====== Setting up a new Linux VM ======
This is similar to [[setup_new_box|Setup New Liux (Physical) Box]]

This page goes through the various settings that take place to setup a new Ubuntu VM. In this case I was setting Ubuntu 20.10 Groovy Gorilla.

===== Debian / Bookworm =====
Specific steps for Debian/Bookworm
==== Add non-free repositories ====
In the past (Debian Buster) you will have to update ''/etc/apt/sources.list'' by adding ''contrib non-free'' to the end of line. However, this time around, this file was empty!  Below are the lines obtained from [[https://wiki.debian.org/SourcesList|Debian sources list]].  Also added ''non-free-firmware'' to the end.
<code>
deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware

deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware

deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
</code>

==== Install packages ====
<code bash>
apt update
apt-get install aptitude
aptitude install vim sudo sysstat locate postfix ssl-cert bsd-mailx net-tools zip unzip rsync git screen
ln -s /usr/sbin/ifconfig /usr/local/bin/ifconfig
updatedb
</code>

Optional packages to install
<code bash>
aptitude install ncdu htop nload pydf iotop
</code>

Use ''tasksel'' to install GUI such as KDE Plasma.
==== Other changes ====
  * vim: Besides other .vimrc setting, also include ''set mouse=''

<code bash>
echo "set mouse=" > ~/.vimrc
sudo echo "set mouse=" | sudo tee -a /root/.vimrc
</code>


==== Comments on Minimum Memory requirements ====
https://unix.stackexchange.com/questions/616137/kernel-panic-on-debian-buster-with-128-mb-of-memory

==== Update root password ====
When cloning, make sure to update the root password on the clone.  Debian requires it when you need to rescue the system.

==== SSHD Config Changes ====
Update ''/etc/ssh/sshd_config'' to include
<code>
PermitRootLogin prohibit-password
PermitEmptyPasswords no
TCPKeepAlive yes
</code>
To temporarily enable Root Login
<code>
PermitRootLogin yes
</code>

==== Network configuration ====
Specify the Static IP address and DNS address in ''/etc/network/interfaces''
<code>
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug enp0s3
#iface enp0s3 inet dhcp
auto enp0s3
iface enp0s3 inet static
        address 192.168.1.47
        netmask 255.255.255.0
        network 192.168.1.0
        gateway 192.168.1.1
        broadcast 192.168.1.255
        dns-nameservers 192.168.1.48
        dns-nameservers 192.168.1.10
        dns-nameservers 192.168.1.1
        dns-nameservers 8.8.8.8

# This is an autoconfigured IPv6 interface
#iface enp0s3 inet6 auto

#
# The network interface for Host-Only Network
auto enp0s8
iface enp0s8 inet static
        address 192.168.56.47
        netmask 255.255.255.0
        network 192.168.56.0
        gateway 192.168.56.1
        broadcast 192.168.56.255
</code>

Update ''/etc/resolv.conf'' as well to indicate the DNS entries and DNS configuration
<code>
nameserver 192.168.1.48
nameserver 192.168.1.10
nameserver 192.168.1.1
nameserver 8.8.8.8
options timeout:1
options attempts:1
</code>

==== Include DNS entry in DNS Servers ====
Include the new server in the DNS entries on the DNS servers: ''ubv47'' and ''ubv10''.

Add the entry in ''/etc/hosts.dnsmasq'' as below:
<code>
192.168.1.50    server50  server50.example.org
</code>
Restart dnsmasq
<code bash>
systemctl restart dnsmasq
# OR
service dnsmasq restart
</code>

==== Backuppc configuration ====
Add new server in Backuppc (ubv33) ''/etc/hosts''. Then copy SSH keys to be able to log in as root from backuppc user.
<code bash>
ssh-copy-id root@<new server>
</code>

==== Nagios configuration ====
Below is the list of Nagios configurations
<code bash>
aptitude install nagios-nrpe-server
# On /etc/nagios/nrpe.cfg, update line to ''allowed_hosts=127.0.0.1,::1,192.168.1.0/24''
# Copy /etc/nagios/nrpe.d/cu_nrpe.cfg configuration from an existing server
# Copy the following files from another server to ''/usr/lib/nagios/plugins/''.
  # check_deleted_lsof
  # check_cpu.sh
  # check_uptime
  # check_template
  # check_mem.pl
  # check_lost_found
  # check_log1
  # check_file_per
  # check_mailq
# Make nagios user part of sudo group
systemctl restart nagios-nrpe-server
</code>

Update file ''/etc/nagios/nrpe.cfg'' and change line as below
<code>
allowed_hosts=127.0.0.1,::1,192.168.1.0/24
</code>

Create file ''/etc/nagios/nrpe.d/cu_nrpe.cfg'' with the below
<code>
command[check_cu_users]=/usr/lib/nagios/plugins/check_users -w 10 -c 15
command[check_cu_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 20,15,10
command[check_cu_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 1 -c 2 -s Z
command[check_cu_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
command[check_cu_swap]=/usr/lib/nagios/plugins/check_swap -w 20 -c 10
command[check_cu_mailq]=/usr/lib/nagios/plugins/check_mailq -w 1 -c 5 -M postfix
command[check_cu_ntp_time]=/usr/lib/nagios/plugins/check_ntp_time -H pool.ntp.org -w 30 -c 60
command[check_cu_memory]=/usr/lib/nagios/plugins/check_mem.pl -u -C -w 80 -c 90
command[check_cu_raid]=/usr/lib/nagios/plugins/check_raid
command[check_cu_cron]=/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1024 -C cron
command[check_cu_pcpu]=/usr/lib/nagios/plugins/check_procs -w 40 -c 45 --metric=CPU -v
command[check_cu_fp_tmp]=/usr/lib/nagios/plugins/check_file_per -f /tmp -p 1777
command[check_cu_disk]=/usr/lib/nagios/plugins/check_disk -w 15% -c 10% -N ext4 -f
command[check_cu_uptime]=/usr/lib/nagios/plugins/check_uptime --warning 60: --critical 60:
command[check_cu_cpu]=/usr/lib/nagios/plugins/check_cpu.sh -w 90 -c 95
command[check_cu_lostfound]=/usr/bin/sudo /usr/lib/nagios/plugins/check_lost_found -w 1 -c 2
command[check_cu_kernlog]=/usr/bin/sudo /usr/lib/nagios/plugins/check_log1 -F /var/log/kern.log -O /tmp/kern.log -q ^
command[check_cu_deleted_lsof]=/usr/bin/sudo /usr/lib/nagios/plugins/check_deleted_lsof -w 50000000 -c 60000000
</code>

Add nagios to sudo group to execute commands that need root access
<code bash>
usermod -a -G sudo nagios
</code>
==== Tools Directory ====
Copy /home/senthil/tools directory to the new server

==== Postfix ====
Validate Postfix configuration

==== MySQL ====
  * Choose a password: ''date|md5sum''
  * Run ''mysql_secure_installation'' to make db secure.
    * Use the above password
  * Run [[tech:mysql:creating_mysql_users_for_a_database#creating_root_user|Create root user]] and set password for remote user
  * Copy /etc/cron.daily/mysql_backup
  * [[tech1:linux:nagios3#create_a_mysql_user_and_database|Create MySQL User and Database]] ''ncheck'' and ''ucheck'' (not ''nagioscheck'') for Monitoring.


===== Install Configuration / Steps =====
    * Postfix is no longer installed by default on Groovy - so please install

===== System Configuration =====
  * Update system by running "aptitude"
    * Completed Security Upgrades
    * Complete Package Upgrades
    * Reboot
  * Network configuration
    * Settings are at [[setup_network_groovy|/etc/netplan/00-installer-config.yaml]]
  * Update user settings with [[etc_skel|this]] set
  * Install the [[most_common_packages_v2|most common packages]] that will the required

===== apt related =====
  * [[tech:linux:apt_upgrades|Automatic apt upgrades]]
  * [[tech:linux:apt_update_resource_overload|APT update resource overload]]

===== More items =====
  * Mail
    * Setup postfix
      * Configure ''/etc/aliases'' to include
<code>
root: system@example.org
user: system@example.org
</code>
Then run ''newaliases''
  * SSH
    * Generate SSH private and public keys
  * Tuning
    * Change swapiness and other parameters based on server needs - [[tech:linux:sysctl_config|sysctl.conf]]
  * Others
    * Optionally ask server to reboot automatically on [[tech1:linux:kernel_panic|kernel panic]]
    * [[tech1:linux:others:i2c_piix4|Disable module i2c_piix4]] on Virtual Machines
    * Install NRPE to be monitored
      * nagios-nrpe-server nagios-plugins
    * Install x11-utils x11-xserver-utils

===== Other Items configuration =====
  * [[apache_configuration|Apache Configuration]]
  * [[tech:linux:etc_skel#sudo_without_password|Setup to sudo without password]]
  * [[tech:linux:mail_server_setup|Mail Server Configuration]]
  * [[tech:linux:mysql:backups|MySQL Backups]]
  * [[tech:linux:others:ntp_update|Reset System Clock with NTP Update]]
  * [[tech:linux:others:pflogsumm_mail_report|Setup mail reporting using pflogsumm]]
  * [[tech:linux:others:notify_reboot_req|Notify if the system requires a reboot]]
  * [[tech:others:mounting_usb_drive_in_ubuntu&#permanently_mount_the_usb_drive|Mounting a USB drive permanently for Backups]]
  * Install telnetd - To be used in case SSH server is down.  Remember to change password immediately if doing a remote connection.
  * [[tech:linux:php_ini|Update php.ini]] configuration file to improve on default limits
  * [[apt_update_resource_overload|Disable APT update resource overload]]
  * Nagios
    * If only setting this up for being monitored install nagios-nrpe-server nagios-plugins
    * Share keys between Nagios host and the new VM
  * Backuppc
    * Setup key share access between backuppc host and the new VM