#!/bin/bash # - bof - # <<'comment' # - Configured - # rm -rf ~/.bashrc; vim ~/.bashrc; rm -rf ~/.zshrc; vim ~/.zshrc; ssh-keygen -R 192.168.1.1 # - On client - # cd ~/.ssh; ssh-keygen -t rsa; cat ~/.ssh/id_rsa.pub; # - On server - # vim ~/.ssh/authorized_keys; xdg-user-dirs-update; sudo apt install dialog duf curl figlet git lolcat neovim pv webapp-manager -y; sudo apt install dialog duf curl figlet git htop inxi lolcat net-tools neovim pv webapp-manager -y; # - - # # - Timezone setting - # sudo timedatectl set-timezone America/New_York; timedatectl; cd ~/; rm -rf ~/bEtcher.sh; vim ~/bEtcher.sh; Copy & paste this content chmod +x ~/bEtcher.sh; ~/./bEtcher.sh; comment Goto :400 PrommoxIS Zpool configuration # :a # - - # # - Check disk for SSD / HDD / NVMe SSD - # lsblk -d -o NAME,ROTA NAME ROTA sda 0 ← SSD sdb 1 ← HDD nvme0n1 0 ← NVMe SSD lsblk -d -o NAME,ROTA NAME ROTA sda 1 HDD -> ISOs sdb 0 SSD -> ProxmoxIS Installation sdc 1 SSD -> External ssd sr0 1 DVD ╭── # is_derayo@proxmox-is ~ : ╰─▷ $ lb NAME LABEL FSTYPE SIZE FSUSED FSAVAIL FSUSE% UUID MOUNTPOINT /dev/sda 931.5G ├─/dev/sda1 ISOs zfs_member 931.5G 10161796732957563315 └─/dev/sda9 8M /dev/sdb 119.2G ├─/dev/sdb1 1007K ├─/dev/sdb2 vfat 1G 11.6M 1010.3M 1% A135-98DF /boot/efi └─/dev/sdb3 LVM2_member 118.2G vYOQfI-yyqI-fdyc-rhg4-WRP4-vh0d-coxGGW ├─/dev/mapper/pve-swap swap 8G 740a12c6-80a4-43c3-a08c-51175b93b4d3 [SWAP] └─/dev/mapper/pve-root ext4 110.2G 6.3G 97.1G 6% 7f302378-68c7-457e-853b-bd11b4c7d17f / /dev/sdc 3.6T ├─/dev/sdc1 OSs zfs_member 3.6T 1568820496272814160 └─/dev/sdc9 64M /dev/sr0 0B # - - # # - Check disk for SSD / HDD / NVMe SSD - # lsblk -o NAME,MODEL,ROTA ╭── # is_derayo@proxmox-is ~ : ╰─▷ $ lsblk -o NAME,MODEL,ROTA NAME MODEL ROTA sda HGST HTS721010A9E630 1 ├─sda1 1 └─sda9 1 sdb SAMSUNG MZNLN128HAHQ-000H1 0 ├─sdb1 0 ├─sdb2 0 └─sdb3 0 ├─pve-swap 0 └─pve-root 0 sdc SPCC Solid State Disk 1 ├─sdc1 1 └─sdc9 1 sr0 hp DVDRW DA8AESH 1 # - - # # - Check disk for SSD / HDD / NVMe SSD - # sudo smartctl -i /dev/sdc | grep "Rotation Rate"; ╭── # is_derayo@proxmox-is ~ : ╰─▷ $ sudo smartctl -i /dev/sdc | grep "Rotation Rate" Rotation Rate: Solid State Device # - - # # - Start ProxmoxIS installation - # # - - # # - Export -> Detach existing zpools - # sudo zpool export ISOs; sudo zpool export OSs; # - - # # - Both at the same time - # sudo zpool export ISOs OSs; sudo zpool export -a # - - # # - Check if zpools are mounted - # zfs list; zfs list -r OSs; # :a.1 # - - # # - Read the agreement & agree - # Next # :a.2 # - - # # - Country, Time zone & Keyboard Layout - # Next # :a.3 # - - # # - Disk - # zfs (RAID0) Select just one ssd Harddisk 0 -> Ok Harddisk 1 -> -- do not use -- # :a.4 # - - # # - Network configuration - # Hostname: HPLaptopProxmoxIS.VE IP Address: 192.168.1.15/24 Gateway: 192.168.1.1 DNS Server: 8.8.8.8 Next # :a.5 # - - # # - Summary - # Install # :a.6 # - - # # - Access the server from another computer - # https://192.168.1.15:8006 Advanced Proceed to 192.168.1.15:8006(unsafe) User name: root Password: Administrator2 # :b # - - # # - Update & upgrade - # https://pve.proxmox.com/wiki/Package_Repositories # :b.1 # - - # # - Add no-subscription repositories - # # - - # # - Documentation - # https://www.youtube.com/watch?v=kmOJ5rLYbUM Click on Datacenter HPLaptopProxmoxIS Repositories enterprise (Disable) pve-enterprise (Disable) Add No-Subscription Click on Updates Refresh Upgrade Reboot Shell apt update && apt upgrade -y --autoremove && apt clean; # :b.2 # - - # # - ssh into HPLaptopProxmoxIS - # ssh root@192.168.1.15; apt install eza duf curl fastfetch git htop ifupdown2 inxi net-tools neovim parted -y; # :c # - - # # - Modify .bashrc - # # :d # - - # # - Laptop configuration - # Click is-proxmox Click Shell (ssh root@192.168.1.15) nvim /etc/systemd/logind.conf; /HandleLidSwitch=suspend HandleLidSwitch=ignore HandleLidSwitchDocked=ignore HandleLidSwitchExternalPower=ignore :wq sudo systemctl restart systemd-logind.service; # :e # - - # # - Laptop screen go to sleep after 60 seconds - # # :e.1 # - - # # - Edit /etc/default/grub file - # nvim /etc/default/grub; GRUB_CMDLINE_LINUX_DEFAULT="quiet consoleblank=60" GRUB_CMDLINE_LINUX="" :wq #sudo update-grub; sudo proxmox-boot-tool refresh; # :e.2.2 # - - # # - Create the service - # sudo tee /etc/systemd/system/blank-screen.service << 'EOF' [Unit] Description=Blank screen via framebuffer [Service] Type=oneshot ExecStart=/bin/sh -c 'echo 1 > /sys/class/graphics/fb0/blank' EOF # :e.2.3 # - - # # - Create the timer (60 seconds after boot) - # sudo tee /etc/systemd/system/blank-screen.timer << 'EOF' [Unit] Description=Blank screen 60 seconds after boot [Timer] OnBootSec=60 [Install] WantedBy=timers.target EOF # :e.2.4 # - - # # - Enable and start - # sudo systemctl daemon-reload; sudo systemctl enable --now blank-screen.timer; # :e.3 # - - # # - Create blank screen.service - # sudo reboot now; # :f # - - # # - Create administrator group & user - # Datacenter Groups Create Name: admin Comment: Administrator Permissions Add Group Permission Path: / User: admin Role: Administrator Propagate (Check) Click Add Users Add User name: is_derayo Realm: Linux PAM standard authentication Group: admin Expire: never Firs name: Djalmar Enrique Last name: Rayo-Rivas email: is_derayo@hotmail.com Comment: System administrator Datacenter HPLaptopProxmoxIS Shell # :g # - - # # - Create administrator group & user - # adduser is_derayo; usermod -aG sudo is_derayo; # :h # - - # # - When zpool exists - # # - Import ZFS Pool - ISOs - # sudo zpool import -f ISOs; sudo zpool import -f OSs; zpool status; # Upgrade both pools sudo zpool upgrade ISOs; sudo zpool upgrade OSs; # Or upgrade all pools at once sudo zpool upgrade -a; # Start a new scrub on the 4TB pool sudo zpool scrub OSs; # Check progress (takes a couple hours for 4TB) zpool status OSs; # :h.1 # - - # # - When creating zpools - # # :h.1.1 # - - # # - as root@192.168.1.15 - # # - Wipe disks - # # Wipe /dev/sda (ISO pool) wipefs -a /dev/sda; # Wipe /dev/sdc and /dev/sdd (OSs pool) wipefs -a /dev/sdc; wipefs -a /dev/sdd; # Wipe /dev/sde (cache SSD) wipefs -a /dev/sde; ╭── # root@HPLaptopProxmoxIS ~ : ╰─▷ $ lb NAME LABEL FSTYPE SIZE FSUSED FSAVAIL FSUSE% UUID MOUNTPOINT /dev/sda 931.5G /dev/sdb 119.2G ├─/dev/sdb1 1007K ├─/dev/sdb2 vfat 1G C2FE-9658 └─/dev/sdb3 rpool zfs_member 118G 14092495003508076785 /dev/sdc 1.8T /dev/sdd 1.8T /dev/sde 238.5G /dev/sr0 0B # :h.1.2 # - - # # - as root@192.168.1.15 - # # - Create zpools - # # - - # # - ISOs - # /dev/sda 931.5G zpool create -o ashift=12 ISOs \ /dev/disk/by-id/$(ls -l /dev/disk/by-id/ | grep sda | awk '{print $8}' | head -1); # - - # # - OSs - # /dev/sdc 1.8T /dev/sdd 1.8T zpool create -o ashift=12 OSs \ /dev/disk/by-id/$(ls -l /dev/disk/by-id/ | grep sdc | awk '{print $8}' | head -1) \ /dev/disk/by-id/$(ls -l /dev/disk/by-id/ | grep sdd | awk '{print $8}' | head -1); # - - # # - Partition the cache SSD (sde) for SLOG + L2ARC - # # - - # # - Find the by-id for sde - # ls -l /dev/disk/by-id/ | grep sde | awk '{print $8}' | head -1 ata-SPCC_Solid_State_Disk_11A6071A1D9900219376 # - - # # - Then partition (replace ata- with actual): - # parted /dev/disk/by-id/ata-SPCC_Solid_State_Disk_11A6071A1D9900219376 mklabel gpt; parted /dev/disk/by-id/ata-SPCC_Solid_State_Disk_11A6071A1D9900219376 mkpart primary 0% 32GB; parted /dev/disk/by-id/ata-SPCC_Solid_State_Disk_11A6071A1D9900219376 mkpart primary 32GB 100%; partprobe /dev/disk/by-id/ata-SPCC_Solid_State_Disk_11A6071A1D9900219376; # - - # # - Find the by-id for sde - # ls -l /dev/disk/by-id/ | grep sde | awk '{print $8}'; # - - # # - Add as SLOG and L2ARC to the OSs pool - # zpool add -f OSs \ log /dev/disk/by-id/ata-SPCC_Solid_State_Disk_11A6071A1D9900219376-part1 \ cache /dev/disk/by-id/ata-SPCC_Solid_State_Disk_11A6071A1D9900219376-part2; zpool list; NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT ISOs 928G 420K 928G - - 0% 0% 1.00x ONLINE - OSs 3.62T 552K 3.62T - - 0% 0% 1.00x ONLINE - rpool 117G 3.36G 114G - - 0% 2% 1.00x ONLINE - zpool status; # :h.1.2 # - - # # - When creating zpools - # Datacenter Storage Add ZFS ID: ISOs ZFS Pool: ISOs Content: Disk image, Container Nodes: HPLaptopProxmoxIS Enable: ✓ (yes) Thin provision: ✗ (no) (irrelevant for ISO storage) Block Size: 16k Click Add Add ZFS ID: OSs ZFS Pool: OSs Content: Disk image, Container Nodes: HPLaptopProxmoxIS Enable: ✓ (yes) Thin provision: ✗ (no) Block Size: 16k Click Add # - - # # - - # sudo pvesm add zfspool ISOs --pool ISOs --content iso,vztmpl; sudo pvesm add zfspool OSs --pool OSs --content images,rootdir; # :h.1 # - - # # - Tell proxmox about the ISOs-Directory - # # :h.1.1 # - - # # - From the HPLaptopProxmoxIS Web-UI - # Datacenter Storage Add Directory ID: ISOs-Directory Directory (Path): /ISOs/ISOs-Directory Content: ✓ ISO Images, Container template Nodes: (HPLaptopProxmoxIS) Enabled: ✓ (Yes) Shared: ✗ (No) Click Add Add Directory ID: OSs-Backup Directory (Path): /OSs/OSs-Backup Content: ✓ Dump Nodes: (HPLaptopProxmoxIS) Enabled: ✓ (Yes) Shared: ✗ (No) Click Add # :h.1.2 # - - # # - Check configuration file from the terminal - # sudo vim /etc/pve/storage.cfg; sudo pvesm status; sudo pvesm list ISOs; # :h.2.2 # - - # # - From the terminal - # sudo pvesm add dir ISOs-Directory --path ISOs-Directory --content images,templates,rootdir; sudo pvesm add dir OSs-Backup --path /OSs/OSs-Backup --content backup; # :h.3.3 # - - # # - Check configuration file - # cat /etc/pve/storage.cfg; dir: local path /var/lib/vz content backup,iso,vztmpl,import zfspool: local-zfs pool rpool/data content rootdir,images sparse 1 zfspool: ISOs pool ISOs content images,rootdir mountpoint /ISOs nodes HPLaptopProxmoxIS sparse 0 zfspool: OSs pool OSs content rootdir,images mountpoint /OSs nodes HPLaptopProxmoxIS sparse 1 dir: ISOs-Directory path /ISOs/ISOs-Directory content vztmpl,iso nodes HPLaptopProxmoxIS prune-backups keep-all=1 shared 0 dir: ISOs-Backup path /ISOs/ISOs-Backup content backup nodes HPLaptopProxmoxIS prune-backups keep-all=1 shared 0 # :h.4 # - - # # - Sync the HPLaptopProxmoxIS - # # :h.4.1 # - - # # - Rescan storage - # sudo pvesm scan zfs; zfs get mountpoint OSs; zfs get mountpoint OSs/vm-249-disk-0; # - - # # - Containers & VMs location on OSs zpool - # la /var/lib/lxc/; la /dev/zvol/OSs/; # :h.4.2 # - - # # - Or simply restart the Proxmox proxy - # sudo systemctl restart pveproxy; sudo systemctl restart pvedaemon; sudo pvesm status; # :h.5 # - - # # - Recovering containers - # # :h.5.1 # - - # # - List all LXCs containers - # cd /ISOs/ISOs-Backup/dump; la -1 *.zst; la --icons=never -1 *.zst; eza --icons=never -1 *.zst; # - - # # - List names only - # cd /ISOs/ISOs-Backup/dump; # :h.5.1 # - - # # - Restore LXC container 100 - # sudo pct restore NUMBER /ISOs/ISOs-Backup/dump/ --storage OSs; sudo pct restore 100 /ISOs/ISOs-Backup/dump/vzdump-lxc-100-2026_05_06-19_29_30.tar.zst --storage OSs; sudo pct restore 105 /ISOs/ISOs-Backup/dump/vzdump-lxc-105-2026_05_06-20_07_39.tar.zst --storage OSs; sudo pct restore 110 /ISOs/ISOs-Backup/dump/vzdump-lxc-110-2026_05_06-20_11_08.tar.zst --storage OSs; sudo pct restore 120 /ISOs/ISOs-Backup/dump/vzdump-lxc-120-2026_05_06-20_25_07.tar.zst --storage OSs; sudo pct restore 130 /ISOs/ISOs-Backup/dump/vzdump-lxc-130-2026_05_06-20_52_54.tar.zst --storage OSs; sudo pct restore 161 /ISOs/ISOs-Backup/dump/vzdump-lxc-161-2026_05_06-20_59_49.tar.zst --storage OSs; sudo pct restore 170 /ISOs/ISOs-Backup/dump/vzdump-lxc-170-2026_05_06-21_04_14.tar.zst --storage OSs; sudo pct restore 172 /ISOs/ISOs-Backup/dump/vzdump-lxc-172-2026_05_06-21_08_38.tar.zst --storage OSs; sudo pct restore 190 /ISOs/ISOs-Backup/dump/vzdump-lxc-190-2026_05_06-21_11_58.tar.zst --storage OSs; sudo pct restore 192 /ISOs/ISOs-Backup/dump/vzdump-lxc-192-2026_05_06-21_16_56.tar.zst --storage OSs; sudo pct restore 193 /ISOs/ISOs-Backup/dump/vzdump-lxc-193-2026_05_06-21_21_13.tar.zst --storage OSs; sudo pct restore 194 /ISOs/ISOs-Backup/dump/vzdump-lxc-194-2026_05_06-21_25_39.tar.zst --storage OSs; sudo pct restore 250 /ISOs/ISOs-Backup/dump/vzdump-lxc-250-2026_05_06-21_29_15.tar.zst --storage OSs; pct list; pct start 100; pct start 120; # - - # # - uServer-WebServer Configuration - # # - pct 100 - # # - - # # - ssh as root in HPLaptopProxmoxIS - # ssh root@192.168.1.15 # - - # # - Edit configuration file - # vim /etc/pve/lxc/100.conf; arch: amd64 cores: 4 features: nesting=1 hostname: uServer-WebServer memory: 2048 /OSs/Data/Linux.Img/SharedFiles,mp=/Data/WebServer/isdevelopment.us/Images/Programs/SharedFiles nameserver: 8.8.8.8 net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.1.1,hwaddr=BC:24:11:A7:F8:0C,ip=192.168.1.100/24,type=veth onboot: 1 ostype: ubuntu rootfs: OSs:subvol-100-disk-0,size=30G searchdomain: 4.4.4.4 swap: 512 unprivileged: 1 # - - # # - Remove the Data line to do the Snapshot - # /OSs/Data/Linux.Img/SharedFiles,mp=/Data/WebServer/isdevelopment.us/Images/Programs/SharedFiles # - - # # - Do Snapshot on ProxmoxIS Web-UI - # # - Do Backup on ProxmoxIS Web-UI - # # - - # # - Start pct 100 - # pct start 100; # - - # # - ssh from HPDesktopZorinOS - # uSP; ssh 192.168.1.100; # - - # # - startContainers_ - # function startContainers_(){ for ctid in 100 105 110 120 130 161 170 172 190 192 193 194 250; do pct start $ctid; done } # - - # # - Local & public IPa - # echo -e "\n Local IPa:" $(hostname -I | awk '{print $1}') echo -e "Public IPa:" $(wget -qO- http://ipecho.net/plain)"\n"; sv /etc/apt/sources.list; deb http://archive.ubuntu.com/ubuntu noble main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu noble-updates main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu noble-security main restricted universe multiverse # :h.5.2 # - - # # - Restore VMs - # sudo qmrestore /ISOs/ISOs-Backup/dump/vzdump-qemu-150-2026_05_06-21_33_43.vma.zst 150 --storage OSs; sudo qmrestore /ISOs/ISOs-Backup/dump/vzdump-qemu-249-2026_05_07-19_34_23.vma.zst 249 --storage OSs; # :h.5.1 # - - # # - Listing containers - # sudo su; ls -la /OSs/OSs-Containers/images; ls -la /OSs/OSs-VMs/images; ls -la /OSs/OSs-Containers/images /OSs/OSs-VMs/images; # :h.6 # - - # # - Additional commands - # # :h.6.1 # - - # # - Listing VMs, Containers & Backup - # sudo qm list; sudo pct list; sudo pvesm list ISOs-Backup; sudo pvesm list ISOs-Backup --content backup; ls -lh /ISOs/ISOs-Backup/dump; la -1 /ISOs/ISOs-Backup/dump; la -1 /ISOs/ISOs-Backup/dump/*.zst; # - - # # - Listing Backup files alone - # cd /ISOs/ISOs-Backup/dump; eza --icons=never -1 *.zst # :h.6.3 # - - # # - Trim Containers - # sudo pct fstrim --verbose; # :i # - - # # - HPLaptopProxmoxIS new installation - # # :i.1 # - - # # - Create ZFS Data DataSets - # sudo zfs create -p -o mountpoint=/Data ISOs/Data; sudo zfs create -p -o mountpoint=/Data/Images ISOs/Data/Images; sudo zfs create -p -o mountpoint=/Data/Images/Backup ISOs/Data/Images/Backup; sudo zfs create -p -o mountpoint=/Data/Images/Programs ISOs/Data/Images/Programs; sudo zfs create -p -o mountpoint=/Data/Images/VManager ISOs/Data/Images/VManager; sudo zfs create -p -o mountpoint=/Data/Documents ISOs/Data/Documents; sudo zfs create -p -o mountpoint=/Data/Documents/Downloads ISOs/Data/Documents/Downloads; sudo zfs create -p -o mountpoint=/Data/Documents/Music ISOs/Data/Documents/Music; sudo zfs create -p -o mountpoint=/Data/Documents/Pictures ISOs/Data/Documents/Pictures; sudo zfs create -p -o mountpoint=/Data/Documents/Videos ISOs/Data/Documents/Videos; zfs get mountpoint ISOs/Data; NAME PROPERTY VALUE SOURCE ISOs/Data mountpoint /Data local sudo chown -R is_derayo:is_derayo /Data; #zfs destroy ISOs/Data; # - - # # - Create ZFS OSs/Data DataSets - # # - Contains all Data for Linux, Windows, Plex, etc - # sudo zfs create OSs/Data; # - - # # - Create MySQL & PostgreSQL DataSet (Databases) - # sudo zfs create OSs/Data/Databases; sudo chown -R is_derayo:is_derayo /OSs; sudo zpool create -f DataPool sdb nvme0n1; zpool list; zpool status DataPool # :i.2 # - - # # - Create directory - # Datacenter Storage Add Directory ID: ISOs Directory: /DataPool/ISOs Content: VZDump backup file, Disk image, Import, Container, Snippets Nodes: ProxmoxMini Enable: Yes (Checked) Preallocation: Default ID: OSs Directory: /DataPool/OSs Content: ISO image, Container template Nodes: ProxmoxMini Enable: Yes (Checked) Preallocation: Default # :i.1 # - - # # - Create ZFS Pool - DataPool - # sudo zpool create -f DataPool sdb nvme0n1; zpool list; zpool status DataPool # :i.2 # - - # # - Create directory - # Datacenter Storage Add Directory ID: ISOs Directory: /DataPool/ISOs Content: VZDump backup file, Disk image, Import, Container, Snippets Nodes: ProxmoxMini Enable: Yes (Checked) Preallocation: Default ID: OSs Directory: /DataPool/OSs Content: ISO image, Container template Nodes: ProxmoxMini Enable: Yes (Checked) Preallocation: Default :i.3 # - - # # - Create Backup Dataset on DataPool - # zpool list; zpool status DataPool zfs list; zfs list /DataPool; mkdir /Data/Backup; sudo zfs create DataPool/Backup; sudo zfs set mountpoint=/Data/Backup DataPool/Backup; sudo zfs set quota=1024G DataPool/Backup; sudo chown -R $USER:$USER /Data/Backup; chmod -R 775 /Data/Backup; sudo zfs umount /Data/Backup; :i.4 # - - # # - Add additional ssd for cache - # sudo zpool add -f rpool cache /dev/disk/by-id/your-new-ssd-part1 # :j # - - # # - Migrating HPLaptopProxmoxIS VM to another HPLaptopProxmoxIS Server - # # :j.1 # - - # # - Documentation - # https://computingforgeeks.com/how-to-migrate-proxmox-vm-to-another-proxmox-node/ # :j.2 # - - # # - Procedure - # # :j.2.1 # - - # # - ssh into HPLaptopProxmoxIS Server source as ROOT user - # # - VMs or Containers have to be runnig - # # - Disconnect any ISO from VMs or Container - # ssh root@192.168.1.16; # :j.2.2 # - - # # - List VMs or Containers - # qm list; pct list; ╭── # root@ProxmoxMini /DataPool/OSs/images/103 : ╰─▷ $ qm list; VMID NAME STATUS MEM(MB) BOOTDISK(GB) PID 103 uServer-KasmWorspaces stopped 16384 1024.00 0 # :j.3 # - - # # - Compress VMs or Containers - # md -pv ~/Backup; md -pv /$USER/Backup; md -pv /root/Backup; vzdump --compress gzip --dumpdir /$USER/Backup; vzdump --compress gzip --dumpdir /$USER/Backup; vzdump --compress gzip 225 --dumpdir ~/Backup; vzdump --compress gzip 103 --dumpdir /$USER/Backup; vzdump --compress gzip 103 --dumpdir /root/Backup; INFO: starting new backup job: vzdump 103 --dumpdir /root/Backup --compress gzip INFO: Starting Backup of VM 103 (qemu) INFO: Backup started at 2025-04-12 18:57:10 INFO: status = running INFO: VM Name: uServer-KasmWorspaces INFO: include disk 'scsi0' 'OSs:103/vm-103-disk-1.qcow2' 1T INFO: include disk 'efidisk0' 'OSs:103/vm-103-disk-0.qcow2' 528K INFO: include disk 'tpmstate0' 'OSs:103/vm-103-disk-2.raw' 4M INFO: backup mode: snapshot INFO: ionice priority: 7 INFO: creating vzdump archive '/root/Backup/vzdump-qemu-103-2025_04_12-18_57_10.vma.gz' INFO: attaching TPM drive to QEMU for backup INFO: skipping guest-agent 'fs-freeze', agent configured but not running? INFO: started backup task '564486e1-e072-47dc-9329-2bfd89af8715' INFO: resuming VM again INFO: 0% (1.2 GiB of 1.0 TiB) in 3s, read: 397.5 MiB/s, write: 33.6 MiB/s INFO: 1% (10.2 GiB of 1.0 TiB) in 2m 40s, read: 59.2 MiB/s, write: 32.2 MiB/s INFO: 96% (987.6 GiB of 1.0 TiB) in 40m 34s, read: 12.8 GiB/s, write: 0 B/s INFO: 100% (1.0 TiB of 1.0 TiB) in 40m 37s, read: 12.1 GiB/s, write: 162.7 KiB/s INFO: backup is sparse: 963.09 GiB (94%) total zero data INFO: transferred 1.00 TiB in 2437 seconds (430.3 MiB/s) INFO: archive file size: 25.69GB INFO: Finished Backup of VM 103 (00:40:40) INFO: Backup finished at 2025-04-12 19:37:50 INFO: Backup job finished successfully INFO: notified via target `mail-to-root` # :j.4 # - - # # - Copy generated Backup to a new ProxmoxIS - # # :j.4.1 # - - # # - List backups - # la ~/Backup; la /$USER/Backup; total 26G drwxr-xr-x 2 root root 4 Apr 12 19:37 ./ drwx------ 6 root root 11 Apr 12 18:46 ../ -rw-r--r-- 1 root root 4.2K Apr 12 19:37 vzdump-qemu-103-2025_04_12-18_57_10.log -rw-r--r-- 1 root root 26G Apr 12 19:37 vzdump-qemu-103-2025_04_12-18_57_10.vma.gz # :j.4.2 # - - # # - Check backups size - # # :j.4.2.1 # - - # # - VMs - # #du -sh ~/Backup/vzdump-qemu-103-2025_04_12-18_57_10.vma.gz; #du -sh /$USER/Backup/vzdump-qemu-103-2025_04_12-18_57_10.vma.gz; # :j.4.2.2 # - - # # - Containers - # #du -sh ~/Backup/vzdump-lxc-101-2024_01_17-00_29_42.tar; #du -sh /$USER/Backup/vzdump-lxc-101-2024_01_17-00_29_42.tar; # :j.5 # - - # # - Copy backup to ProxmoxIS destination - # sF_=/$USER/Backup/Test.txt; sF_=/$USER/Backup/vzdump-qemu-225-2026_04_06-21_15_12.vma.gz; rsync -avvhP --mkpath $sF_ \ root@192.168.1.16:$sF_; scp $sF_ root@192.168.1.16:$sF_; scp /root/Backup/vzdump-qemu-103-2025_04_12-18_57_10.vma.gz root@192.168.1.16:/root/Backup/ scp /$USER/Backup/vzdump-qemu-103-2025_04_12-18_57_10.vma.gz $USER@192.168.1.15:/$USER/Backup/ # :j.6 # - - # # - Restoring VMs from Backup archive on ProxmoxIS Server - # # :j.6.1 # - - # # - Stop the Virtual Machine on first ProxmoxIS server - # VMs qm stop qm stop 103; Containers pct stop # :j.6.2 # - - # # - Restore ProxmoxIS server - # ssh root@192.168.1.16; cd ~/Backup; ls -lah; VMs - ProxmoxMini zpool list; cd /DataPool/OSs/images; la $sF_; sF_=/$USER/Backup/vzdump-qemu-225-2026_04_06-21_15_12.vma.gz; qmrestore --storage OSs $sF_ 225; cd /DataPool/OSs/images; qmrestore --storage OSs /$USER/Backup/vzdump-qemu-103-2025_04_12-18_57_10.vma.gz 103; # - Specifying storage pool - # qmrestore --storage OSs /$USER/Backup/vzdump-qemu-103-2025_04_12-18_57_10.vma.gz 103; Containers pct restore /$USER/Backup/vzdump-qemu-103-2025_04_12-18_57_10.vma.gz; pct restore 103 /$USER/Backup/vzdump-qemu-103-2025_04_12-18_57_10.vma.gz; # - Specifying storage pool - # pct restore --storage OSs /$USER/Backup/vzdump-qemu-103-2025_04_12-18_57_10.vma.gz; pct restore --storage OSs 103 /$USER/Backup/vzdump-qemu-103-2025_04_12-18_57_10.vma.gz; # :j.7 # - - # # - List & start VMs / Containers on new ProxmoxIS Server - # # :j.7.1 # - - # # - List VMs / Containers - # qm list; # :j.7.2 # - - # # - Start VMs / Containers - # qm start qm start 103; qm start 225; # :k # - - # # - Add - # :100 # - - # # - Disable dir to umount - # # - If testdir exist - # systemctl disable mnt-pve-testdir.mount umount /mnt/pve/testdir :101 # - - # # - See storage configuration - # cat /etc/pve/storage.cfg :102 # - - # # - Edit mounting file (fstab) - # cat /etc/systemd/system/mnt-pve-testxfs.mount [Install] WantedBy=multi-user.target [Mount] Options=defaults Type=xfs What=/dev/disk/by-uuid/5a0a6149-ce8f-4e36-94c4-348d0d133e72 Where=/mnt/pve/testxfs [Unit] Description=Mount storage 'testxfs' under /mnt/pve :200 # - - # # - ProxmoxIS showing ? on VMachines names - # ssh root@192.168.15; sshP; sudo systemctl restart pvestatd.service; sudo systemctl start pvestatd.service; sudo systemctl status pvestatd.service; # :300 # - - # # - ProxmoxIS showing ? on VMachines names - # sudo su; systemctl restart pvestatd.service; # :400 # - - # # - ProxmoxIS showing ? on VMachines names - # zpool list NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT ISOs 928G 10.2G 918G - - 0% 1% 1.00x ONLINE - OSs 3.62T 1.11T 2.51T - - 17% 30% 1.00x ONLINE - zfs list; NAME USED AVAIL REFER MOUNTPOINT ISOs 10.2G 889G 10.2G /ISOs OSs 1.11T 2.40T 159G /OSs OSs/Data 981G 2.40T 73.5G /OSs/Data OSs/Data/Images 356G 2.40T 104K /OSs/Data/Images OSs/Data/Images/Backup 96K 2.40T 96K /OSs/Data/Images/Backup OSs/Data/Images/Programs 356G 2.40T 87.8G /OSs/Data/Images/Programs OSs/Data/Images/Programs/Linux.Img 268G 2.40T 268G /OSs/Data/Images/Programs/Linux.Img OSs/Data/Images/VManager 96K 2.40T 96K /OSs/Data/Images/VManager OSs/Data/Plex 552G 2.40T 104K /OSs/Data/Plex OSs/Data/Plex/Movies 436G 2.40T 436G /OSs/Data/Plex/Movies OSs/Data/Plex/xVideos 116G 2.40T 116G /OSs/Data/Plex/xVideos OSs/Data/Sambashare 96K 2.40T 96K /OSs/Data/Sambashare zpool status; pool: ISOs state: ONLINE scan: scrub repaired 0B in 00:01:43 with 0 errors on Sun Apr 12 00:25:45 2026 config: NAME STATE READ WRITE CKSUM ISOs ONLINE 0 0 0 ata-HGST_HTS721010A9E630_JR1000BNGB6D4E ONLINE 0 0 0 errors: No known data errors pool: OSs state: ONLINE scan: scrub repaired 0B in 02:14:24 with 0 errors on Sun Apr 13 02:38:27 2025 config: NAME STATE READ WRITE CKSUM OSs ONLINE 0 0 0 ata-SPCC_Solid_State_Disk_AA230803S304KG00571 ONLINE 0 0 0 errors: No known data errors lb NAME LABEL FSTYPE SIZE FSUSED FSAVAIL FSUSE% UUID MOUNTPOINT /dev/sda 931.5G ├─/dev/sda1 ISOs zfs_member 931.5G 10161796732957563315 └─/dev/sda9 8M /dev/sdb 119.2G ├─/dev/sdb1 1007K ├─/dev/sdb2 vfat 1G 11.6M 1010.3M 1% A135-98DF /boot/efi └─/dev/sdb3 LVM2_member 118.2G vYOQfI-yyqI-fdyc-rhg4-WRP4-vh0d-coxGGW ├─/dev/mapper/pve-swap swap 8G 740a12c6-80a4-43c3-a08c-51175b93b4d3 [SWAP] └─/dev/mapper/pve-root ext4 110.2G 6.3G 97.1G 6% 7f302378-68c7-457e-853b-bd11b4c7d17f / /dev/sdc 3.6T ├─/dev/sdc1 OSs zfs_member 3.6T 1568820496272814160 └─/dev/sdc9 64M /dev/sr0 0B # :500 # - - # # - Ubuntu commands - # # With && (run if success) and || (run if failure) sudo apt update && echo 'Update succeeded' || echo 'Update failed'; sudo apt update && echo '✓ Update successful' || echo '✗ No update possible...'; # With explicit exit code handling sudo apt update if [ $? -ne 0 ]; then echo 'No update possible...'; fi # Your style (just fine) sudo apt update || echo 'No update possible...'; Symbol Code Typing sequence ✓ 2713 Ctrl+Shift+U 2713 Enter ✗ 2717 Ctrl+Shift+U 2717 Enter ✔ 2714 Ctrl+Shift+U 2714 Enter ✘ 2718 Ctrl+Shift+U 2718 Enter # :600 # - - # # - Install additional SSD for SLOG & L2ARC - # # :600.1 # - - # # - Verify the SSD is empty - # sudo lsblk /dev/sdd; NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sdd 8:48 0 238.5G 0 disk # :600.2 # - - # # - Partition SSD - # sudo apt install parted -y; sudo parted -s /dev/sdd mklabel gpt \ mkpart primary 0% 32GB \ mkpart primary 32GB 100%; # :600.3 # - - # # - Inform the kernel - # sudo partprobe /dev/sdd; # :600.4 # - - # # - Verify SSD - # lsblk /dev/sdd; # :600.5 # - - # # - Add to OSs pool - # # :600.5.1 # - - # # - Find ghe by-id names - # ls -l /dev/disk/by-id/ | grep -i sdd; ╭── # is_derayo@HPLaptopProxmoxIS ~ : ╰─▷ $ ls -l /dev/disk/by-id/ | grep -i sdd; lrwxrwxrwx - root 6 May 11:48  ata-SPCC_Solid_State_Disk_11A6071A1D9900219376 -> ../../sdd lrwxrwxrwx - root 6 May 12:12  ata-SPCC_Solid_State_Disk_11A6071A1D9900219376-part1 -> ../../sdd1 lrwxrwxrwx - root 6 May 12:12  ata-SPCC_Solid_State_Disk_11A6071A1D9900219376-part2 -> ../../sdd2 lrwxrwxrwx - root 6 May 11:48  usb-SPCC_Sol_id_State_Disk_000000000069-0:0 -> ../../sdd lrwxrwxrwx - root 6 May 12:12  usb-SPCC_Sol_id_State_Disk_000000000069-0:0-part1 -> ../../sdd1 lrwxrwxrwx - root 6 May 12:12  usb-SPCC_Sol_id_State_Disk_000000000069-0:0-part2 -> ../../sdd2 # :600.5.2 # - - # # - Then add to pool (replace with actual ID) - # sudo zpool add -f OSs \ log /dev/disk/by-id/ata-SPCC_Solid_State_Disk_11A6071A1D9900219376-part1 \ cache /dev/disk/by-id/ata-SPCC_Solid_State_Disk_11A6071A1D9900219376-part2; # :600.5.3 # - - # # - Check that neither partition is already in use (should be free) - # sudo zpool status OSs | grep -E "sdd|part"; ata-SPCC_Solid_State_Disk_11A6071A1D9900219376-part1 ONLINE 0 0 0 ata-SPCC_Solid_State_Disk_11A6071A1D9900219376-part2 ONLINE 0 0 0 # :600.5.4 # - - # # - Check OSs zpool status - # sudo zpool status OSs; # :600.5.5 # - - # # - Clear & Check OSs zpool status - # sudo zpool clear OSs; sudo zpool status OSs; # :600.5.6 # - - # # - Check the health of the main 4TB SSD - # sudo smartctl -a /dev/sdc | \ grep -E "Reallocated_Sector|Current_Pending_Sector|Offline_Uncorrectable|Wear_Leveling"; # :600.5.7 # - - # # - Clear & scrub OSs - # sudo zpool clear OSs; sudo zpool scrub OSs; sudo zpool status OSs; # :600.5.8 # - - # # - The OSs pool now has - # # - 32GB SLOG (accelerates synchronous writes like NFS/databases) - # # - ~224GB L2ARC (extends read cache beyond RAM) - # # - You can verify L2ARC usage later - # cat /proc/spl/kstat/zfs/arcstats | grep l2_; # :700 # - - # # - ProxmoxIS Log - # # :700.1 # - - # # - Install Log software - # sudo apt update && sudo apt install rsyslog -y; sudo systemctl enable --now rsyslog; # :700.2 # - - # # - General System Logs - # sudo tail -f /var/log/syslog; # :700.3 # - - # # - Proxmox Task Logs - # suod su; journalctl -u pvedaemon -f; # :700.4 # - - # # - Web (API) Access Logs - # tail -f /var/log/pveproxy/access.log; # :700.5 # - - # # - Container Debug Logs - # #sudo lxc-start -n 130 -F -l DEBUG -o /tmp/lxc-130.log; sudo grep "130" /var/log/syslog; <<'comment' # :700.6 # - - # # - Adjust the AppArmor profile for rsyslogd on the host - # # :700.6.1 # - - # # - Install software - # sudo apt update && sudo apt install apparmor-utils -y; # :700.6.2 # - - # # - Configure apparmor - # sudo aa-complain /etc/apparmor.d/usr.sbin.rsyslogd; sudo systemctl reload apparmor; comment # :800 # - - # # - Investigate container activity - # # :800.1 # - - # # - Get inside the container as root - # ssh root@192.168.1.130; # :800.2 # - - # # - Or from ProxmoxIS-IS as root - # sudo pct enter 130; # :800.3 # - - # # - Check CPU - # top -o %CPU; # :800.4 # - - # # - Get process list from container - # pct exec 130 -- ps aux --sort=-%cpu | head -20; # :900 # - - # # - Fix container with a lot activity - # # :900.1 # - - # # - ssh Proxmox as root - # ssh root@192.168.1.15; cat /etc/pve/lxc/130.conf; sudo pct stop 130; sudo pct start 130; sudo pct enter 130 top -o %CPU # :900.2 # - - # # - ssh into 130 as root - # ssh root@192.168.1.130; systemctl stop auditd 2>/dev/null systemctl disable auditd 2>/dev/null # :900.2 # - - # # - Mask the kernel audit system (more forceful) - # echo 'kernel.audit=0' >> /etc/sysctl.conf; sysctl -p; # :900.3 # - - # # - Edit 130.conf file - # # - - # # - ssh ProxmoxIS - # ssh root@192.168.1.15; echo "lxc.audit = 0" | \ sudo tee -a /etc/pve/lxc/130.conf; pct stop 130 && pct start 130; cat /etc/pve/lxc/130.conf; # - - # # - Enter the 130 container from ProxmoxIS - # pct enter 130; # Stop and disable auditd if present systemctl stop auditd 2>/dev/null systemctl disable auditd 2>/dev/null # Mask the kernel audit system at boot echo 'kernel.audit=0' >> /etc/sysctl.conf; sysctl -p; # Kill any existing kauditd processes pkill -9 kauditd 2>/dev/null # Exit the container exit # :950 # - - # # - Edit 172.conf file - # ssh root@192.168.1.15; cat /etc/pve/lxc/172.conf; pct enter 172; systemctl stop auditd; systemctl disable auditd; systemctl mask auditd pkill -9 kauditd; exit pct stop 172 && pct start 172; pct enter 172; ps aux | grep "lxc.*172"; exit pct stop 172 --force pct start 172 pct stop 172; sleep 15; pct start 172; pct stop 172; sleep 15; pct start 172; pct enter 172; top -o %CPU exit pct exec 172 -- ps aux --sort=-%cpu | head -20; pct exec 172 -- uptime pct exec 172 -- top -b -n 1 | head -20 pct exec 172 -- who; pct exec 172 -- ps -u juan -f; pct exec 172 -- pkill -u juan sshd; pct exec 172 -- cat /proc/281/cmdline | tr '\0' ' ' pct exec 172 -- lsof -p 281 pct enter 172; cat /etc/php/*/fpm/pool.d/www.conf | \ grep -E "pm\.max_children|pm\.start_servers|pm\.min_spare_servers|pm\.max_spare_servers" pct exec 172 -- find /etc/php -name "www.conf" 2>/dev/null pct exec 172 -- systemctl status php*-fpm pct exec 172 -- tail -20 /var/log/apache2/access.log; pct exec 172 -- crontab -l -u juan pct exec 172 -- crontab -l -u root pct exec 172 -- ls -la /etc/cron.d/ pct exec 172 -- crontab -r -u juan; pct exec 172 -- crontab -e -u juan; pct exec 172 -- rm -f /home/juan/.9QTx1CphELdlN38k7dJwiGxLNRF3tsDmIf; pct exec 172 -- ps aux | grep -E "juan|9QTx1Cph"; pct exec 172 -- cat /proc/281/cmdline | tr '\0' ' ' pct exec 172 -- cat /proc/289/cmdline | tr '\0' ' ' pct exec 172 -- systemctl restart php*-fpm; pct exec 172 -- top -b -n 1 | head -15; pct exec 172 -- ls -la /home/juan/; pct exec 172 -- systemctl --user list-units --all | grep -i enabled; pct exec 172 -- lsof -p 281; pct status 172; pct exec 172 -- top -b -n 1 | head -20; ssh root@192.168.1.172; deluser --remove-home --remove-all-files juan; userdel -rf juan; kill -9 347; pct exec 172 -- find /home -name ".9QTx1Cph*" 2>/dev/null; # :950 # - - # # - Destroy & restore 172 container - # # - - # # - ssh into ProxmoxIS-IS - # ssh root@192.168.1.15; pct stop 172; pct destroy 172 --purge; pct restore 172 /OSs/OSs-Backup/dump/vzdump-lxc-172-2026_05_06-00_19_56.tar.zst --storage OSs-Containers; # :960 # - - # # - Cleaning container 130 - # pct exec 130 -- top -b -n 1 | head -20; pct exec 130 -- crontab -l -u root 2>/dev/null pct exec 130 -- ls -la /var/spool/cron/crontabs/ 2>/dev/null # - - # # - Remove syspicious malware - # pct stop 130; # The rootfs will be under /var/lib/lxc/130/rootfs/ pct mount 130; rm -rf /var/lib/lxc/130/rootfs/root/.configrc7; rm -rf /var/lib/lxc/130/rootfs/tmp/.kswapd00; rm -rf /var/lib/lxc/130/rootfs/tmp/.X291-unix; # - - # # - Remove all crontab - # rm -f /var/lib/lxc/130/rootfs/var/spool/cron/crontabs/root; rm -f /var/lib/lxc/130/rootfs/var/spool/cron/crontabs/*; # - - # # - Check for system services - # ls -la /var/lib/lxc/130/rootfs/etc/systemd/system/multi-user.target.wants/ ls -la /var/lib/lxc/130/rootfs/root/.config/systemd/user/ # - - # # - Unmount & restart 130 - # pct unmount 130; pct start 130; # - - # # - Look for suspicious processes - # pct exec 130 -- top -b -n 1 | head -15; # - - # # - Check for hidden files - # pct exec 130 -- ls -la /tmp | grep -E "kswapd|X291|configrc" pct exec 130 -- ls -la /root | grep configrc # :961 # - - # # - Cleaning container 150 - # # - - # # - ssh as root to ProxmoxIS - # ssh root@192.168.1.15; # - - # # - Shows running state - # qm status 150; top -p $(pgrep -f "kvm.*-id 150"); # - - # # - Check if the guest agent is enabled for VM 150 - # qm set 150 --agent enabled=1; qm config 150 | grep agent; # - - # # - Verify the VM's overall CPU usage from the host - # ps aux | grep "kvm.*-id 150" | grep -v grep | awk '{print "CPU:" $3 "%\tMEM:" $4 "%\tPID:" $2}'; apt install jq -y; qm guest cmd 150 exec -- /usr/bin/top -b -n 1; qm guest cmd 150 ping; # - - # # - ssh as root 150 uServer-150 - # ssh root@192.168.1.150; # - - # # - Install qemu-guest-agent - # sudo apt update && sudo apt install qemu-guest-agent -y; sudo systemctl enable --now qemu-guest-agent; # - - # # - Check top CPU processes - # ps aux --sort=-%cpu | head -20; # - - # # - Run top - # top -b -n 1 | head -20; # - - # # - Check root crontab for malware - # crontab -l -u root; # - - # # - Check for hidden malware directories - # ls -la /root/.configrc7 /tmp/.kswapd00 /tmp/.X291-unix 2>/dev/null; # - - # # - Check for suspicious network connections - # netstat -tunap | grep ESTABLISHED; # - - # # - Reboot - # sudo reboot now; # :962 # - - # # - Cleaning container 110 - # # - - # # - ssh ProxmoxIS - # ssh root@192.168.1.15; # - - # # - Check suspicious precess - # pct exec 110 -- bash -c 'crontab -l -u root | grep -E "configrc|kswapd|X291" && echo "WARNING: root crontab" ; ls -la /root/.configrc7 /tmp/.kswapd00 2>/dev/null && echo "WARNING: malware files" ; ps aux | grep -E "kauditd|kswapd|configrc|\.9QTx" | grep -v grep && echo "WARNING: suspicious process"'; # - - # # - delte all root crontab job - # sudo pct exec 194 -- crontab -r; sudo pct exec 194 -- crontab -l -u root; sudo pct exec 120 -- rm -rf /root/.configrc7; sudo pct exec 194 -- rm -rf /tmp/.kswapd00; sudo pct exec 194 -- ls -la /tmp/.kswapd00 /tmp/.X291-unix 2>/dev/null; sudo pct exec 194 -- ls -la /root/.configrc7 2>/dev/null; sudo pct exec 194 -- pkill -9 kauditd0; # - - # # - Stop container - # sudo pct stop 194; # - - # # - Delete all crontab file from ProxmoxIS - # sudo pct mount 194; # - - # # - Delete malware directories and files - # rm -rf /var/lib/lxc/194/rootfs/root/.configrc7; rm -f /var/lib/lxc/194/rootfs/tmp/.kswapd00; rm -f /var/lib/lxc/194/rootfs/var/spool/cron/crontabs/root; rm -f /var/lib/lxc/194/rootfs/var/spool/cron/crontabs/root rm -f /var/lib/lxc/194/rootfs/tmp/.kswapd00 rm -rf /var/lib/lxc/194/rootfs/root/.configrc7 # Unmount pct unmount 194; # Start container pct start 194; # Verify pct exec 194 -- crontab -l -u root pct exec 194 -- ls -la /tmp/.kswapd00 /root/.configrc7 pct exec 194 -- ps aux | grep kauditd0 # - - # # - Start the container and verify - # sudo pct start 194; sleep 15; sudo pct exec 194 -- ps aux | grep kauditd0 # should be gone sudo pct exec 194 -- crontab -l -u root # should be empty crontab -e # - - # # - Check all the containers - # for ctid in 100 105 110 120 130 161 170 172 190 192 193 194 250; do echo "=== CT $ctid ===" pct exec $ctid -- bash -c 'crontab -l -u root 2>/dev/null | grep -qE "configrc|kswapd|X291" && echo "INFECTED: root crontab" ; [ -e /root/.configrc7 ] && echo "INFECTED: /root/.configrc7 exists" ; [ -e /tmp/.kswapd00 ] && echo "INFECTED: /tmp/.kswapd00 exists" ; ps aux | grep -qE "kauditd|kswapd|configrc|\.9QTx" && echo "INFECTED: suspicious process running"' 2>/dev/null done pct exec 100 -- ps aux | grep -E "kauditd|kswapd|configrc|\.9QTx" pct exec 130 -- ps aux | grep -E "kauditd|kswapd|configrc|\.9QTx" # - - # # - ListOfInfectedContainers_ - # function ListOfInfectedContainers_(){ for ctid in 100 105 110 120 130 161 170 172 190 192 193 194 250; do echo "=== Cleaning CT $ctid ===" # Stop the container pct stop $ctid # Mount its filesystem pct mount $ctid # Delete malware directories and files rm -rf /var/lib/lxc/$ctid/rootfs/root/.configrc7 rm -f /var/lib/lxc/$ctid/rootfs/tmp/.kswapd00 rm -f /var/lib/lxc/$ctid/rootfs/tmp/.X291-unix rm -f /var/lib/lxc/$ctid/rootfs/var/spool/cron/crontabs/root # Unmount pct unmount $ctid # Start the container pct start $ctid # Kill any remaining malware process inside pct exec $ctid -- pkill -9 kauditd0 2>/dev/null pct exec $ctid -- pkill -9 kswapd00 2>/dev/null echo "=== CT $ctid cleaned ===" done } # - - # # - VerifyContainers_ - # function VerifyContainers_(){ for ctid in 100 105 110 120 130 161 170 172 190 192 193 194 250; do echo "=== CT $ctid ===" pct exec $ctid -- ps aux | grep -E "kauditd|kswapd|configrc|\.9QTx" | grep -v grep || echo "Clean" done } # - - # # - CheckRemainingFiles_ - # function CheckRemainingFiles_(){ for ctid in 100 105 110 120 130 161 170 172 190 192 193 194 250; do echo "=== CT $ctid ===" pct exec $ctid -- ls -la /root/.configrc7 /tmp/.kswapd00 2>/dev/null || echo "No malware files" done } # - - # # - CheckSuspiciousProcesses_ - # function CheckSuspiciousProcesses_(){ for ctid in 100 105 110 120 130 161 170 172 190 192 193 194 250; do echo "=== CT $ctid ===" pct exec $ctid -- ps aux | grep -E "kauditd|kswapd|configrc|\.9QTx" | grep -v grep || echo "Clean" done } # - - # # - CheckLeftoverMalware_ - # function CheckLeftoverMalware_(){ for ctid in 100 105 110 120 130 161 170 172 190 192 193 194 250; do echo "=== CT $ctid ===" pct exec $ctid -- ls -la /root/.configrc7 /tmp/.kswapd00 /tmp/.X291-unix 2>/dev/null || echo "No malware files" done } # - - # # - UpdateCleanContainers_ - # function UpdateCleanContainers_(){ for ctid in 100 105 110 120 130 161 170 172 190 192 193 194 250; do echo "=== Updating CT $ctid ===" pct exec $ctid -- apt update && apt upgrade -y done } # - - # # - RebootContainers_ - # function RebootContainers_(){ for ctid in 100 105 110 120 130 161 170 172 190 192 193 194 250; do pct reboot $ctid done } # - - # # - CreateCronJobMonitoring_ - # function CreateCronJobMonitoring_(){ cat << 'EOF' > /etc/cron.daily/check-malware-containers #!/bin/bash LOG="/var/log/malware-check.log" for ctid in 100 105 110 120 130 161 170 172 190 192 193 194 250; do if pct status $ctid | grep -q running; then pct exec $ctid -- ps aux | grep -E "kauditd|kswapd|configrc|\.9QTx" | grep -v grep >> $LOG pct exec $ctid -- ls -la /root/.configrc7 /tmp/.kswapd00 2>/dev/null >> $LOG fi done EOF chmod +x /etc/cron.daily/check-malware-containers } # - - # # - Create & configure cron job monitoring - # crontab -e; # Run @ 2:30 am 30 2 * * * /etc/cron.daily/check-malware-containers # Run @ every hour 0 * * * * /etc/cron.daily/check-malware-containers # - - # # - List crontab - # crontab -l; # - - # # - To see if cron.daily is already set up - # grep -r cron.daily /etc/crontab /etc/cron.d/* 2>/dev/null; # - - # # - But by default, Debian/Proxmox systems run cron.daily via /etc/crontab - # cat /etc/crontab; # - - # # - Be sure the ssh keys are already configure before this step - # # - - # # - Configuring ssh - # sudo vim /etc/ssh/sshd_config; PermitRootLogin prohibit-password # root allowed only with keys PasswordAuthentication no # no passwords for any user PubkeyAuthentication yes # ensure keys are enabled (default) # - - # # - Restart ssh service - # sudo systemctl restart sshd; # - - # # - Create_sshd_config_ - # function Create_sshd_config_(){ <<'comment' ssh root@192.168.1.100 # - /etc/ssh/sshd_config file - # comment cat << 'EOF' > /etc/ssh/sshd_config; # - - # # - Configured - # # - - # Include /etc/ssh/sshd_config.d/*.conf #Port 22 Port 1971 AddressFamily inet # IPV4 #ListenAddress 0.0.0.0 #ListenAddress :: # - Authentication - # PermitRootLogin prohibit-password # root allowed only with keys PasswordAuthentication no # no passwords for any user PubkeyAuthentication yes # ensure keys are enabled (default) PermitEmptyPasswords no # no empty passwords allow KbdInteractiveAuthentication no UsePAM yes X11Forwarding yes PrintMotd no # - Allow client to pass locale environment variables - # AcceptEnv LANG LC_* # - override default of no subsystems - # Subsystem sftp /usr/lib/openssh/sftp-server EOF # - - # # - Restart sshd service - # sudo systemctl restart sshd; # - - # # - Show sshd_config file - # cat /etc/ssh/sshd_config; } # - - # # - ProxmoxIS_Rsync_HPDesktopZorinOS_ - # function ProxmoxIS_Rsync_HPDesktopZorinOS_(){ <<'comment' # - - # # - ssh as root into ProxmoxIS to run the rsync command - # ssh root@192.168.1.15 --dry-run comment rsync -avvhP --mkpath --partial --progress \ /OSs/OSs-Backup/dump \ is_derayo@192.168.1.104:/DataBtrfs/Images/Backup/ProxmoxVE-IS/OSs-Backup/; } # - - # # - ProxmoxIS_Rsync_HPDesktopZorinOS_ - # function ProxmoxIS_Rsync_HPDesktopZorinOS_(){ <<'comment' # - - # # - ssh as root into ProxmoxIS to run the rsync command - # ssh root@192.168.1.15 --dry-run comment rsync -avvhP --mkpath --partial --progress \ /OSs/OSs-Backup/dump \ is_derayo@192.168.1.104:/DataBtrfs/Images/Backup/ProxmoxVE-IS/OSs-Backup/; } # - - # # - ProxmoxMini_Rsync_HPDesktopZorinOS_ - # function ProxmoxMini_Rsync_HPDesktopZorinOS_(){ <<'comment' # - - # # - ssh as root into ProxmoxIS to run the rsync command - # ssh root@192.168.1.16 --dry-run comment rsync -avvhP --mkpath --partial --progress \ /DataPool/OSs/dump \ is_derayo@192.168.1.104:/DataBtrfs/Images/BackupVE-IS/OSs-Backup/; } # - - # # - ProxmoxMini_Rsync_HPDesktopZorinOS_ - # function ProxmoxMini_Rsync_ProxmoxMiniBackup-Dump_(){ <<'comment' # - - # # - ssh as root into ProxmoxIS to run the rsync command - # ssh root@192.168.1.16 --dry-run comment rsync -avvhP --mkpath --partial --progress \ /DataPool/OSs/dump \ /Data/Backup/ProxmoxMiniBackup/dump/Images/Backup/ProxmoxMini-Backup/dump/; } # - - # # - HPDesktopZorinOS_rSync_HPLaptopProxmoxIS_ - # function HPDesktopZorinOS_rSync_HPLaptopProxmoxIS_(){ <<'comment' # - - # # - ssh as root into HPLaptopProxmoxIS to run the rsync command - # ssh root@192.168.1.15 --dry-run --exclude='vzdump-qemu-222*' comment rsync -avvhP --mkpath --partial --progress --exclude='vzdump-qemu-222*' \ /DataBtrfs/Images/Backup/HPLaptopProxmoxIS/OSs-Backup/dump \ root@192.168.1.15:/ISOs/ISOs-Backup/; ssh root@192.168.1.15 "sudo chown -R root:root /ISOs/ISOs-Backup/*;"; } # - eof - #