Additional Ubuntu Fixes

Make RAW Disk Image of Physical Disk

DD can be used to make a RAW image of a disk, and can be mounted in other linux systems for use.

Copy disk block device to a file.

dd if=/dev/{BLOCK} of=/some/filesystem/{IMAGE}.raw bs=1M conv=noerror,sync status=progress

Mount RAW disk image for use.

losetup -f -P /some/filesystem/{IMAGE}.raw
losetup -l
mount /dev/loop0p1 /mnt/test/
umount /dev/loop0p1
losetup -d /dev/loop0

Grub OS Prober

Grub will throw the following error on 4.9+ Kernels running VM’s on block devices or ZFS during normal upgrades:

device-mapper reload ioctl on osprober-linux

These devices are attempted to be unmounted while in use to detect other OS’s on those partitions. This may be safely disabled if you are only running one OS.

0644 root root /etc/default/grub

GRUB_DISABLE_OS_PROBER=true

Update GRUB to apply changes and restart apt updates.

update-grub
apt update && apt upgrade

NXDOMAIN Errors in Syslog

This is caused by the systemd resolver not properly resolving local DNS. Resolved in systemd - 239-7ubuntu4, but it is currently not avaliable to install.

The workaround is to redirect the systemd resolver to the resolver specified from DHCP.

mv /etc/resolv.conf /etc/resolv.conf.broken
ls -s /etc/run/systemd/resolve/resolv.conf resolv.conf

Disable IPv6

Disable if IPv6 is not being actively used to prevent any IPv6 misconfiguration attacks.

0644 root root /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

sysctl -p
reboot

Shadow Passwords

linux hash sha512. Use either the mkpasswd tool or the python script below to generate a salted, sha512 hash in the correct format for consumption in /etc/shadow. GPG encrypt this data if storing in configuration management tools.

Using mkpasswd.

apt install whois
mkpasswd -m sha-512

Python 3 version.

python3 -c "import crypt, getpass; print(crypt.crypt(getpass.getpass('password to hash: '), crypt.mksalt(crypt.METHOD_SHA512)))"