Category: Linux

First, we’ll use PowerShell to create your new Hyper-V VM. You’ll need to edit the variables at the top of this script (in bold) – note the size of the OS disk will be 32GB, you can change this, but will need to adjust partition layout / sizes accordingly.

# Change text in BOLD
$vmname = "DEBIAN" # Desired Virtual Machine Name
$vmpath = "E:\" # Root folder for Hypver-V VM (a folder will automatically be created for the VM itself)
$virtual_switch = "vSwitch" # Hypver-V Host vSwitch name to connect VM to
$netboot_iso = "C:\Users\chris\Downloads\debian-8.6.0-amd64-netinst.iso" # Debian Net Install ISO Path

# Create a new VHD:
New-VHD –Path "$vmpath\$vmname\Virtual Hard Disks\$vmname.vhdx" –SizeBytes 32GB –Dynamic –BlockSizeBytes 1MB

# Create the new VM:
New-VM -Name $vmname -MemoryStartupBytes 4096MB -Generation 2 -VHDPath "$vmpath\$vmname\Virtual Hard Disks\$vmname.vhdx" -SwitchName $virtual_switch
Add-VMDvdDrive $vmname 
Set-VMDvdDrive -VMName $vmname -Path $netboot_iso

# Disable secureboot the vm (will not boot from ISO without this):
Set-VMFirmware -VMName $vmname -EnableSecureBoot Off

# Disable Dynamic Memory (not supported by Debian):
Set-VMMemory $vmname -DynamicMemoryEnabled $false

# Now, power on the machine.
Start-VM -Name $vmname

Now, connect to the VM via the Hyper-V console and proceed to load the Debian setup wizard. Continue through the wizard until you are prompted to configure partitions / storage; at this point breakout to a new console (Ctrl-Alt F1).

Now we’ll manually define our partitions / desired filesystem based on the latest Microsoft recommendations here. Above, we created a 32GB VHD – if you changed this figure, change the commands below to suit. Where I have written “<default>” just hit enter. Note, you will wipe the drive this partition layout is applied to, you do this at your own risk.

Desired partition layout:

• UEFI System Boot : 512MB
• root / – ext4: 27GB
• swap : <remaining space>

From your new console, use these commands:

fdisk /dev/sda
g
p
	n
	1
	<default>
	+512M
	t
	1

	n
	2
	<default>
	+27G

	n
	3
	<default>
	<default>
	t
	3
	14
w

Now, switch back to the Debian setup wizard and select “manual” for disk configuration / partitioning, then select each of the partitions and configure as below:

Partition 1: use as: UEFI System Partision (ESP)
Partition 2: use as: ext4, mount point "/"
Partition 3: use as: swap

Complete the installation as normal – you’re all done.

I ran into some issues running Debian 8.6 on Hyper-V recently – my VM would run out of memory, run through a series of activities kill processes to try and self-heal and then, eventually, lock up entirely.

On reviewing the syslog I started to understand what was going on – the system was running out of memory:

sudo cat /var/log/syslog | grep memory

It looked as if, for whatever reason, wfica (the Citrix Receiver Client) couldn’t be “completely” killed to free-up memory; once killed more processes seemed to spawn which in turn would be killed, leading to more processes. Eventually more important system processes were killed to try and free-up memory:

Sep 30 11:42:15 debian kernel: [55556.844790]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 11:42:15 debian kernel: [55556.844978] Out of memory: Kill process 9405 (clamd) score 72 or sacrifice child
Sep 30 11:52:15 debian kernel: [56156.791644]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 11:52:15 debian kernel: [56156.791823] Out of memory: Kill process 8831 (wfica) score 30 or sacrifice child
Sep 30 11:52:15 debian kernel: [56156.792333]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 11:52:15 debian kernel: [56156.792498] Out of memory: Kill process 8834 (threaded-ml) score 30 or sacrifice child
Sep 30 12:02:16 debian kernel: [56757.847752]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 12:02:16 debian kernel: [56757.848397] Out of memory: Kill process 8853 (wfica) score 31 or sacrifice child
[...]
[...] # many more wfica processes killed, different PIDs
[...]
process 9238 (wfica) score 45 or sacrifice child
Sep 30 13:52:39 debian kernel: [63381.448595]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 13:52:39 debian kernel: [63381.448762] Out of memory: Kill process 1147 (dropbox) score 18 or sacrifice child
Sep 30 13:53:17 debian kernel: [63419.152094]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 13:53:17 debian kernel: [63419.152256] Out of memory: Kill process 8655 (shutter) score 10 or sacrifice child
Sep 30 13:53:21 debian kernel: [63423.078535]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 13:53:21 debian kernel: [63423.078699] Out of memory: Kill process 1071 (Xvnc) score 10 or sacrifice child
Sep 30 13:57:26 debian kernel: [63666.800723]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 13:57:26 debian kernel: [63666.800914] Out of memory: Kill process 852 (lightdm-gtk-gre) score 3 or sacrifice child
Sep 30 13:57:26 debian kernel: [63666.820658]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 13:57:26 debian kernel: [63666.820787] Out of memory: Kill process 581 (Xorg) score 2 or sacrifice child
Sep 30 13:57:26 debian kernel: [63668.058072]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 13:57:26 debian kernel: [63668.058324] Out of memory: Kill process 501 (freshclam) score 0 or sacrifice child
Sep 30 13:57:26 debian kernel: [63668.065610]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 13:57:27 debian kernel: [63668.065906] Out of memory: Kill process 3727 (AuthManagerDaem) score 0 or sacrifice child
Sep 30 13:57:29 debian kernel: [63668.256015]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 13:57:29 debian kernel: [63668.256217] Out of memory: Kill process 9143 (AuthManagerDaem) score 0 or sacrifice child
Sep 30 13:57:29 debian kernel: [63668.872898]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 13:57:30 debian kernel: [63668.873008] Out of memory: Kill process 192 (systemd-journal) score 0 or sacrifice child
Sep 30 13:57:30 debian kernel: [63669.939297]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 13:57:30 debian kernel: [63669.939437] Out of memory: Kill process 552 (polkitd) score 0 or sacrifice child
Sep 30 13:57:30 debian kernel: [63669.943290]  [<ffffffff81142f43>] ? out_of_memory+0x473/0x4b0
Sep 30 13:57:30 debian kernel: [63669.943387] Out of memory: Kill process 502 (NetworkManager) score 0 or sacrifice child

In terms of cause, this was simple, Debian 8 doesn’t support Hyper-V Dynamic Memory: https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/supported-debian-virtual-machines-on-hyper-v

However, this got me thinking, coming from a Windows background, about how to monitor / review consumption of resources.

To view memory consumption, by process, sorted high > low:

top -o %MEM

Review syslog for out of memory events:

sudo cat /var/log/syslog | grep memory

To view virtual memory consumption:

vmstat

To view CPU utilisation, by process, sorted high > low:

top -o %CPU

To view disk utilisation:

sudo apt-get install sysstat
iostat -d #for physical disks
iostat -N #for LVM

[more to come]

If you’re enabling RDP support, or other services on a Debian Linux machine that you want to connect to from a remote device, a static IP is an obvious requirement (be-that, ideally, a DHCP reservation or manually configured IP).

Considering I couldn’t opt for a DHCP reservation for my home set-up (long story) I went for a manually configured IP address, using the commands / configuration files below.

Edit /etc/network/interfaces:

sudo vi /etc/network/interfaces

   auto eth0
    iface eth0 inet static
        address 192.168.1.249
        netmask 255.255.255.0
        gateway 192.168.1.1

Edit resolv.conf:

sudo vi /etc/resolv.conf 

   nameserver 192.168.1.1

I found that after this change, in order for Network Manager to “release” control of the interface, I had to restart the device – I’m sure there is a better solution, let me know if you find one…

One annoyance I’ve had since using Debian 8 / Firefox was that every time I pressed the middle-mouse button and tried to scroll on a web page I’d get a new page load, or nothing would happen.

This was a Firefox-specific issue, that can be resolved by configuring as below in about:config:

Setting: general.autoScroll
Set to: True

Setting: middlemouse.contentLoadURL
Set to: False

I was surprised to find that sudo was not installed by default on Debian 8 as it is with Ubuntu. You can debate whether the root account should, or should not be enabled however, I would recommend the use of sudo for audit logging the use of elevated privileges.

Install sudo itself using the command:

apt-get install sudo

Now add your personal account to the sudo group

adduser <username> sudo

You’ll need to either logoff or reload your groups.

Should you chose to disable the root account itself, use the following commands:

sudo passwd -l root
usermod --expiredate 1

Firefox has recently become my go-to browser of choice, not becuase of speed, but because of privacy – more to come on this subject at a later time.

Having established a configuration I am happy with – following guides on sites such as privacytools.io – I like to be sure no add-ons or Firefox updates can reset the configuration, so I opt for locked preferences. More information from Mozilla on this here.

To lock preferences on Debian, you’ll need to create two files as outlined in the Mozilla article – mozilla.cfg and local-settings.js.

mozilla.cfg

//
lockPref("privacy.trackingprotection.enabled", true);
lockPref("geo.enabled", false);
lockPref("browser.safebrowsing.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("dom.event.clipboardevents.enabled", false);
lockPref("network.cookie.cookieBehavior", 1);
lockPref("network.cookie.lifetimePolicy", 2);
lockPref("browser.cache.offline.enable", false);
lockPref("browser.send_pings", false);
lockPref("webgl.disabled",true);
lockPref("dom.battery.enabled", false);
lockPref("browser.sessionstore.max_tabs_undo", 0);
lockPref("media.peerconnection.enabled", false);
lockPref("media.peerconnection.turn.disable", true);
lockPref("media.peerconnection.use_document_iceservers", false);
lockPref("media.peerconnection.video.enabled", false);
lockPref("media.peerconnection.identity.timeout", 1);
lockPref("browser.search.suggest.enabled", false);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("signon.rememberSignons", false);

local-settings.js

pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");

Now copy these files to the required directories, close and open Firefox.

cp mozilla.cfg /usr/lib/firefox-esr/
cp local-settings.js /usr/lib/firefox-esr/defaults/pref/

/ The below is now “obsolete,” in my opinion – it will work, however,  you will not get sound redirection and performance is not as good as it can be due to this solution being routed over VNC. Check out my more-recent guide on using x11rdp, here.

As an avid, die-hard Windows user I struggle to make the move to VNC considering how fast RDP is in comparison. When I discovered it was possible to enable RDP support on Debian, I quickly set-to.

Install XRDP on Debian

This wil both install and configure XRDP:

sudo apt-get install xrdp

Fix Key-Mapping Issues

There is one “bug” with key-mapping that requires a custom key-map file to be used with XRDP specifically, the below is for en-GB / UK keyboards – save the below as km-0809.ini – see last step after text file contents!

First, some background – in a recent attempt to get a better handle on Internet privacy I began to look at various areas from mobile operating systems, browsers to the network I was connecting to the Internet from, and the various risks all entailed. In terms of my local network I was intrigued to better understand the “health” of devices on that network, and any risks they exposed.

I started to re-visit the use of Linux, and initially rediscovered Kali Linux “2016.2.” This proved to be a nightmare within a Hyper-V machine – a memory leak consumed all available host memory (12GB) in a couple of days, plus an “apt-get dist-upgrade” resulted in a failure of Xfce on boot… all I wanted was a vulnerability scanner, not a headache! Sadly, getting OpenVas running on Kali is very easy – see here.

My next port of call was Ubuntu, however, from a privacy perspective this proved less than ideal, so I opted for a distro I had not used for many years in its original form, Debian – specifically Debian 8, or Jessie.

Apache Usefull .htaccess Configurations

I came across the following useful .htaccess configuations over at https://github.com/h5bp/html5-boilerplate/blob/master/.htaccess#L169.