Menu
Article ubuntu

Ubuntu Oxidized Setup - Part #1

Tony J

Tony J

• 5 min read
Ubuntu Oxidized Setup - Part #1

This is a quick write up of how to install Oxidized under Ubuntu Linux. In Part #1 we will install Ubuntu, in Part #2 we will install and configure Oxidized.

Oxidized is a network device configuration backup tool. It's a RANCID replacement!

For something called Oxidized I really expected this to be writting in rust not ruby 😅.

Installing Ubuntu

  1. Grab the latest LTS ISO from https://ubuntu.com/download/server#release-notes.
  2. Either build a Virtual Machine to the minimum spec or write ISO to USB for physical install using balenaEtcher.
  3. Boot from the install media and select Try or Install Ubuntu Server.
  4. Select your language.
  5. Confirm keyboard and language settings.
  6. Select the type of installation you want. To make things easy we will pick Ubuntu Server, if you know what you are doing you can select Ubuntu Server (minimized). If required you can have the installer search for third-party drivers such Network Cards or GFX cards.
  7. You can now set a static IP Addtess or use DHCP as required. Once installed this can be changed.
  8. If you require a proxy server to access the internet you can set it here. If not, just hit Done.
  9. The installer will now check it can access the mirror (This is where Ubuntu downloads applications & updates from) to download files for installation.
  10. Now you can setup your disk as required. If you need to encrypt the disk you can use LVM with LUKS and set a passphrase. As this is a virtual machine I will just tell the installer to use the whole disk and not use LVM & confirm.


  11. We will now create a user account and set the servers name. The first user created will have sudo access by default to allow system administration.
  12. I will skip Ubuntu Pro for this install
  13. We will install OpenSSH server, if you want to import ssh-keys form GitHub you can here, otherwise you will need the password previously set to access the server.
  14. We can skip the Feautre Server Snaps as we do not want/need any snaps.
  15. The installer will now get to work, you can watch the log for what it is doing. This will also install updates, you can skip if you want but better to just leave it run through.


  16. We can now reboot into our new installation.

Post Installation Bits

Once rebooted we land at the login prompt.

Using the username/password we set we can login.

We can use ip a to confirm the IP Address of the server.

Passwordless sudo

I don't really want to have to remember or have passwords for the server so I will switch sudo to be passwordless. To do this we will run sudo visudo & change the below line:

%sudo ALL=(ALL:ALL) ALL

to

%sudo ALL=(ALL:ALL) NOPASSWD:ALL

and save the file using CTRL+X.

Copying ssh-key

On Windows / Mac & Linux you can open a terminal and run ssh-keygen to generate a private ( like underwear, never to be shared ) and public ( what you do share ) keys.

Once you have these keys you can use ssh-copy-id to copy the public key to the remote system, if this is not supported then you can manually add the public key to /home/[username]/.ssh/authorized_keys

Auto Updates

To keep the server upto date we will want to configure automatic updates. To do this we will ensure the unattended-upgrades package is installed & enable:

sudo apt-get install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

Using sudo nano /etc/apt/apt.conf.d/50unattended-upgrades we can modify the below setting by removing // to suit a maintence window.

//Unattended-Upgrade::Automatic-Reboot "false";
//Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
//Unattended-Upgrade::Automatic-Reboot-Time "02:00";

We can also change the below line to send an email to the system administrator:

//Unattended-Upgrade::Mail "";

Enabled email via smtp server/relay

I normally use ssmpt to allow my linux boxes to send emails.

sudo apt-get install ssmtp
sudo dpkg-reconfigure ssmtp





We will then set an address for root's mails to be sent to.

sudo nano /etc/ssmtp/revaliases

Prompting before restart over ssh

This is something that can save your bacon! Using molly-guard you will be prompted for the server hostname before shutdown/reboot.

sudo apt-get install molly-guard

After this installed you will be prompted to type the servers hostname before a restart/shutdown.

Check for updates and reboot

Finally we will check for updates and reboot to ensure the system is ready to start the application sinatll.

sudo apt-get update && sudo apt-get dist-upgrade -y
sudo shutdown -r now

Next, Oxidized setup

That is it for now, check out the next post for the Oxidized setup !

Share
Show Comments

Topics

ctf: 55 TyrHackMe: 37 tryhackme: 32 hacking: 32 boot2root: 19 enumertaion: 17 python: 9 security: 8 lfi: 6 Getting Started: 5 windows: 5 AdventOfCyber2: 5 ubuntu: 5 BufferOverflow: 3 php: 2 exploit: 2 Linux: 2 IDOR: 2 reverse engineering: 2 OWASP: 2 >blog: 2 sudo: 2 AdventOfCyber: 2 adventofcyber2023: 2 oxidized: 2 nginx: 2 ssl: 1 kubernetes: 1 aoc: 1 AdventOfCyber3: 1 usb: 1 dns: 1 letsencrypt: 1 javascript: 1 bypass: 1 authentication: 1 firefox: 1 containers: 1 retropi: 1 ai: 1 chatbot: 1 password cracking: 1 hydra: 1 crunch: 1 cewl: 1 wfuzz: 1 nessus: 1 pwndoc-ng: 1 dodge: 1 n64: 1 raspberry: 1 microsoft: 1 rat: 1 social engineering: 1 microsoft teams: 1 docker: 1 ssti: 1 teams: 1 sqlmap: 1 raspbery pi os: 1 workspace: 1 citrix: 1 raspberry pi: 1 git: 1 pi: 1 ics: 1 ot: 1 modbus: 1 stream: 1 serialisation: 1 serialization: 1 volatility: 1 forensics: 1 SQLi: 1 serial: 1