Linux/Xen/DomU/Devuan/Devuan Beowulf: Difference between revisions

Latest revision as of 16:52, 11 December 2020

Devuan Beowulf

Start this process on a existing Devuan system. You will need to have the Devuan patched version of debootstrap installed.

Create a empty image file and format it with ext3.

dd if=/dev/zero of=devuan_beowulf.img bs=1M count=1 seek=1024
mkfs.ext3 devuan_beowulf.img

Create a directory to mount the image on. Using '/mnt/img' for this example.

mkdir /mnt/img
mount -oloop devuan_beowulf.img /mnt/img

Start the debootstrap process. The version of 'su' that ships with beowulf no longer runs /etc/profile by default. So either run 'su -' to initiate a login shell that will source /etc/profile or add /usr/sbin to your path. 'export PATH=$PATH:/usr/sbin' debootstrap will not run correctly without /usr/sbin in your path. You will get the error message "E: Unable to execute target architecture" when trying to run debootstrap.

debootstrap --arch=i386 --variant=minbase beowulf /mnt/img http://deb.devuan.org/merged/

Once that completes, copy your existing /etc/apt/sources.list to the new image so we can run updates.

cp /etc/apt/sources.list /mnt/img/etc/apt/

Here is a basic sources.list

deb http://deb.devuan.org/merged beowulf main
deb http://deb.devuan.org/merged beowulf-updates main
deb http://deb.devuan.org/merged beowulf-security main

Mount the necessary system files so that we can enter the new root filesystem with chroot.

mount --bind /dev /mnt/img/dev
mount --bind /dev/pts /mnt/img/dev/pts
mount -t proc proc /mnt/img/proc
mount -t sysfs sys /mnt/img/sys
/usr/sbin/chroot /mnt/img

Run updates.

apt-get update
apt-get upgrade

Install a frontend for debconf

apt-get install whiptail

Install locales and configure them.

apt-get install locales
dpkg-reconfigure locales

Configure the system timezone.

dpkg-reconfigure tzdata

The en_US.UTF-8 locale has changed the time format so it no longer displays in 24 hour time.

locale date_fmt
%a %d %b %Y %r %Z

This can be fixed by using the basic 'C' locale for time.

update-locale LC_TIME=C.UTF-8

Install networking systems

apt-get install netbase net-tools ifupdown inetutils-ping isc-dhcp-client

Install the kernel image, SSH server, full version of vim and rsyslog

apt-get install linux-image-686
apt-get install openssh-server
apt-get install vim

Beowulf defaults to mouse=a (Set via '/usr/share/vim/vim81/defaults.vim') which is great if you are using VIM in a graphical interface but breaks pasting when using a console/SSH. To fix this edit '/etc/vim/vimrc'

Uncomment 'let g:skip_defaults_vim = 1'
Uncomment 'syntax on'
Add 'set mouse=r'

apt-get install rsyslog

To use the Xen console 'xl console (domU)' you need to setup a tty on /dev/hvc0. Edit /etc/inittab and add this line.

co:2345:respawn:/sbin/getty 38400 hvc0

Network

Configure your '/etc/network/interfaces' for DHCP

# interfaces(5) file used by ifup(8) and ifdown(8)
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto eth0
iface eth0 inet dhcp

We need to allow root logins over SSH.

Edit /etc/ssh/sshd_config and change,

#PermitRootLogin prohibit-password

to

PermitRootLogin yes

GRUB

Setup a basic grub config in "/boot/grub/menu.lst"

default         0
timeout         2

title           Devuan Beowulf
root            (hd0,0)
kernel          /boot/vmlinuz-4.19.0-13-686-pae root=/dev/xvda1 ro console=hvc0
initrd          /boot/initrd.img-4.19.0-13-686-pae

title           Devuan Beowulf (Single-User)
root            (hd0,0)
kernel          /boot/vmlinuz-4.19.0-13-686-pae root=/dev/xvda1 ro single console=hvc0
initrd          /boot/initrd.img-4.19.0-13-686-pae

Configure a basic fstab

# Begin /etc/fstab
# <file system> <mount-point>   <type>   <options>                      <dump> <pass>
/dev/sda1          /             ext3      defaults,errors=remount-ro    0     0
proc               /proc         proc      defaults                      0     0

# End /etc/fstab

SSH host keys fix

Since this image will get cloned and used to create new virtual machines we don't want to re-use the same keys for every virtual machine. Devuan won't regenerate SSH host keys if you delete them from /etc/ssh. So we need to make some changes to /etc/init.d/ssh so it regenerates the host keys.

Here is a patch for /etc/init.d/ssh

--- old_ssh	2018-12-16 21:33:01.193415639 +0000
+++ ssh	2018-12-23 19:05:39.647919366 +0000
@@ -72,6 +72,57 @@ check_privsep_dir() {
     fi
 }
 
+# Some variables to make things more readable 
+KEYGEN=/usr/bin/ssh-keygen
+RSA_KEY=/etc/ssh/ssh_host_rsa_key
+ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
+ED25519_KEY=/etc/ssh/ssh_host_ed25519_key
+
+do_rsa_keygen() {
+        if [ ! -s $RSA_KEY ]; then
+                echo -n "Generating SSH2 RSA host key: "
+                rm -f $RSA_KEY
+                if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >/dev/null; then
+                        chmod 600 $RSA_KEY
+                        chmod 644 $RSA_KEY.pub
+			echo "OK"
+                else
+			echo "FAIL"
+                        exit 1
+                fi
+        fi
+}
+ 
+do_ecdsa_keygen() {
+        if [ ! -s $ECDSA_KEY ]; then
+                echo -n "Generating SSH2 ECDSA host key: "
+                rm -f $ECDSA_KEY
+                if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >/dev/null; then
+                        chmod 600 $ECDSA_KEY
+                        chmod 644 $ECDSA_KEY.pub
+			echo "OK"
+                else
+			echo "FAIL"
+                        exit 1
+                fi
+        fi
+}
+ 
+do_ed25519_keygen() {
+        if [ ! -s $ED25519_KEY ]; then
+                echo -n "Generating SSH2 ED25519 host key: "
+                rm -f $ED25519_KEY
+                if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >/dev/null; then
+                        chmod 600 $ED25519_KEY
+                        chmod 644 $ED25519_KEY.pub
+			echo "OK"
+                else
+			echo "FAIL"
+                        exit 1
+                fi
+        fi
+}
+
 check_config() {
     if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
 	/usr/sbin/sshd $SSHD_OPTS -t || exit 1
@@ -86,6 +137,11 @@ case "$1" in
 	check_privsep_dir
 	check_for_no_start
 	check_dev_null
+
+	do_rsa_keygen
+	do_ecdsa_keygen
+	do_ed25519_keygen
+
 	log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd" || true
 	if start-stop-daemon --start --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
 	    log_end_msg 0 || true

Firewall

apt-get install iptables
apt-get install ufw

ufw allow OpenSSH
ufw enable

Final Cleanup

Set a hostname.

Remove SSH host keys so that new ones get generated on first boot.

Remove the old leases file so that the VM will request a fresh IP address each time.

Set a root password

echo 'devuan' > /etc/hostname
rm /var/lib/dhcp/dhclient.eth0.leases
rm /etc/ssh/ssh_host_*
passwd root

Linux/Xen/DomU/Devuan/Devuan Beowulf: Difference between revisions

Latest revision as of 16:52, 11 December 2020

Contents

Devuan Beowulf

Network

GRUB

SSH host keys fix

Firewall

Final Cleanup

Navigation menu

Linux/Xen/DomU/Devuan/Devuan Beowulf: Difference between revisions

Latest revision as of 16:52, 11 December 2020

Devuan Beowulf

Network

GRUB

SSH host keys fix

Firewall

Final Cleanup

Navigation menu

Search