VM-nummer börjar på 1xx
Standard Inställningar, inklusive BIOS
Fog kör 1 CPU, 4 cores
Hårddisk: 750Gb, men behövs mer, ta mer.
RAM: 16384MiB
Ingen server kör trunk - Alla skall kopplas till ett specifikt VLAN-nummer
Engelska, svenskt tangentbord
Hela disken
Statiskt IP-nummer
domain: cnap.hv.se,
DNS 193.10.203.11
Inget IPv6
Skapa eget användarnamn (imra) med eget starkt lösenord (hahaha)
Efter installation:
Ändra i Proxmox → VM 1xx (xyz) → Options → QEMU guest agent → EnabledFår du orange text måste du starta om VM i proxmox (inte i Linux; shutdown -r now funkar inte !!!)
Eventuellt:
apt update
apt-get install qemu-guest-agent
systemctl start qemu-guest-agent
systemctl enable qemu-guest-agent
Dubbelkolla IP-nummer i proxmox
Avinstallera UFW
Installera Iptables
Brandväggen ska blockera allt förutom:
Ping (ICMP echo, echo-reply)
SSH
*filter
:INPUT DROP [950:139431]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1027330:17677670401]
-A INPUT -i lo -m comment --comment "Allow local communication WITHIN this server" -j ACCEPT
-A INPUT -i lo -m comment --comment "Allow local communication WITHIN this server" -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "TCP,UDP,ICMP? return traffic from OUR packets" -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m comment --comment "Allow incoming PING" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m comment --comment "Allow incoming SSH" -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 193.10.203.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 69 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 111 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 111 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 2049 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 1024:65535 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -s 192.168.16.0/24 -p tcp -j ACCEPT
-A INPUT -s 192.168.16.0/24 -p udp -j ACCEPT
COMMIT
STATUS
root@fog:/home/cisco/robert# iptables -vL
Chain INPUT (policy DROP 966 packets, 145K bytes)
pkts bytes target prot opt in out source destination
80412 11M ACCEPT all -- lo any anywhere anywhere /* Allow local communication WITHIN this server */
0 0 ACCEPT all -- lo any anywhere anywhere /* Allow local communication WITHIN this server */
1786K 17G ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED /* TCP,UDP,ICMP? return traffic from OUR packets */
3 212 ACCEPT icmp -- any any anywhere anywhere icmp echo-request /* Allow incoming PING */
2 104 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh /* Allow incoming SSH */
2042 108K ACCEPT tcp -- any any 192.168.0.0/16 anywhere tcp dpt:http
0 0 ACCEPT tcp -- any any 193.10.203.0/24 anywhere tcp dpt:http
39 2762 ACCEPT udp -- any any 192.168.0.0/16 anywhere udp dpt:tftp
0 0 ACCEPT udp -- any any 192.168.0.0/16 anywhere udp dpt:sunrpc
18 1080 ACCEPT tcp -- any any 192.168.0.0/16 anywhere tcp dpt:sunrpc
7 420 ACCEPT tcp -- any any 192.168.0.0/16 anywhere tcp dpt:nfs
0 0 ACCEPT udp -- any any 192.168.0.0/16 anywhere udp dpt:nfs
31 7402 ACCEPT udp -- any any 192.168.0.0/16 anywhere udp dpts:1024:65535
0 0 ACCEPT tcp -- any any 192.168.0.0/16 anywhere tcp dpt:ftp
0 0 ACCEPT tcp -- any any 192.168.0.0/16 anywhere tcp dpt:ftp-data
7 420 ACCEPT tcp -- any any 192.168.16.0/24 anywhere
1899 205K ACCEPT udp -- any any 192.168.16.0/24 anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1058K packets, 18G bytes)
pkts bytes target prot opt in out source destination
apt-get update
apt-get install iptables-persistent
cat /etc/iptables/rules.v4
cat /etc/iptables/rules.v6
Nya regler
$ sudo iptables-save > /etc/iptables/rules.v4
OR
$ sudo ip6tables-save > /etc/iptables/rules.v6
PermitRootLogin no
Banner /etc/motd <-- KEEP OUT !! Property of CNAP - Cisco Networking Academy Program !!
LoginGraceTime 2m
StrictModes yes
MaxAuthTries 2
MaxSessions 3
MaxStartups 3:100:4
1. Uppdatera
sudo -i
apt-get -y install git
2. Hämta Fog
sudo -i
cd /root
git clone https://github.com/FOGProject/fogproject.git
cd fogproject
2.1 cd into where you cloned the git repo, e.g. /root/fogproject
cd /root/fogproject
2.3 update all branches
git fetch --all
2.3.1Använd Stable
git checkout stable
3 Installera
sudo -i
cd /root/fogproject/bin
./installfog.sh
You can now login to the FOG Management Portal using
the information listed below. The login information
is only if this is the first install.
This can be done by opening a web browser and going to:
https://x.x.x.x/fog/management
Default User Information
Username: XXXXXXXXXXXXXXXX
Password: XXXXXXXXXXXXXXXX