Setup virtual hardware 2 procs 1gb
Remove Floppy, turn off logging
Enable hot mem/cpu add
Set to efi bios
Install ubuntu using defaults except
Don’t use LVM (that way there is no issue with space on /boot)
Install security updates automatically
Install openssh additional packages
Do this before you install libpam-krb5 to avoid questions on configuration.
#wget https://somesite/krb5.txt --no-check-certificate -O /etc/krb5.conf
The is the rest of the install:
apt-get install -y open-vm-tools snmpd libpam-krb5
useradd netlogix -c "Borba, Steven J" -u 1924 -m -G sudo -s /bin/bash
echo "agentAddress udp:161" > /etc/snmp/snmpd.conf
echo "rwcommunity Private" >> /etc/snmp/snmpd.conf
echo "sysLocation 123 Main St, Ontario, CA 91761" >> /etc/snmp/snmpd.conf
echo "sysContact MIS Department - (123) 456-7890" >> /etc/snmp/snmpd.conf
sed s_-Lsd_-LS4d_ /etc/init.d/snmpd -i
sed s_-Lsd_-LS4d_ /etc/default/snmpd -i
#sed 's_ntp.ubuntu.com_<INTERNAL NTP>_' /etc/default/ntpdate -i
echo "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf
sysctl -p
echo "*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s 10.254.32.0/24 -p udp -m udp --dport 161 -j ACCEPT
-A INPUT ! -i lo -j DROP
COMMIT" > /etc/iptables.rules
iptables-restore < /etc/iptables.rules
echo ' pre-up iptables-restore < /etc/iptables.rules' >> /etc/network/interfaces
echo '*.*;auth,authpriv.none @syslogserver.steveborba.com' > /etc/rsyslog.d/30-remote-syslog.conf
echo "UseDNS no" >> /etc/ssh/sshd_config
echo "This system is considered private and proprietary and is subject to audit." > /etc/issue
echo "The unauthorized access, use or modification of this or any other computer" >> /etc/issue
echo "systems or networks or of the data contained therein or in transit" >> /etc/issue
echo "thereto/therefrom is a criminal violation of federal and state laws and will" >> /etc/issue
echo "be prosecuted to the fullest extent of the law." >> /etc/issue
rm /etc/issue.net
ln -s /etc/issue /etc/issue.net
sed s_#Banner_Banner_ /etc/ssh/sshd_config -i
vmware-toolbox-cmd timesync enable
apt-get update && apt-get dist-upgrade -y && reboot