Go through VM template and minimize background noise

[orjanj]

Noise is generated with the packet captures, which causes a more unreliable data set when conducting analysis.

Tasks

• [x] Disable snapd services
  • [x] snapd.socket
  • [x] snapd.service
  • [x] snapd.seeded
  • [x] snapd.snap-repair.timer
• [x] Turn off automatic date and time
• [x] Disable automatic updates through APT
• [ ] Diagonse other services using NTP/DNS
• [x] Disable IPv6 (see issue #21)

Example noise output

tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
23:37:58.611322 IP (tos 0xc0, ttl 64, id 2173, offset 0, flags [none], proto ICMP (1), length 90)
    192.168.2.1 > 192.168.2.104: ICMP 192.168.2.1 udp port 53 unreachable, length 70
    IP (tos 0x0, ttl 64, id 23659, offset 0, flags [DF], proto UDP (17), length 62)
    192.168.2.104.40982 > 192.168.2.1.53: [udp sum ok] 1670+ A? api.snapcraft.io. (34)
    0x0000:  000c 29b8 e4d8 0050 56c0 0001 0800 45c0  ..)....PV.....E.
    0x0010:  005a 087d 0000 4001 ebac c0a8 0201 c0a8  .Z.}..@.........
    0x0020:  0268 0303 82f2 0000 0000 4500 003e 5c6b  .h........E..>\k
    0x0030:  4000 4011 588a c0a8 0268 c0a8 0201 a016  @.@.X....h......
    0x0040:  0035 002a 2bca 0686 0100 0001 0000 0000  .5.*+...........
    0x0050:  0000 0361 7069 0973 6e61 7063 7261 6674  ...api.snapcraft
    0x0060:  0269 6f00 0001 0001                      .io.....
23:37:59.930274 IP (tos 0xc0, ttl 64, id 2395, offset 0, flags [none], proto ICMP (1), length 88)
    192.168.2.1 > 192.168.2.104: ICMP 192.168.2.1 udp port 53 unreachable, length 68
    IP (tos 0x0, ttl 64, id 23952, offset 0, flags [DF], proto UDP (17), length 60)
    192.168.2.104.58574 > 192.168.2.1.53: [udp sum ok] 33570+ A? ntp.ubuntu.com. (32)
    0x0000:  000c 29b8 e4d8 0050 56c0 0001 0800 45c0  ..)....PV.....E.
    0x0010:  0058 095b 0000 4001 ead0 c0a8 0201 c0a8  .X.[..@.........
    0x0020:  0268 0303 82f0 0000 0000 4500 003c 5d90  .h........E..<].
    0x0030:  4000 4011 5767 c0a8 0268 c0a8 0201 e4ce  @.@.Wg...h......
    0x0040:  0035 0028 7c0a 8322 0100 0001 0000 0000  .5.(|.."........
    0x0050:  0000 036e 7470 0675 6275 6e74 7503 636f  ...ntp.ubuntu.co
    0x0060:  6d00 0001 0001                           m.....

[orjanj]

Changed priority to critical since the parsed data sets contain more noise and makes the data set less synthetic. Commands for mitigating these issues must be implemented in a server preparation script asap.

[orjanj]

In the first draft of the preparation script, I've integrated the following;

• Disabling IPv6
• Reloading sysctl settings
• Deactivating automatic updates
• Stopping and disabling given services

These settings were the most critical to implement, and are now done.