Since Cygwin doesn’t come with an uninstaller, we need to use commands to remove it.
takeown /r /d y /f C:\cygwin64
icacls C:\cygwin64 /t /grant Everyone:FRemove-Item "C:\cygwin64" -Recurse -ForceQuick lookup on how to secure Windows
Quick cheatsheet which I often use to bring up a Ubuntu machine.
Update
DEBIAN_FRONTEND=noninteractive apt-get update && apt-get upgrade -yMinimal GUI (might not work well on ubuntu 16)
sudo apt-get install --no-install-recommends ubuntu-desktop
sudo apt-get install --no-install-recommends xorg xterm gdm menu gksu synaptic
sudo apt-get install --no-install-recommends gnome-session gnome-panel metacity gnome-terminal indicator-session
sudo apt-get install open-vm-tools-desktop
Coding Environment
# vscode apt
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg
sudo install -o root -g root -m 644 packages.microsoft.gpg /usr/share/keyrings/
sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/vscode stable main" > /etc/apt/sources.list.d/vscode.list'
apt-get update
apt-get install code terminatorVScode Settings
Other Software
apt-get install software-properties-commonFaster
echo "vm.swappiness=1" >> /etc/sysctl.conf
sysctl -pA quick lookup page for me to install softether vpn server on Ubuntu 16.04 since the apt version no longer work properly (17-01-2020)
Original apt version
https://launchpad.net/~paskal-07/+archive/ubuntu/softethervpn
Requirements
apt-get install -y build-essential make gccDownload
wget -O /tmp/softether-vpnserver.tar.gz https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.32-9731-beta/softether-vpnserver-v4.32-9731-beta-2020.01.01-linux-x64-64bit.tar.gzExtract
tar xfz /tmp/softether-vpnserver.tar.gz -C /usr/localCompile
cd /usr/local/vpnserver
makeAdding a service account for softether
sudo useradd --system --no-create-home softetherPermissions
chown -R softether:softether /usr/local/vpnserver
find /usr/local/vpnserver -type f -exec chmod 600 {} \;
find /usr/local/vpnserver -type d -exec chmod 700 {} \;
chmod +x /usr/local/vpnserver/vpncmd
chmod +x /usr/local/vpnserver/vpnserverCreate /etc/systemd/system/softether.service
[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/usr/local/vpnserver/do_not_run
[Service]
Type=forking
TasksMax=16777216
User=softether
Group=softether
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure
# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=/usr/local/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYSLOG CAP_SETUID
[Install]
WantedBy=multi-user.targetAllow vpnserver to bind to local ports despite being run by softether user (non-root)
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/vpnserver/vpnserverStart service
systemctl daemon-reload
systemctl start softether.service
systemctl enable softether.servicePermissions
chown -R root:root /usr/local/vpnserver
find /usr/local/vpnserver -type f -exec chmod 600 {} \;
find /usr/local/vpnserver -type d -exec chmod 700 {} \;
chmod +x /usr/local/vpnserver/vpncmd
chmod +x /usr/local/vpnserver/vpnserverCreate /etc/systemd/system/softether.service
cat > /lib/systemd/system/softether.service << EOF
[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/usr/local/vpnserver/do_not_run
[Service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOFEnable and start the Service
systemctl daemon-reload
systemctl start softether.service
systemctl enable softether.serviceClean up
rm -f /tmp/softether-vpnserver.tar.gz apt-get update
apt-get install -y build-essential make gcc
curl -s https://api.github.com/repos/SoftEtherVPN/SoftEtherVPN_Stable/releases/latest \
| grep "softether-vpnserver.*linux-x64-64bit.tar.gz" \
| cut -d : -f 2,3 \
| tr -d \" \
| wget -O /tmp/softether-vpnserver.tar.gz -i -
tar xfz /tmp/softether-vpnserver.tar.gz -C /usr/local
cd /usr/local/vpnserver
make
chown -R root:root /usr/local/vpnserver
find /usr/local/vpnserver -type f -exec chmod 600 {} \;
find /usr/local/vpnserver -type d -exec chmod 700 {} \;
chmod +x /usr/local/vpnserver/vpncmd
chmod +x /usr/local/vpnserver/vpnserver
cat > /lib/systemd/system/softether.service << EOF
[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/usr/local/vpnserver/do_not_run
[Service]
Type=forking
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start softether.service
systemctl enable softether.service
rm -f /tmp/softether-vpnserver.tar.gz You can find the script in https://github.com/adjscent/softether_installer.
Some of the important openssl commands to create certificates
Environment Variables for Windows Openssl
set OpenSSL_HOME=C:\OpenSSL-Win64
set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfgCreate self-sign certificates short method
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365Create self-sign certificates long method
openssl genrsa -out helloeb.com.key 4096
openssl req -new -sha256 -key helloeb.com.key -out helloeb.com.csr
openssl x509 -req -nodes -days 365 -in helloeb.com.csr -CAkey helloeb.com.key -out sha1.crt -sha256