PMA-65 and PMA-85 quick start guide

From wiki.comcert.com
Revision as of 20:19, 11 November 2017 by Bert (talk | contribs)
Jump to navigation Jump to search

Introduction

There are no software or configuration differences between the PMA-65 and PMA-85 appliances.

Both solutions are build on a hardened distribution of CentOS 7 64-bit Linux Operating System. We are using Kernel-based Virtual Machine (KVM) as virtualization platform.

 

Access to the appliance

 

 

The appliance is accessible through SSH using your favorite terminal emulator. The appliance ships with two predefined user accounts, root and comcert. The comcert user is reserved for COMCERT staff members. The root user is granted rights sufficient for all operations.

 # ssh -l root <IPaddressPMA-65>

Access to the virtual machines

The virtual machines running on this appliance are accessible through SSH, HTTP and VNC.

  • SSH
# ssh -l TVadmin <IPaddressTVC>
# ssh -l TVadmin <IPaddressTVF>
  • HTTP

https://<IPaddressTVC>

https://<IPaddressTVF>

  • VNC

Console vTVC <IPaddressPMA-65>:9801

Console vTVF <IPaddressPMA-65>:9802

 

Reboot / Halt appliance

 

 

Shutdown the instance properly:

[TVadmin@vtvc ~]$ sudo su -
Last login: Fri Oct  7 19:26:23 UTC 2016 on pts/0
[root@vtvc ~]# shutdown -h now
[TVadmin@vtvf ~]$ sudo su -
Last login: Fri Oct  7 19:26:23 UTC 2016 on pts/0
[root@vtvf ~]# shutdown -h now

Verify the instances are powered off:

[root@appliance ~]# virsh list --all
 

Now it is safe to shut down the appliance:

[root@appliance ~]# shutdown -h now

Now it is safe to reboot the appliance:

[root@appliance ~]# shutdown -r now

The instances are started automatically when the appliance boots.

 

Disable SSH login for root user

A best practice is to disable the SSH login for the root user account. In the example found below we create a user account named customer with the password s3cure!:

Add the user. In the following example, we will use the user name customer. The command adduser will automatically create the user, initial group, and home directory.

[root@appliance ~]# adduser customer
[root@appliance ~]# id customer
uid=1001(admin) gid=1001(customer) groups=1001(customer)
[root@appliance ~]# ls -lad /home/customer/
drwx------ 2 customer customer 4096 Jun 25 16:01 /home/customer/

Set the password for the customer user. When prompted, type and then retype the password.

[root@appliance ~]# passwd customer
Changing password for user customer.
New UNIX password: s3cure!
Retype new UNIX password: s3cure!
passwd: all authentication tokens updated successfully.
[root@appliance ~]#

For sudo permissions for your new admin user, use the following command.

[root@appliance ~]# usermod -aG wheel customer

SSH to the server with the new admin user and ensure that the login works.

[root@appliance ~]# ssh -l customer <IPaddressPMA-65>
customer@<IPaddressPMA-65>'s password: s3cure!
[customer@appliance]#

Verify that you can su (switch user) to root with the admin user.

[customer@appliance ~]$ sudo su -
Password: s3cure!
[root@appliance ~]$ whoami
root

To disable root SSH login, edit /etc/ssh/sshd_config with your favorite text editor.

[root@appliance ~]# vi /etc/ssh/sshd_config

Change this line:

#PermitRootLogin yes

Edit to this:

PermitRootLogin no

Ensure that you are logged into the box with another shell before restarting sshd to avoid locking yourself out of the server.

[root@appliance ~]# systemctl restart sshd
[root@appliance ~]#

You will now be able to connect to your server via ssh with the customer user and then use the command sudo su - to switch to the root user.