====== gmvm-Ubuntu-22.04.1 ====== Gold Master Virtual Machine Ubuntu 22.04.1 File name: ''gmvm-Ubuntu-22.04.1'' ===== Credentials ===== Superuser (''root'') pasword: ''temptemp'' General account temporary user's name: temp General account temporary user's password: temptemp ===== Installation Settings ===== Language: ''English'' Keyboard Layout: [[en:refdref:eskeyboard|es-es]] Base installation: ''Ubuntu Server'' Network: Adapter name ''ens192'', left defaults (DHCP), no proxy. Mirror (automatically chosen): ''http://mx.archive.ubuntu.com/ubuntu'' Disk: Use entire disk as LVM group. See screenshot. Hostname: ''ubuntu2204-new'' ===== Software packages ===== Some software likely may already have been in the system, there was no attempt to confirm. apt -y update ; apt-get -y install htop vim nano rsync curl wget ; apt -y upgrade All updates up to 20240430 applied. ===== System modifications ===== ==== 1. Modifications of the sudoers file ===== - ''sudo'' timer removal From: Defaults env_reset To: Defaults env_reset,timestamp_timeout=-1 It disables the timeout so there no need to enter credentials after the first ''sudo'' operation, in other words, after requiring the password once, the system won't require again on ''sudo'' operations no matter how much time it passes as long as it is the same session. - ''sudo'' password requirement removal From: # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL To: # Allow members of group sudo to execute any command #%sudo ALL=(ALL:ALL) ALL sudo ALL = NOPASSWD: ALL It eliminates the requirement of authenticating oneself on ''sudo'' operations. This obviously makes the previous modification unnecessary, but some might find it more convenient to make a minor modification than go looking for the code as users would only need to move the comment character (''#'') up and down to enable and disable the option at will. This might be considered a major security risk. We think it's irrelevant if its a risk as somebody would have administrative access to the system already. Using key authentication for instance, also eliminates the need for authentication on all ''sudo'' operations., e.g; - ''ssh remotesys 'dnf -y certbot*''' starts an installation\\ - ''ssh remotesys 'cat /etc/passwd' > "$HOME/Desktop/passwd-copy"'' dumps the contents of a remote system's system in a file on the desktop of the local system\\ ==== 2. Modifications of sshd ===== - Acceptance of password authentication for superuser (password login using ''root'') In ''/etc/ssh/sshd_config'', line 33: From: # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password To: # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password PermitRootLogin yes Explanation/reasoning:\\ - ''#PermitRootLogin prohibit-password'' or __nothing__ is the default; meaning root cannot log in directly i.e. ''ssh root@host'' would fail and the user certainly wouldn't be able to run administrative tasks remotely e.g. ''ssh root@host reboot''. They can, however, log in with another account and elevate themselves once in.\\ - ''PermitRootLogin prohibit-password'' allows root to log in directly using types of authentication other than passwords like Kerberos, but often this would be key authentication.\\ - ''PermitRootLogin yes'' is self-explanatory.\\ ===== Admin Notes ===== > The command history was intentionally left behind, mistakes and all; it's not sloppy admin. Some things were done on the temporary account, others as root, both are still in there. > Optical media and drives were removed after i ===== Virtual Hardware Details ===== VM Compatibility: ''ESXi 6.7 U2 and later (VM version 15)'' CPU/Utilization: ''2'' CPU/Shares: ''2000 (Normal)'' CPU/Reservation: ''0 MHz'' CPU/Limit: ''Unlimited'' CPU/Hardware virtualization: ✖︎ CPU/IOMMU: ''Enabled'' CPU/Performance counters: ✖︎ Memory/Utilization: ''2 GB'' Memory/Shares: ''20480 (Normal)'' Memory/Reservation: ''0 MB'' Memory/Limit: ''Unlimited'' Storage/Hard disk 1/Capacity: ''16 GB'' Storage/Hard disk 1/Type: ''Thin Provision'' Storage/Hard disk 1/Sharing: ✖︎ Storage/Hard disk 1/Shares: ''Normal'' Storage/Hard disk 1/Limit - IOPs: ∞ Storage/Hard disk 1/Disk Mode: ''Dependant'' Storage/Hard disk 1/Virtual Device Node: ''SCSI controller 0:0'' Storage/Controller/SCSI controller 0/Type: ''VMware Paravirtual'' Storage/Controller/SCSI controller 0/SCSI Bus Sharing: ✖︎ Storage/Controller/SATA controller 0/Type: ''AHCI'' Network/vNIC 1/Connect At Power On: ✔︎ Network/vNIC 1/Type: ''VMXNET 3'' Network/vNIC 1/DirectPath I/O: ✖︎ Network/vNIC 1/MAC Address: ''Automatic'' ReadOnlyMedia/Drive 1: Datastore ISO File ReadOnlyMedia/Drive 1/File: [[https://dmg.vitanetworks.link/Linux/ubuntu-22.04.1-live-server-amd64.iso|ubuntu-22.04.1-live-server-amd64.iso]] ReadOnlyMedia/Drive 1/Device Mode: ''Emulate CD-ROM'' ReadOnlyMedia/Drive 1/Virtual Device Node: ''SATA controller 0:0 drive 1'' Graphics/Video card: ''Specify custom settings'' Graphics/Video card/Number or displays: ''1'' Graphics/Video card/Total video memory: ''4 MB'' Graphics/Video card/3D graphics: ✖︎ General Options/Guest OS Family: ''Linux'' General Options/Guest OS Version: ''Ubuntu Linux (64-bit)'' VMware Remote Console Options/Guest OS Lock: ✖︎ VMware Remote Console Options/Maximum number of sessions: ''40'' Encryption/Encrypt VM: ''Datastore Default'' Encryption/Encrypted vMation: ✖︎ Encryption/Encrypted Fault Tolerance: ✖︎ Boot Options/Firmware: ''EFI'' Secure Boot: ✖︎ Boot Delay: ''0'' Force EFI setup: ✖︎ Failed Boot Recovery: ✖︎ Advanced/Settings/Disable acceleration: ✖︎ Advanced/Settings/Enable logging: ✖︎ Advanced/Configuration Parameters: ''disk.EnableUUID=TRUE'' Advanced/Latency Sensitivity: ''Normal''