Ubuntu 18.04 in Azure – Pt. 1: Setup and A/V

Getting this server running this blog I’m typing on now was the culmination of a few different blogs scattered around the good ol’ interwebz. This will be my combination of the steps to achieve where I am today.

Step 1 – Create Azure VM

Not going to spoonfeed creating a virtual machine in Azure. There are plenty of other blogs around for that.

This VM is using the default recommendation of 2vCPU, 8GB of RAM with 30GB HDD. I did select HDD to help reduce costs for the VM seeing as it is just a blog, largely static.

I selected Ubuntu 18.04 as the OS to install and allowed SSH, 22, inbound from everywhere initially using the Setup Wizard.

Rather than mess with IP-based access rules, since I am on a dynamic IP, I choose to just disable SSH whenever I am not actively using it. This also helps to completely eliminate brute-force risks.

As another tinfoil-hat-esque security measure, create a custom non-root username that is equally difficult to guess as its password; assuming you’re not using certificate-based SSH.

Step 2 – Update Ubuntu 18.04

In true Microsoft fashion, like Windows 10 telling you “looking for updates…installing updates” then greeting you with a Feature Update on first boot, a new Ubuntu 18.04 server still requires updates. Run the obligatory sudo apt update && upgrade -y command and let it run. Go grab a coffee…or a cider!

Downeast Original Blend Cider

Step 3 – Install A/V

Seeing as I do work for ESET, and they are the ones footing the bill for this Azure instance, I would be remiss if I did not install our newest release for testing. That way I can say these resource I’m hogging for my new, top-of-the-charts blog are “for research purposes”. #GameTheSystemKids

wget https://download.eset.com/com/eset/apps/business/era/agent/latest/agent-linux-x86_64.sh
chmod +x ./agent-linux-x86_64.sh
sudo ./agent-linux-x86_64.sh \
–skip-license \
–hostname=<ESMC FQDN Here> or <ESMC IP Here>
–port=2222 (default, change accordingly) \
–webconsole-user=Username \
–webconsole-password=Password \
–webconsole-port=2223 (default, change accordingly)

If all values are correct, confirm the server-provided certificate and complete the install of the management agent.

Since ESET File Security for Linux 7.x is not yet released to the installation repository, we must install it manually.
wget https://download.eset.com/com/eset/apps/business/efs/linux/latest/efs.x86_64.bin
chmod +x ./efs.x86_64.bin
sudo ./efs.x86_64.bin

Complete the install as prompted. Make note of the provided Username:Password combination at completion of install. Due to a known issue, the password cannot be changed by policy so definitely make a note of it. The password can be changed locally within the WebUI after install but you need that initial password for first-time login.

That’s it for Part 1.