Linux Virtual Machine Baseline Configuration

Virtual Machine Baseline Configuration

Create VM

Create two network adapters
- NAT
- Host-only
Configure RAM, CPU, Display, Storage, etc. as needed

Ubuntu (20.04 Desktop & Server)

Create default user:
- Username: xadmin
- Password: password
Set hostname to server or desktop as appropriate
Install OpenSSH server (server VMs only)
Install VirtualBox Guest Additions

$ sudo apt upgrade
$ sudo apt update
$ sudo apt install -y build-essential
 Insert Guest Additions image
$ sudo mount /dev/cdrom /cdrom
$ sudo sh /cdrom/VboxLinuxAdditions.run
$ sudo reboot

Clone baseline VM
- Generate new MAC addresses for all adapters

Virtual Machine Configuration

Ubuntu (20.04 Desktop & Server)

Create user

$ sudo adduser <username>
$ sudo adduser <username> sudo
$ logout

Delete default account

 Login as just-created user
$ sudo userdel -r xadmin

Set hostname and domain name

# Make this better so that it ends up being:
# 127.0.0.1 <hostname> localhost <hostname>.<domain>
$ sudo sed -i.bak -e "s/$(hostname)/<hostname>" /etc/hosts && \
    sudo rm /etc/hosts.bak
$ sudo hostnamectl set-hostname <hostname>
$ sudo sed -i.bak -r \
    -e 's/127(.\*)localhost/127\1localhost.<domain> localhost/' \
    -e 's/127(.\*)<hostname>/127\1<hostname>.<domain> <hostname>/' \
    /etc/hosts && rm /etc/hosts.bak
$ echo <FQDN> | sudo tee -a /etc/mailname

Configure static IP address on host-only interface (dedicated servers)

 Edit /etc/netplan/50-cloud-inityaml:
<adapter>:
    dhcp: no
    addresses:
        - <address>/<cidr>
    nameservers:
        addresses: [<dns 1>, <dns 2>]
    # DO NOT configure a gateway on VMs (not sure why this was)
    gateway4: <gw ip>
    optional: true
$ sudo netplan --debug try # test config. reverts after a few minutes
$ sudo netplan --debug apply # save config

Generate locale (server only)

$ sudo locale-gen "en_US.UTF-8"

Configure timezone

$ sudo dpkg-reconfigure tzdata

Bootstrap the system

$ wget -O bootstrap.ini https://gist.githubusercontent.com/jbrubake/02d946ba771eab724e226714e3810dde/raw/c4b63275de8787dbd8458a987df1e0fe6c568df8/bootstrap.ini
 Edit bootstrap.ini as needed
$ wget -O bootstrap https://raw.githubusercontent.com/jbrubake/bootstrap/master/bootstrap 
$ chmod +x boostrap
$ ./bootstrap

Complete winbind & samba configuration (if installed)

$ sudo sed -i.bak -r -e 's/hosts:(.*)files (.*)/hosts:\1files wins \2/' /etc/nsswitch.conf && \
    sudo rm /etc/nsswitch.conf.bak
$ sudo systemctl disable smbd # Unless the machine needs Samba fileshares

Add local repository

$ sudo mkdir /usr/local/share/repository
$ printf "%s\n%s" '# Local repository' 'deb [trusted=yes] file:/usr/local/share/repository ./' | sudo tee -a /etc/apt/sources.list >/dev/null

Add non-free repositories NOTE: this needs fixed

$ sudo sed -i.bak -e 's/restricted/non-free restricted/' /etc/apt/sources.list && \
    sudo rm /etc/apt/sources.list.bak

Install non-free packages (if needed)

$ sudo apt install -y manpages-posix manpages-posix-dev

Upload ssh key

 INSTRUCTIONS

Configure ssh

$ sed -i.bak -e 's/# PermitRootLogin.*/PermitRootLogin no/' \
    -e 's/# PaswordAuthentication.*/PasswordAuthentication no/' \
    -e 's@# Banner none@Banner /etc/issue.net@ \
    /etc/ssh/sshd_config && rm /etc/ssh/sshd_config.bak

Connect to Windows Share (if needed)

$ apt install cifs-utils # Needed to mount share
$ apt install smbclient # Helpful for troubleshooting
$ mkdir /mnt/<mountpoint>
$ chmod 755 /mnt/<mountpoint>
$ echo '//<host>/<share> <mountpoint> cifs noauto,user,credentials=<credsfile>,uid=<username>,gid=<username>,dir_mode=0775,file_mode=0664 0 0' >> /etc/fstab
$ cat << END > <credsfile>
> username=<username>
> password=<password>
> END
$ chmod 600 <credsfile>