Setting up a new Linux VM
This is similar to Setup New Liux (Physical) Box
This page goes through the various settings that take place to setup a new Ubuntu VM. In this case I was setting Ubuntu 20.10 Groovy Gorilla.
Debian / Buster
Specific steps for Debian/Buster
Install packages
apt update apt-get install aptitude aptitude install vim sudo sysstat locate postfix ssl-cert bsd-mailx net-tools zip unzip rsync git ln -s /usr/sbin/ifconfig /usr/local/bin/ifconfig updatedb
Optional packages to install
aptitude install ncdu htop nload pydf iotop
Use tasksel to install GUI such as KDE Plasma.
Other changes
- vim: Besides other .vimrc setting, also include
set mouse=
echo "set mouse=" > ~/.vimrc sudo echo "set mouse=" | sudo tee -a /root/.vimrc
Add non-free repositories
Update /etc/apt/sources.list by adding contrib non-free to the end of line.
deb http://deb.debian.org/debian/ buster main contrib non-free deb-src http://deb.debian.org/debian/ buster main contrib non-free deb http://security.debian.org/debian-security buster/updates main contrib non-free deb-src http://security.debian.org/debian-security buster/updates main contrib non-free # buster-updates, previously known as 'volatile' deb http://deb.debian.org/debian/ buster-updates main contrib non-free deb-src http://deb.debian.org/debian/ buster-updates main contrib non-free
Comments on Minimum Memory requirements
Update root password
When cloning, make sure to update the root password on the clone. Debian requires it when you need to rescue the system.
SSHD Config Changes
Update /etc/ssh/sshd_config to include
PermitRootLogin prohibit-password PermitEmptyPasswords no TCPKeepAlive yes
To temporarily enable Root Login
PermitRootLogin yes
Backuppc configuration
Add new server in Backuppc (ubv33) /etc/hosts. Then copy SSH keys to be able to log in as root from backuppc user.
ssh-copy-id root@<new server>
Nagios configuration
Below is the list of Nagios configurations
aptitude install nagios-nrpe-server # On /etc/nagios/nrpe.cfg, update line to ''allowed_hosts=127.0.0.1,::1,192.168.1.0/24'' # Copy /etc/nagios/nrpe.d/cu_nrpe.cfg configuration from an existing server # Copy the following files from another server to ''/usr/lib/nagios/plugins/''. # check_deleted_lsof # check_cpu.sh # check_uptime # check_template # check_mem.pl # check_lost_found # check_log1 # check_file_per # check_mailq # Make nagios user part of sudo group systemctl restart nagios-nrpe-server
Tools Directory
Copy /home/senthil/tools directory to the new server
Postfix
Validate Postfix configuration
MySQL
- Choose a password:
date|md5sum - Run
mysql_secure_installationto make db secure.- Use the above password
- Run Create root user and set password for remote user
- Copy /etc/cron.daily/mysql_backup
Install Configuration / Steps
- Postfix is no longer installed by default on Groovy - so please install
System Configuration
- Update system by running “aptitude”
- Completed Security Upgrades
- Complete Package Upgrades
- Reboot
- Network configuration
- Settings are at /etc/netplan/00-installer-config.yaml
- Update user settings with this set
- Install the most common packages that will the required
apt related
More items
- Mail
- Setup postfix
- Configure
/etc/aliasesto include
root: system@example.org user: system@example.org
Then run newaliases
- SSH
- Generate SSH private and public keys
- Tuning
- Change swapiness and other parameters based on server needs - sysctl.conf
- Others
- Optionally ask server to reboot automatically on kernel panic
- Disable module i2c_piix4 on Virtual Machines
- Install NRPE to be monitored
- nagios-nrpe-server nagios-plugins
- Install x11-utils x11-xserver-utils
Other Items configuration
- Install telnetd - To be used in case SSH server is down. Remember to change password immediately if doing a remote connection.
- Update php.ini configuration file to improve on default limits
- Nagios
- If only setting this up for being monitored install nagios-nrpe-server nagios-plugins
- Share keys between Nagios host and the new VM
- Backuppc
- Setup key share access between backuppc host and the new VM
