Setting up a new Linux VM

This is similar to Setup New Liux (Physical) Box

This page goes through the various settings that take place to setup a new Ubuntu VM. In this case I was setting Ubuntu 20.10 Groovy Gorilla.

Debian / Bookworm

Specific steps for Debian/Bookworm

Add non-free repositories

In the past (Debian Buster) you will have to update /etc/apt/sources.list by adding contrib non-free to the end of line. However, this time around, this file was empty! Below are the lines obtained from Debian sources list. Also added non-free-firmware to the end.

deb bookworm main contrib non-free non-free-firmware
deb-src bookworm main contrib non-free non-free-firmware

deb bookworm-security main contrib non-free non-free-firmware
deb-src bookworm-security main contrib non-free non-free-firmware

deb bookworm-updates main contrib non-free non-free-firmware
deb-src bookworm-updates main contrib non-free non-free-firmware

Install packages

apt update
apt-get install aptitude
aptitude install vim sudo sysstat locate postfix ssl-cert bsd-mailx net-tools zip unzip rsync git screen
ln -s /usr/sbin/ifconfig /usr/local/bin/ifconfig

Optional packages to install

aptitude install ncdu htop nload pydf iotop

Use tasksel to install GUI such as KDE Plasma.

Other changes

  • vim: Besides other .vimrc setting, also include set mouse=
echo "set mouse=" > ~/.vimrc
sudo echo "set mouse=" | sudo tee -a /root/.vimrc

Comments on Minimum Memory requirements

Update root password

When cloning, make sure to update the root password on the clone. Debian requires it when you need to rescue the system.

SSHD Config Changes

Update /etc/ssh/sshd_config to include

PermitRootLogin prohibit-password
PermitEmptyPasswords no
TCPKeepAlive yes

To temporarily enable Root Login

PermitRootLogin yes

Network configuration

Specify the Static IP address and DNS address in /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug enp0s3
#iface enp0s3 inet dhcp
auto enp0s3
iface enp0s3 inet static

# This is an autoconfigured IPv6 interface
#iface enp0s3 inet6 auto

# The network interface for Host-Only Network
auto enp0s8
iface enp0s8 inet static

Update /etc/resolv.conf as well to indicate the DNS entries and DNS configuration

options timeout:1
options attempts:1

Include DNS entry in DNS Servers

Include the new server in the DNS entries on the DNS servers: ubv47 and ubv10.

Add the entry in /etc/hosts.dnsmasq as below:    server50

Restart dnsmasq

systemctl restart dnsmasq
# OR
service dnsmasq restart

Backuppc configuration

Add new server in Backuppc (ubv33) /etc/hosts. Then copy SSH keys to be able to log in as root from backuppc user.

ssh-copy-id root@<new server>

Nagios configuration

Below is the list of Nagios configurations

aptitude install nagios-nrpe-server
# On /etc/nagios/nrpe.cfg, update line to ''allowed_hosts=,::1,''
# Copy /etc/nagios/nrpe.d/cu_nrpe.cfg configuration from an existing server
# Copy the following files from another server to ''/usr/lib/nagios/plugins/''.
  # check_deleted_lsof
  # check_uptime
  # check_template
  # check_lost_found
  # check_log1
  # check_file_per
  # check_mailq
# Make nagios user part of sudo group
systemctl restart nagios-nrpe-server

Update file /etc/nagios/nrpe.cfg and change line as below


Create file /etc/nagios/nrpe.d/cu_nrpe.cfg with the below

command[check_cu_users]=/usr/lib/nagios/plugins/check_users -w 10 -c 15
command[check_cu_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 20,15,10
command[check_cu_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 1 -c 2 -s Z
command[check_cu_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
command[check_cu_swap]=/usr/lib/nagios/plugins/check_swap -w 20 -c 10
command[check_cu_mailq]=/usr/lib/nagios/plugins/check_mailq -w 1 -c 5 -M postfix
command[check_cu_ntp_time]=/usr/lib/nagios/plugins/check_ntp_time -H -w 30 -c 60
command[check_cu_memory]=/usr/lib/nagios/plugins/ -u -C -w 80 -c 90
command[check_cu_cron]=/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1024 -C cron
command[check_cu_pcpu]=/usr/lib/nagios/plugins/check_procs -w 40 -c 45 --metric=CPU -v
command[check_cu_fp_tmp]=/usr/lib/nagios/plugins/check_file_per -f /tmp -p 1777
command[check_cu_disk]=/usr/lib/nagios/plugins/check_disk -w 15% -c 10% -N ext4 -f
command[check_cu_uptime]=/usr/lib/nagios/plugins/check_uptime --warning 60: --critical 60:
command[check_cu_cpu]=/usr/lib/nagios/plugins/ -w 90 -c 95
command[check_cu_lostfound]=/usr/bin/sudo /usr/lib/nagios/plugins/check_lost_found -w 1 -c 2
command[check_cu_kernlog]=/usr/bin/sudo /usr/lib/nagios/plugins/check_log1 -F /var/log/kern.log -O /tmp/kern.log -q ^
command[check_cu_deleted_lsof]=/usr/bin/sudo /usr/lib/nagios/plugins/check_deleted_lsof -w 50000000 -c 60000000

Add nagios to sudo group to execute commands that need root access

usermod -a -G sudo nagios

Tools Directory

Copy /home/senthil/tools directory to the new server


Validate Postfix configuration


  • Choose a password: date|md5sum
  • Run mysql_secure_installation to make db secure.
    • Use the above password
  • Run Create root user and set password for remote user
  • Copy /etc/cron.daily/mysql_backup
  • Create MySQL User and Database ncheck and ucheck (not nagioscheck) for Monitoring.

Install Configuration / Steps

  • Postfix is no longer installed by default on Groovy - so please install

System Configuration

More items

  • Mail
    • Setup postfix
      • Configure /etc/aliases to include

Then run newaliases

  • SSH
    • Generate SSH private and public keys
  • Tuning
    • Change swapiness and other parameters based on server needs - sysctl.conf
  • Others
    • Optionally ask server to reboot automatically on kernel panic
    • Disable module i2c_piix4 on Virtual Machines
    • Install NRPE to be monitored
      • nagios-nrpe-server nagios-plugins
    • Install x11-utils x11-xserver-utils

Other Items configuration

QR Code
QR Code tech:linux:setup_new_vm (generated for current page)