Setting up a new Linux VM

This is similar to Setup New Liux (Physical) Box

This page goes through the various settings that take place to setup a new Ubuntu VM. In this case I was setting Ubuntu 20.10 Groovy Gorilla.

Specific steps for Debian/Buster

apt update
apt-get install aptitude
aptitude install vim sudo sysstat locate postfix ssl-cert bsd-mailx net-tools zip unzip
ln -s /usr/sbin/ifconfig /usr/local/bin/ifconfig
updatedb

Optional packages to install

aptitude install ncdu htop nload pydf iotop

Use tasksel to install GUI such as KDE Plasma.

• vim: Besides other .vimrc setting, also include set mouse=

echo "set mouse=" > ~/.vimrc
sudo echo "set mouse=" | sudo tee -a /root/.vimrc

Update /etc/apt/sources.list by adding contrib non-free to the end of line.

deb http://deb.debian.org/debian/ buster main contrib non-free
deb-src http://deb.debian.org/debian/ buster main contrib non-free

deb http://security.debian.org/debian-security buster/updates main contrib non-free
deb-src http://security.debian.org/debian-security buster/updates main contrib non-free

# buster-updates, previously known as 'volatile'
deb http://deb.debian.org/debian/ buster-updates main contrib non-free
deb-src http://deb.debian.org/debian/ buster-updates main contrib non-free

https://unix.stackexchange.com/questions/616137/kernel-panic-on-debian-buster-with-128-mb-of-memory

When cloning, make sure to update the root password on the clone. Debian requires it when you need to rescue the system.

Update /etc/ssh/sshd_config to include

PermitRootLogin prohibit-password
PermitEmptyPasswords no
TCPKeepAlive yes

• Postfix is no longer installed by default on Groovy - so please install

• Update system by running “aptitude”
  • Completed Security Upgrades
  • Complete Package Upgrades
  • Reboot
• Network configuration
  • Settings are at /etc/netplan/00-installer-config.yaml
• Update user settings with this set
• Install the most common packages that will the required

• Automatic apt upgrades
• APT update resource overload

• Mail
  • Setup postfix
    • Configure /etc/aliases to include

root: system@example.org
user: system@example.org

Then run newaliases

• SSH
  • Generate SSH private and public keys
• Tuning
  • Change swapiness and other parameters based on server needs - sysctl.conf
• Others
  • Optionally ask server to reboot automatically on kernel panic
  • Disable module i2c_piix4 on Virtual Machines
  • Install NRPE to be monitored
    • nagios-nrpe-server nagios-plugins
  • Install x11-utils x11-xserver-utils

• Apache Configuration
• Setup to sudo without password
• Mail Server Configuration
• MySQL Backups
• Reset System Clock with NTP Update
• Setup mail reporting using pflogsumm
• Notify if the system requires a reboot
• Mounting a USB drive permanently for Backups
• Install telnetd - To be used in case SSH server is down. Remember to change password immediately if doing a remote connection.
• Update php.ini configuration file to improve on default limits
• Disable APT update resource overload
• Nagios
  • If only setting this up for being monitored install nagios-nrpe-server nagios-plugins
  • Share keys between Nagios host and the new VM
• Backuppc
  • Setup key share access between backuppc host and the new VM