Additional Ubuntu Fixes
Make RAW Disk Image of Physical Disk
DD can be used to make a RAW image of a disk, and can be mounted in other linux systems for use.
dd if=/dev/{BLOCK} of=/some/filesystem/{IMAGE}.raw bs=1M conv=noerror,sync status=progress
losetup -f -P /some/filesystem/{IMAGE}.raw
losetup -l
mount /dev/loop0p1 /mnt/test/
umount /dev/loop0p1
losetup -d /dev/loop0
Grub OS Prober
Grub will throw the following error on 4.9+ Kernels running VM’s on block devices or ZFS during normal upgrades:
device-mapper reload ioctl on osprober-linux
These devices are attempted to be unmounted while in use to detect other OS’s on those partitions. This may be safely disabled if you are only running one OS.
/etc/default/grub12GRUB_DISABLE_OS_PROBER=true
update-grub
apt update && apt upgrade
NXDOMAIN Errors in Syslog
This is caused by the systemd resolver not properly resolving local DNS. Resolved in systemd - 239-7ubuntu4, but it is currently not avaliable to install.
mv /etc/resolv.conf /etc/resolv.conf.broken
ls -s /etc/run/systemd/resolve/resolv.conf resolv.conf
Disable IPv6
Disable if IPv6 is not being actively used to prevent any IPv6 misconfiguration attacks.
/etc/sysctl.confnet.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
sysctl -p
reboot
Shadow Passwords
linux hash sha512. Use either the mkpasswd tool or the python script
below to generate a salted, sha512 hash in the correct format for consumption
in /etc/shadow. GPG encrypt this data if storing in configuration
management tools.
mkpasswd.apt install whois
mkpasswd -m sha-512
python3 -c "import crypt, getpass; print(crypt.crypt(getpass.getpass('password to hash: '), crypt.mksalt(crypt.METHOD_SHA512)))"
GRUB CryptFS Password Typo
Unlocked CryptFS on GRUB boot will stall if typo’ing the password. Restart the unlock and boot process without restarting:
cryptomount -a
insmod normal
normal