This repository provides a Hashicorp packer template to generate images for:
- Vagrant
- Virtualbox
- Libvirt
- AWS EC2
- Microsoft Azure
The Proxmox Mail Gateway 7.3 will get installed. For the Vagrant builds it uses the official ISO:
- ISO: Proxmox Mail Gateway 7.3 ISO Installer
- Sha256: 9085684327fc36d8006b7160d34733e916300a0ad6bf498ea83cfb901fc2d9d4
The images for AWS and Azure are based on the official cloud images from Debian:
It's necessary to clone and initialize this repo:
user@laptop:~$ git clone git@github.com:jloehel/pmg-packer-image.git
user@laptop:~$ cd pmg-packer-image
user@laptop:~$ packer init
user@laptop:~$ packer fmt .
user@laptop:~$ packer validate .
To increase the verbosity of the packer output please set the
variable PACKER_LOG
to 1
like this:
user@laptop:~$ PACKER_LOG=1 packer ...
The build is based on the official ISO from Proxmox.
user@laptop:~$ packer build -force -only virtualbox-iso.vagrant .
The build is based on the official ISO from Proxmox.
user@laptop:~$ packer build -force -only qemu.vagrant .
The build is based on the official Debian Cloud image for EC2.
The standard user for the EC2 image is admin
. Please set the
username and password variable for the build:
user@laptop:~$ packer build -force -only qemu.ec2 \
-var 'ssh_username=admin' \
-var 'ssh_password=<password>' .
Packer will set the specified password automatically via cloud-init for the user.
The build is based on the official Debian Cloud image for Azure.
The standard user for the Azure image is debian
. Please set the
username and password variable for the build:
user@laptop:~$ packer build -only qemu.azure \
-var 'ssh_username=debian' \
-var 'ssh_password=<password>' .
Packer will set the specified password automatically via cloud-init for the user.
The cloud images for Azure and Amazon EC2 consider the hardening hints from killmasta93.
The DCC (Distributed Checksum Clearinghouses) interface daemon gets installed. It gets installed as a systemd service:
user@laptop:~$ sudo systemctl status dcc
The checks will be performed by SpamAssassin.
The digests of the messages get checked against pyzor via SpamAssassin.
The hardening script will install the ClamAV Unofficial Sigs from extremeshok. It's necessary to activate your accounts for:
- malwareexpert
- malwarepatrol
after deploying the image.
The hardening provisioner adds some additional jails for the postfix instance.
TODO
The repository includes also some basic terraform templates for libvirtd, Azure and AWS.