STMA

CentOS 7 VirtualBox Guest



Last updated 2018-03-02

VirtualBox guest machine setup

OS installation

  1. Install from minimal installation disk (1708)
  2. Set disk partitioning to Standard Partitions and automatically create partitions, then change swap and /boot to 512 MB each and set / as large as possible
  3. Set hostname , turn on networking
  4. Set root password
  5. Create user, with administrator privileges
  6. Reboot, log in as “stick”, sudo yum update, reboot

Security

Secure SSH

sudo vim /etc/ssh/sshd_config

  1. Optionally, set SSH to listen on IPv4 only.
...
AddressFamily inet
...
  1. Use only secure ciphers and macs.
...
# Ciphers and keying
Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
Macs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512
#RekeyLimit default none
...
  1. Disallow root login, and make it harder to brute force guesses.
...
LoginGraceTime 30
PermitRootLogin no
#StrictModes yes
MaxAuthTries 2
MaxSessions 2
...
  1. Optinally, set SSH to use pubkey login only. Ensure you set up public key authentication for you user before you do this.
...
#PubkeyAuthentication yes
...
PasswordAuthentication no
...

Disable IPv6 and set other networking options

  1. sudo nmtui
    • Edit a connection -> eth0 -> Edit… -> IPv6 CONFIGURATION <Ignore> -> OK
  2. sudo curl -L https://raw.githubusercontent.com/nstickney/dotfiles/master/aconfmgr/files/etc/sysctl.d/51-net.conf -o /etc/sysctl.d/51-net.conf
  3. sudo reboot

You can use ip addr to check that IPv6 really is turned off.. The various options specified in 51-net.conf are mostly from the ArchWiki.

Optional: Remove unwanted network listeners:

  1. sudo yum remove chrony postfix

Set up firewall

  1. curl -o fw.sh https://raw.githubusercontent.com/nstickney/dotfiles/master/bin/fw.sh
  2. sudo ./fw.sh
  3. rm fw.sh

Disable root account

  1. sudo usermod -p '!' root
  2. sudo passwd -l root.

Skip the grub timeout on boot

  1. sudo vim /etc/default/grub
  1. sudo grub2-mkconfig -o /boot/grub2/grub.cfg

Install additional software

Install VirtualBox Guest Additions

See CentOS wiki.

  1. sudo yum install bzip2 dkms gcc kernel-devel make
  2. “Devices -> Insert Guest Additions CD image”
  3. sudo mount /dev/sr0 /mnt && sudo /mnt/VBoxLinuxAdditions.run
  4. Reboot and remove the Guest Additions CD image (or remove optical device entirely)

Install Vim (version 8)

Thanks to SysTutorials QA.

  1. sudo curl -L https://copr.fedorainfracloud.org/coprs/mcepl/vim8/repo/epel-7/mcepl-vim8-epel-7.repo -o /etc/yum.repos.d/mcepl-vim8-epel-7.repo
  2. sudo yum update
  3. sudo yum install vim

Optional: Install the EPEL repo

The EPEL repository contains a large number of extra packages for Enterprise Linux (and by extension CentOS).

Install other useful packages

The dig and nslookup commands on CentOS 7 are in the bind-utils package. You should know what git is. The mlocate package is a way to find files across your entire system.

If you installed the EPEL repo above, you can also install ag, the silver searcher.

Configure the system

Optional: Install dotfiles

  1. cd ~ && git clone https://github.com/nstickney/dotfiles && ./dotfiles/install.sh
  2. Refresh bash session (logout/login, etc)

Optional: Create a snapshot

  1. history -c
  2. Close -> ACPI Shutdown
  3. Snapshots -> Take