Technical Blog

July 17, 2019

Ubuntu on Ubuntu

In an earlier post, we installed Ubuntu 18.04 on a PC that previously ran Windows. In this post, we create a virtual machine which also runs Ubuntu.

Install Virtualization on Host

Before you can do this, you must assure yourself that your host machine is capable of supporting virtualization. This technology is called Virtual Machine Extensions (vmx) on Intel CPUs and Secure Virtual Machine (svm) on AMD CPUs. Determine whether these CPU flags are present by opening a terminal (Ctrl+Alt+t) and issuing the command:

egrep '(vmx|svm)' /proc/cpuinfo

On some computer models, although virtualization is supported by the CPU, it must also be enabled in the BIOS (UEFI). Instructions for reaching the BIOS vary from manufacturer to manufacturer and from model to model. Generally you must tap a specified key just after rebooting while the machine performs its power-on self-test.

When you are sure that your computer will support KVM, you can install the packages:

• qemu-kvm Quick Emulator (QEMU) for virtualization
• libvirt-bin programs for the libvirt library
• bridge-utils utilities for bridged networking
• virt-manager graphical user interface (GUI) for managing virtual machines

To install these packages, issue the command:

sudo apt install qemu-kvm libvirt-bin bridge-utils virt-manager

To allow yourself to manage virtual machines as a non-root user, add yourself to the relevant groups:

sudo usermod -a -G libvirt,libvirt-qemu yourusernamegoeshere

You will need to log out and log in again for the group changes to be effective.

Now download the ISO file for the most recent Long Term Support (LTS) version of Ubuntu Desktop from the Ubuntu website. In the case of a virtual machine, there is no need to burn the ISO file to a USB memory stick. It can remain as an ISO file. It will have a name that resembles ubuntu-18.04.2-desktop-amd64.iso.

From the Ubuntu applications menu, search for and launch Virtual Machine Manager. Right click on the line for the QEMU/KVM connection. Select Details. Check the Virtual Networks tab for the virbr0 virtual network in state Active, with autostart On Boot. Then close the connection details window.

Create Ubuntu Guest

Now create your new virtual machine.

1. On the File menu, select New Virtual Machine.
2. Choose Local install media. Click Forward.
3. For the ISO image, click Browse.
4. Click Browse Local.
5. In your Downloads directory, select your Ubuntu ISO file, and click Open.
6. The Virtual Machine Manager automatically detects that this is Linux Ubuntu 18.04 LTS. Click Forward.
7. Choose 2048 MB of RAM. Choose either 1 or 2 CPUs, depending on how many you have available. You must not use all your CPUs for the virtual machine! Click Forward.
8. Make the disk image size 15 GB, or more if you think you will need more. Click Forward.
9. Give the guest machine a name, e.g. guest. Click Finish.

The Ubuntu installer then launches. Installing Ubuntu on the guest will be very similar to when you installed Ubuntu on the host.

1. The first screen offer the choice between trying Ubuntu and installing Ubuntu. You can change the installer language in the left pane. When you have made your choice, click Install Ubuntu.
2. Next, choose your keyboard layout, and click Continue.
3. On the screen for updates and other software, we want the host to be as minimal as possible. Select Minimal Installation. Uncheck Download updates while installing Ubuntu. Check the option to install third party or proprietary graphics and wifi software. Click Continue.
4. The installation type will normally be the one that erases the disk and installs Ubuntu. If you want full disk encryption, check the box to encrypt the new Ubuntu installation for security. Click Install Now.
5. If you chose to encrypt the new Ubuntu installation, the next screen will ask you to choose a security key for disk encryption. You will need to enter this security key, as well as your normal login password, every time you start Ubuntu. Click Install Now.
6. When you are asked if you want to write these changes to disk, assuming you understand the effects of this, click Continue.
7. The Where are you screen asks you to pick a timezone from a world map. When you have done so, click Continue.
8. The next screen asks you for your name, your computer name, your username, and your password. When you have filled in these fields, click Continue.
9. The installation now begins. This can take an hour or more, depending on your computer.
10. At the end of the installation, you are prompted to click the button Restart Now.

In Virtual Machine Manager, do View then Details. Select IDE CD ROM 1. You should see your Ubuntu ISO. Click Disconnect. Then do Virtual Machine > Shut Down > Force Off.

Press the green start arrow for your virtual machine. The Ubuntu guest machine now boots for the first time.

Once the reboot is done, you are prompted to click on your username and enter the password you chose during installation.

There are some initial What's new in Ubuntu screens to click through the first time you use a new system. When asked if you want to send information to Canonical, select No, and press Next. At the end of the what's new screens, click Done.

Open Ubuntu settings, and go to the Privacy tab.

• Turn off Usage & History.
• Turn on Purge Trash & Temporary Files, and set both to automatically purge after 1 hour.
• Turn off Connectivity Checking unless you want to connect to a network that requires periodic keep-alive packets.

Open the applications menu and search for Software & Updates.

1. Select the Updates tab.
2. Change Automatically check for Updates to Never.
3. You will need to enter your password and click Authenticate.
4. Click Close.

Now open the terminal emulator (Ctrl+Alt+t) and completely update the system by issuing these commands:

sudo apt update

sudo apt upgrade

sudo apt dist-upgrade

sudo apt autoremove

Set up the firewall with the commands that follow. All unsolicited input will be blocked. We will, though, allow SSH on port 22 from the host machine.

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

sudo iptables -A INPUT -i lo -j ACCEPT

sudo iptables -A INPUT -p tcp --dport 22 -s 192.168.122.0/24 -j ACCEPT

sudo iptables -P INPUT DROP

If your network is IPv6 enabled, also close the IPv6 firewall:

sudo ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

sudo ip6tables -A INPUT -i lo -j ACCEPT

sudo ip6tables -P INPUT DROP

Persist these changes after reboots:

sudo apt install iptables-persistent

Install and start the SSH server on the guest to allow connections from the host:

sudo apt install openssh-server

Close the terminal emulator window.

We will now harden the security options on Firefox. Open Firefox, click the Firefox hamburger menu, and select Preferences.

• On the Home page:
  • Set both the home page and the new tabs page to blank.
  • Uncheck all the home page content options.
• On the Search page:
  • Uncheck search suggestions.
• On the Privacy & Security page:
  • Check the option to delete cookies and site data when Firefox closes.
  • Uncheck the option to save logins and passwords for websites.
  • Set the History option to never remember history. This causes Firefox to restart.
  • Once you have reopened Firefox, go back to where you were, and uncheck all the Address Bar suggestions.
  • Uncheck the options for Firefox Data Collection and Use.
  • Uncheck the options for Deceptive Content and Dangerous Software Protection, since this may send out data on the Internet.

To disable WebRTC:

1. Enter about:config in the address bar, and press Enter.
2. Click the button I accept the risk.
3. Type media.peerconnection.enabled in the search bar, and press Enter.
4. Double-click the row for media.peerconnection.enabled. The value changes from true to false.
5. WebRTC is now disabled in Firefox.

You can add further privacy and security extensions to Firefox from the Add-ons menu. Some useful ones to add are:

• NoScript
• uBlock Origin