Server Setup

The normal stuff

Disable root ssh

vi /etc/ssh/sshd_config

#PermitRootLogin yes
PermitRootLogin no

systemctl restart ssh

Clean tmp

tmp is cleand on boot. Because the server does not boot very often (I hope…) we will remove all tmp files older than 90 days, at 5am every day

crontab -e

0 5 * * * find /tmp/* -mtime +90 -exec rm {} \;

Fail2ban

apt-get install fail2ban

Logwatch

apt-get install logwatch

vim /etc/cron.daily/00logwatch
add this line:

/usr/sbin/logwatch --output mail --mailto nils@gerstner.se --detail

Second ip

(Netzkonfiguration Debian Brouter)

http://wepoca.net/setup-root-server-for-drupal-at-hetzner/

Insert in /etc/network/interfaces under the appropriate interface (e.g. “eth0”) the following two lines:

### Hetzner Online GmbH - installimage
# Loopback device:
auto lo
iface lo inet loopback
iface lo inet6 loopback

# device: eth0
auto  eth0
iface eth0 inet static
  address     176.9.137.48
  netmask     255.255.255.224
  pointopoint 176.9.137.33
  gateway     176.9.137.33

 # default route to access subnet
  up route add -net 176.9.137.32 netmask 255.255.255.224 gw 176.9.137.33 eth0

iface eth0 inet6 static
  address 2a01:4f8:160:112b::2
  netmask 64
  gateway fe80::1

  auto virbr1
  iface virbr1 inet static
     address 176.9.137.48
     netmask 255.255.255.224
     bridge_ports none
     bridge_stp off
     bridge_fd 0
     pre-up brctl addbr virbr1
     up ip route add 176.9.137.60/32 dev virbr1
     down ip route del 176.9.137.60/32 dev virbr1

A corresponding host route needs to be created for each additional IP address. The eth0 configuration remains unchanged for IPv4.

Guest:

auto eth0
iface eth0 inet static
   address 176.9.137.60
   netmask 255.255.255.224
   pointopoint 176.9.137.48
   gateway 176.9.137.48

KVM

KVM/QEMU: connect to vm without gui

apt-get install kvm qemu-kvm libvirt-bin virtinst

adwaita-icon-theme at-spi2-core augeas-lenses colord colord-data dconf-gsettings-backend dconf-service dns-root-data dnsmasq-base ebtables glib-networking glib-networking-common glib-networking-services gsettings-desktop-schemas libapparmor1 libatk-bridge2.0-0 libatspi2.0-0 libaugeas0 libcairo-gobject2 libcolord2 libcolorhug2 libdconf1 libexif12 libfile-copy-recursive-perl libgd3 libgphoto2-6 libgphoto2-l10n libgphoto2-port10 libgtk-3-0 libgtk-3-bin libgtk-3-common libgtk-vnc-2.0-0 libgudev-1.0-0 libgusb2 libgvnc-1.0-0 libieee1284-3 libjson-glib-1.0-0 libjson-glib-1.0-common liblcms2-2 libnetcf1 libnetfilter-conntrack3 libnl-3-200 libnl-route-3-200 libpcap0.8 libpciaccess0 libpolkit-agent-1-0 libpolkit-backend-1-0 libpolkit-gobject-1-0 libproxy1 libpulse-mainloop-glib0 librest-0.7-0 libsane libsane-common libsane-extras libsane-extras-common libsoup-gnome2.4-1 libsoup2.4-1 libspice-client-glib-2.0-8 libspice-client-gtk-3.0-4 libusbredirhost1 libv4l-0 libv4lconvert0 libvirt-bin libvirt-clients libvirt-daemon libvirt-daemon-system libvirt0 libvpx1 libwayland-client0 libwayland-cursor0 libx86-1 libxkbcommon0 libxml2-utils libxpm4 libxslt1.1 netcat-openbsd pm-utils policykit-1 python-libvirt python-libxml2 python-pycurl python-support python-urlgrabber qemu-kvm sane-utils spice-client-glib-usb-acl-helper update-inetd vbetool virt-viewer virtinst

virsh -c qemu:///system list

mkdir /srv/vmimage
cd /srv/vmimage/

wget http://cdimage.debian.org/debian-cd/8.5.0/amd64/iso-cd/debian-8.5.0-amd64-netinst.iso

virt-install --connect qemu:///system --name debian01 --memory 512 --cdrom /srv/vmimage/debian-8.5.0-amd64-netinst.iso --disk size=20 --noautoconsole --os-type linux --accelerate --network=bridge:virbr1 --hvm --graphics vnc,port=5900,listen=0.0.0.0