linux

LXC: create Ubuntu Trusty container

<?php
$URL="https://raw.githubusercontent.com/panticz/lxc/master/create.trusty.sh";
echo "wget -q --no-check-certificate $URL -O - | bash -s";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

Allow root SSH login with password
sed -i 's|PermitRootLogin without-password|PermitRootLogin yes|' /etc/ssh/sshd_config
sed -i 's|PasswordAuthentication no|PasswordAuthentication yes|' /etc/ssh/sshd_config
service ssh restart

DMA (Dragonfly Mail Agent)

# ansible role
https://github.com/panticz/ansible/tree/master/roles/dma

# preconfigure
echo "dma dma/relayhost string mail.example.com" | debconf-set-selections
echo "dma dma/mailname string $(hostname -f)" | debconf-set-selections

# install
apt-get install -y dma

# configure relayhost
echo "user|smarthost:password" >> /etc/dma/auth.conf

# send testmail
echo "This is a test message from ${USER}@$(hostname -f) at $(date)" | /usr/sbin/sendmail foo@exaple.com

Configuration files
# /etc/dma/dma.conf
AUTHPATH /etc/dma/auth.conf
SMARTHOST smtp.example.de

LXC: Installation under Ubuntu / Debian

<?php
$URL="https://raw.githubusercontent.com/panticz/installit/master/install.lxc.sh";
echo "wget --no-check-certificate $URL -O - | bash -";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

# install under Debian Jessie
apt-get install bridge-utils
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/installit/master/install.lxc.sh -O - | bash -s -- -b
#wget http://mirrors.kernel.org/ubuntu/pool/main/l/lxc/lxc_1.0.7-0ubuntu0.2_amd64.deb -P /tmp/
#dpkg -x /tmp/lxc_1.0.7-0ubuntu0.2_amd64.deb /tmp/
#cp -a /tmp/etc/* /etc/

# Check kernel configuration
lxc-checkconfig

LXC: create Debian Jessie container

<?php
$URL="https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh";
echo "wget -q --no-check-certificate $URL -O - | bash -s";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

(re)create container
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh -O - | bash -s -- -f

Allow root SSH login with password
CONTAINER=jessie
sudo lxc-attach -n ${CONTAINER} -- sed -i 's|PermitRootLogin without-password|PermitRootLogin yes|' /etc/ssh/sshd_config
sudo lxc-attach -n ${CONTAINER} -- service ssh restart

Fix DNS
echo nameserver 8.8.8.8 | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf

Default login credentials
user: root
pass: root

FixMe
"Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1346734

Failed to open /dev/autofs: No such file or directory
Failed to initialize automounter: No such file or directory
[FAILED] Failed to set up automount Arbitrary Executable File Formats File System Automount Point.
See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
Unit proc-sys-fs-binfmt_misc.automount entered failed state.

Socket service systemd-udevd.service not loaded, refusing.
[FAILED] Failed to listen on udev Kernel Socket.
See 'systemctl status systemd-udevd-kernel.socket' for details.
Socket service systemd-udevd.service not loaded, refusing.
[FAILED] Failed to listen on udev Control Socket.
See 'systemctl status systemd-udevd-control.socket' for details.

Bugs
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1347020
https://wiki.debian.org/LXC#Incompatibility_with_systemd

Fix DNS
echo nameserver 8.8.8.8 > /var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf

# test
http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation

LXC Containers

# Create Ubuntu 16.04 Xenial LXC container
sudo lxc-create --template ubuntu --name xenial -- template-options -r xenial

# Create Ubuntu 14.04 Trusty LXC container
sudo lxc-create --template ubuntu --name trusty -- template-options -r trusty

# Create Debian 9 Stretch LXC container
sudo lxc-create --template debian --name stretch -- template-options -r stretch

# centos
sudo lxc-create -t centos -n centos -- --release 7

# nested container / docker support
echo "lxc.aa_profile = unconfined" >> /var/lib/lxc/centos/config

Create a restricted user for SSH tunneling

<?php
$URL="https://raw.githubusercontent.com/panticz/scripts/master/create_ssh_tunnel_user.sh";
echo "wget -q --no-check-certificate $URL -O - | bash -";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

Add your public key(s)
cat /tmp/authorized_keys > /home/tunnel/.ssh/authorized_keys
sed -i 's|ssh-rsa|command="/bin/false",no-pty,no-X11-forwarding ssh-rsa|g' /home/tunnel/.ssh/authorized_keys

# parameter
command="/bin/false",no-agent-forwarding,no-pty,no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:80"
no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding

Links
http://www.gnu.org/software/bash/manual/html_node/The-Restricted-Shell.html