How to Install VirtualBox on Ubuntu 16.04

Reading Time: 3 minutes

What is a VirtualBox?

This is handy when you need to run software that is only available on one Operating System, for example, if you wanted to run Windows software on your Ubuntu computer or vice versa. The only limitations are RAM and disk space for running each virtual machine.

There are two open source options for VirtualBox, one from Ubuntu and the other from Oracle. For this tutorial, we will give you the steps to installing the Oracle option as it is the industry standard. If you have any questions regarding these steps we advise reviewing Oracle’s excellent documentation.

Requirements for Oracle’s VirtualBox

You will need at least 512MB of RAM to run a different Operating System, but likely you will want a lot more say, 2 to 3G of RAM and in general, the more RAM you have, the better the performance of the virtual machine. You will also want to check the minimum RAM requirements of the guest operating system. For any Windows distribution, you will want at least 2G of RAM just for the virtual machine.

This also assumes you have a relatively new processor for your server or computer. As for the disk space, this will also vary based upon the distribution that you are using. VirtualBox itself is rather small needing only around 30M of space, but the files for the distribution will vary. For example, with a Windows 10 installation, it’s possible to need more than 10G of disk space. Depending on what you are hoping to do with the virtual machine will determine what size of hard disk you will need on your server, but 150G is a good size to make sure you have room to grow. In short, while you can do with less regarding VirtualBox, it’s best to add some wiggle room for growth and workability.

 

Installing Oracle VirtualBox

To start the installation, SSH into your computer and open a terminal as root, then follow these steps:

  1. First, open the following file with your favored text editor (in this example we’ll use vim)

vim /etc/apt/sources.list

  1. At the bottom of the file add this line of text:

deb https://download.virtualbox.org/virtualbox/debian xenial contrib

And save the file by typing in

:wq

  1. Then we need to download the public key by running this command:

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -

  1. Then you just run the following command to install:

sudo apt-get update
sudo apt-get install virtualbox-6.0

 

Running the Virtual Machine

Normally you use the VirtualBox Graphical User Interface (GUI) to manage your virtual machines, but a server does not have a desktop environment/graphics card to use the GUI. Fortunately, VirtualBox comes with a tool called VBoxHeadless that allows you to connect to the virtual machines over a remote desktop connection, so there’s no need for the VirtualBox GUI.

When starting the process of creating a new virtual machine, it’s beneficial to begin with the help command to see where you want to go:

VBoxManage --help

And from here you have officially installed VirtualBox on your server.

 

Additional Steps for Adding a Virtual Machine

There are the basic commands you will need to use to create a virtual machine on the server . In this example, you will create a Windows XP Virtual Machine on your Ubuntu 16.04 server.  And with that, we’ll start a new virtual machine called Windows XP which will run its namesake, Windows XP.

  1. First, create the virtual machine itself

VBoxManage createvm --name "Windows XP" --ostype WindowsXP --register

  1. Then make sure the virtual machine has required resources for the operating system, if you are unsure of the minimum requirements for your guest operating system (the virtual machine that you will be installing), its best to check these in the official documentation. In this case, we are adding 4G of RAM to be sure we have plenty of RAM to work with.

VBoxManage modifyvm "Windows XP" --memory 4096 --acpi on --boot1 dvd --nic1 nat

  1. Next create a virtual hard disk for the Operating system, in this case, 10G:

VBoxManage createhd --filename "WinXP.vdi" --size 10000

  1. Add an IDE Controller to the new virtual machine

VBoxManage storagectl "Windows XP" --name "IDE Controller"
 --add ide --controller PIIX4

  1. Set the VDI file you created as the first virtual hard disk of the new virtual machine:

VBoxManage storageattach "Windows XP" --storagectl "IDE Controller"
--port 0 --device 0 --type hdd --medium "WinXP.vdi"

  1. Attach the ISO file that contains the operating system installation. You will want to install this later for the virtual machine to boot from.

VBoxManage storageattach "Windows XP" --storagectl "IDE Controller"
--port 0 --device 1 --type dvddrive --medium /full/path/to/iso.iso

  1. Enable the VirtualBox Remote Desktop Extension, the VRDP server, as follows:

VBoxManage modifyvm "Windows XP" --vrde on

  1. Start the virtual machine using the VBoxHeadless command:

VBoxHeadless --startvm "Windows XP"

If you are looking to install VirtualBox on a server, we advise looking into our VPS products which are perfect for all your server needs. Our managed products come with our 24/7 tech support from level 3 technicians and our 100% uptime guarantee.

 

Setup a Development Environment for CentOS using cPanel

Reading Time: 4 minutes

Editing a website’s code is often needed to update a site, but doing this to the live website could create downtime and other unwanted effects. Instead, its ideal to create an environment especially for developing new ideas.  In this tutorial, we will explore creating a development site specifically for CentOS servers. Continue reading “Setup a Development Environment for CentOS using cPanel”

Setup a Development Environment in Ubuntu

Reading Time: 4 minutes

Often we want to edit our domain’s code, but on a production website, this can be dangerous. Making changes to the production site would not only allow all of the Internet to see unfinished changes but could also cause errors to display. As a workaround, we’ll create a testing domain or “dev” domain to work out any bugs and changes to the site.

As a warning, this is advanced technical work. It’s possible to make mistakes and cause downtime on your live domain. If you are not 100% confident, it may be a good idea to hire a system admin or developer to copy the domain for you.

Continue reading “Setup a Development Environment in Ubuntu”

SSL vs TLS

Reading Time: 4 minutes

You may have first heard about TLS because your Apache service needed to be secured using TLS for a PCI scan (Payment Card Industry: PCI scans are a standard to ensure server security for credit card transactions). Or maybe you noticed that your SSL also mentions TLS when you are ordering the certificate. Beyond where you heard the names, the question is, what is this mysterious TLS in relation to SSL and which of the two should you be using? Continue reading “SSL vs TLS”

Whitelisting in ModSecurity

Reading Time: 6 minutes

Broken down into two parts our article’s first section hits on “how to whitelist IPs or URIs,” for people who are somewhat familiar with ModSecurity but want to know further about the process. Our second section examines why we configure ModSecurity and how to prevent the security of the server from getting in the way of our work. If you have a Fully Managed Liquid Web server reach out to our Heroic Support team for assistance with whitelisting!

How to Whitelist IPs or URIs

“ModSecurity is a toolkit for real-time web application monitoring, logging, and access control.” (modsecurity.org).  In simple terms, this means that ModSec, also called mod_security or ModSecurity, is a web application firewall that can actively look for attacks to the system and stop malicious activity. However, sometimes these rules trigger when legitimate work is taking place, blocking your IP and stopping you or your developer’s until you can remove the IP block. The way around for being blocked is known as whitelisting, which essentially allows for a specific IP to access the server.   There are a few ways to whitelist a request in ModSec, either by IP or by URI (URIs are specific pages on the website). 

Getting Started

  1. Find your IP or ask your developer for theirs. (You can find this by going to ip.liquidweb.com)If you or your developer have a static IP (one that will not change), one way you can whitelist the ModSec rules is by IP.
  2. Find the ModSec error in the Apache error logs with the following command (Be sure to modify the command with your IP in place of “IP here.”):
    grep ModSec /usr/local/apache/logs/error_log | grep “IP here”.
  3. The output of this command will give you a list of hits for ModSecurity from you or your developer’s IP, which you can see below. While this looks intimidating, you will only want to pay attention to 3 bits of information highlighted.  Please note, the output will not show these colors when you are viewing the files.
Note
Blue = client, the IP which tripped the rule
Red
= ID number of tripped rule within ModSec
Green = URI, the location where the error started from

[Fri May 25 23:07:04.178701 2018] [:error] [pid 78007:tid 139708457686784] [client 61.14.210.4:30095] [client 61.14.210.4] ModSecurity: Access denied with code 406 (phase 2). Pattern match "Mozilla/(4|5)\\\\.0$" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec2.liquidweb.conf"] [line "109"] [id "20000221"] [hostname "67.227.209.163"] [uri "/db/index.php"] [unique_id "WwjPWChxvG1CO4kz-D55eQAAACU"]

 

Whitelist By IP:

1. Once you have the correct ModSec error, you will need to edit the ModSec configuration. If you are using Easy Apache 4 you will find the configuration file with this path:
/etc/apache2/conf.d/modsec2/whitelist.conf

2. Open the file with your favorite text editor, such as vim, nano, or file manager like so:

vim /etc/apache2/conf.d/whitelist.conf

3.  The blue text above will be the IP address that you are whitelisting from the original error. You must keep the backslashes (\) and up-carrot (^) in order for the IP to be read correctly. Thus it will always look something like:

“^192\.168\.896\.321”

For for the id, noted in red, you will change the number after the colon, which will be the Apache error log like we saw above. This will look similar to:

Id:2000221

Add the following code with the colored sections edited to match your intended IP.SecRule REMOTE_ADDR "^64\.14\.210\.4" "phase:1,nolog,allow,ctl:ruleEngine=off,id:20000221"

 

Whitelist By URI:

If your IP is dynamic (changing) and you keep getting blocked in the firewall, it is best to whitelist it via URI, the yellow item in the ModSec error.

1. Begin by opening the Easy Apache 4 configuration file:

vim /etc/apache2/conf.d/whitelist.conf

2. Add the following text to the configuration. Remember to pay attention to the highlighted parts.  Change the yellow “/db/index.php” to match your URI and the red id to match the id of your error (Do not use the colon in this one).

<LocationMatch "/db/index.php">
SecRuleRemoveById 20000221
</LocationMatch>

3. The final step for whitelisting, before you finalize the process, is to ensure you have correctly set up the whitelist. For Easy Apache 4 you will run the command:
apachectl -t

As long as the command returns “Syntax Ok” you are safe to make the whitelist active by restarting Apache. Otherwise, review the whitelists to make sure the syntax matches up correctly with the above directions.

4. Lastly, restart Apache with the following command.

/scripts/restartsrv_httpd

You have successfully whitelisted yourself in ModSec!

 

Using ModSec

Cyber Security is a hydra; once one threat is cut off, two more grow back. While this is not a new analogy, it’s important to understand as we battle threats to our network, computers, and servers. With all the complexities that come with security, I want to talk about adequately configuring ModSec to deter threats while still allowing you to work on your websites. Often, when it comes to server security, too much protection can hinder effectiveness.

For example, say you have the following set up on your server:

  • You do not allow root SSH login to the server
  • utilize dual-factor authentication for any SSH logins
  • use an SSH key for the sudo user and require other security safeguards

While this type of configuration is secure, it takes longer to log into your system to make a quick edit to your settings, a double-edged sword; how can you keep the server safe while not tying your own hands?  A great example of how this plays out is using ModSec.

ModSec can block your IP if it falsely flags your work. While this module improves system security, you’ll need to be aware of properly implementing and “scoping” the technology. Scoping in this sense means to manage risks, the focus of what is important for security while still allowing work on the server with minimal interference. To tune out legitimate requests to your server, such as when you are editing your website’s code via a plugin, ModSec has the options to whitelist rules or IPs and keep your work on track.

Whitelisting an IP from the rules that ModSec follows is a great option so long as the IP never changes (i.e. a static IP, see article here to learn more https://support.google.com/fiber/answer/3547208?hl=en) and is limited to only people you trust. This method prevents ModSec from viewing your requests as malicious and blocking your IP. This practice has the drawback that if someone (say an unhappy employee) has access to your network, they now have a way around ModSec to attack your server.

With non-static (dynamic) IPs the problems of whitelisting an IP are readily apparent. With the continual change of a dynamic IP, it creates the potential of exploiting your server, as someone could use an old IP to access the server. Whitelisting specific rules comes to save the day! When you whitelist by rules, you can edit with granularity and limit the rules to particular domains and URIs, protecting the rest of the server from attacks related to that same rule!

Example of ModSecurity

ModSec reads a series of rules and applies them to incoming requests being made to the web server. An example of what a block looks like is:

[Sat Jun 30 02:21:56.013837 2018] [:error] [pid 79577:tid 139862413879040] [client 120.27.217.223:24397] [client 120.27.217.223] ModSecurity: Access denied with code 406 (phase 2). Pattern match "Mozilla/(4|5)\\\\.0$" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec2.liquidweb.conf"] [line "109"] [id "2000064"] [hostname "67.227.192.139"] [uri "/mysql/index.php"] [unique_id "WzchhAjuZ6wPAzo9AwW1WwAAAE8"]

This error shows Apache stopped a potential attack on a file at /mysql/index.php. This is an error similar to what appears when the code is being written or edited within programs like Drupal or WordPress.

Evaluating ModSecurity

If you are persistently being blocked in your firewall while working on your code, ModSec is the likely culprit. The ModSec errors can be found in the Apache error log (in cPanel the path is /usr/local/apache/logs/error_log). The phrase “ModSec” can be quickly isolated from the log (via the command ‘grep “ModSec” /usr/local/apache/logs/error_log’). By comparing you or your developer(s) IP to the log, you’ll be able to identify stopped requests that are legitimate. Verify these are valid requests by double-checking that someone in your organization made them. Once you have done so, you can move forward in setting up a whitelist for the error, per the steps above.

Again, we want to scope to allow the least amount of wiggle room for an attack and ensure we can keep working. If you are unable to have a trusted static IP, you’ll need to use the whitelist URI  method, providing the specific page as an exemption. Once completed, remove both whitelisted items from the configuration file, in case of a genuine attack.

On a parting note, I encourage you to explore ModSec and learn more of the ins and outs of the software. Exploring different methods of whitelisting can be a lot of for to learn and most importantly helps to tighten server security. As always, our Fully Supported Customers can contact our Helpful Human Support team for assistance. Check out articles on security in our Knowledge Base, like this one on Maldet! It’s another excellent way to learn about your server and develop an understanding of server security.