists available proprietary firmware to install. - How can I install software on Ubuntu 24.04?
- Use the apt package manager:
sudo apt updatethensudo apt install <package-name>. For graphical installation browse the Ubuntu Software Center. For some third-party apps (e.g., Docker, VS Code), follow the vendor's official installation instructions to add their repository and GPG key; the Docker repository example is included above. - Snap packages vs. apt (deb) packages — when to use each?
-
Snap packages (managed by snapd) are containerized, sandboxed packages that auto-update and include their runtime dependencies. They are useful for desktop apps that benefit from confinement and automatic updates. Install a snap with:
# Example: install a snap sudo snap install# Some snaps require --classic confinement sudo snap install --classic Deb (apt) packages are the traditional packaging format for Debian/Ubuntu. They integrate with the system package manager, typically result in smaller system-wide installs, and are preferred for system services, servers, and packages that require tight integration with system libraries:
# Example: install using apt sudo apt update sudo apt installGuidance:
- Prefer apt/deb for server packages and system-level tools where predictable library versions are important.
- Use snaps for desktop applications where isolation, automatic updates, and easier cross-release delivery are beneficial.
- Be aware snaps can have larger disk usage and different confinement behaviors; test services and startup behavior when choosing between packaging formats.
Conclusion
Ubuntu 24.04 LTS is a solid base for desktops, development workstations, and servers. Follow the steps in this guide: verify your ISO, perform a clean install, apply basic hardening (UFW, fail2ban, SSH key auth), and install vetted tooling for your workflows. For detailed documentation and downloads, consult Ubuntu's official resources at https://www.ubuntu.com/.
For production servers, add centralized logging, configuration management (Ansible, Puppet), and automated backups or snapshots to your operational checklist.
About the Author
Tyler Johnson is a DevOps engineer with 7 years of experience specializing in Git (intermediate to advanced), Docker core concepts and best practices, and Linux system administration. He focuses on practical, production-ready solutions and has worked on a variety of infrastructure projects.