Gold Master Virtual Machine Ubuntu 22.04.1
File name: gmvm-Ubuntu-22.04.1
Superuser (root) pasword: temptemp
General account temporary user's name: temp
General account temporary user's password: temptemp
Language: English
Keyboard Layout: es-es
Base installation: Ubuntu Server
Network: Adapter name ens192, left defaults (DHCP), no proxy.
Mirror (automatically chosen): http://mx.archive.ubuntu.com/ubuntu
Disk: Use entire disk as LVM group. See screenshot.
Hostname: ubuntu2204-new
Some software likely may already have been in the system, there was no attempt to confirm.
apt -y update ; apt-get -y install htop vim nano rsync curl wget ; apt -y upgrade
All updates up to 20240430 applied.
- sudo timer removal
From:
Defaults env_reset
To:
Defaults env_reset,timestamp_timeout=-1
It disables the timeout so there no need to enter credentials after the first sudo operation, in other words, after requiring the password once, the system won't require again on sudo operations no matter how much time it passes as long as it is the same session.
- sudo password requirement removal
From:
# Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL
To:
# Allow members of group sudo to execute any command #%sudo ALL=(ALL:ALL) ALL sudo ALL = NOPASSWD: ALL
It eliminates the requirement of authenticating oneself on sudo operations. This obviously makes the previous modification unnecessary, but some might find it more convenient to make a minor modification than go looking for the code as users would only need to move the comment character (#) up and down to enable and disable the option at will.
This might be considered a major security risk. We think it's irrelevant if its a risk as somebody would have administrative access to the system already. Using key authentication for instance, also eliminates the need for authentication on all sudo operations., e.g;
- ssh remotesys 'dnf -y certbot*' starts an installation
- ssh remotesys 'cat /etc/passwd' > "$HOME/Desktop/passwd-copy" dumps the contents of a remote system's system in a file on the desktop of the local system
- Acceptance of password authentication for superuser (password login using root)
In /etc/ssh/sshd_config, line 33:
From:
# Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password
To:
# Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password PermitRootLogin yes
Explanation/reasoning:
- #PermitRootLogin prohibit-password or nothing is the default; meaning root cannot log in directly i.e. ssh root@host would fail and the user certainly wouldn't be able to run administrative tasks remotely e.g. ssh root@host reboot. They can, however, log in with another account and elevate themselves once in.
- PermitRootLogin prohibit-password allows root to log in directly using types of authentication other than passwords like Kerberos, but often this would be key authentication.
- PermitRootLogin yes is self-explanatory.
The command history was intentionally left behind, mistakes and all; it's not sloppy admin. Some things were done on the temporary account, others as root, both are still in there.
Optical media and drives were removed after i
VM Compatibility: ESXi 6.7 U2 and later (VM version 15)
CPU/Utilization: 2
CPU/Shares: 2000 (Normal)
CPU/Reservation: 0 MHz
CPU/Limit: Unlimited
CPU/Hardware virtualization: ✖︎
CPU/IOMMU: Enabled
CPU/Performance counters: ✖︎
Memory/Utilization: 2 GB
Memory/Shares: 20480 (Normal)
Memory/Reservation: 0 MB
Memory/Limit: Unlimited
Storage/Hard disk 1/Capacity: 16 GB
Storage/Hard disk 1/Type: Thin Provision
Storage/Hard disk 1/Sharing: ✖︎
Storage/Hard disk 1/Shares: Normal
Storage/Hard disk 1/Limit - IOPs: ∞
Storage/Hard disk 1/Disk Mode: Dependant
Storage/Hard disk 1/Virtual Device Node: SCSI controller 0:0
Storage/Controller/SCSI controller 0/Type: VMware Paravirtual
Storage/Controller/SCSI controller 0/SCSI Bus Sharing: ✖︎
Storage/Controller/SATA controller 0/Type: AHCI
Network/vNIC 1/Connect At Power On: ✔︎
Network/vNIC 1/Type: VMXNET 3
Network/vNIC 1/DirectPath I/O: ✖︎
Network/vNIC 1/MAC Address: Automatic
ReadOnlyMedia/Drive 1: Datastore ISO File
ReadOnlyMedia/Drive 1/File: ubuntu-22.04.1-live-server-amd64.iso
ReadOnlyMedia/Drive 1/Device Mode: Emulate CD-ROM
ReadOnlyMedia/Drive 1/Virtual Device Node: SATA controller 0:0 drive 1
Graphics/Video card: Specify custom settings
Graphics/Video card/Number or displays: 1
Graphics/Video card/Total video memory: 4 MB
Graphics/Video card/3D graphics: ✖︎
General Options/Guest OS Family: Linux
General Options/Guest OS Version: Ubuntu Linux (64-bit)
VMware Remote Console Options/Guest OS Lock: ✖︎
VMware Remote Console Options/Maximum number of sessions: 40
Encryption/Encrypt VM: Datastore Default
Encryption/Encrypted vMation: ✖︎
Encryption/Encrypted Fault Tolerance: ✖︎
Boot Options/Firmware: EFI
Secure Boot: ✖︎
Boot Delay: 0
Force EFI setup: ✖︎
Failed Boot Recovery: ✖︎
Advanced/Settings/Disable acceleration: ✖︎
Advanced/Settings/Enable logging: ✖︎
Advanced/Configuration Parameters: disk.EnableUUID=TRUE
Advanced/Latency Sensitivity: Normal