VM for Browser

Minimal Debian VM for safe browsing

Allocate 5 GB of disk space and 2 GB of RAM for the VM. Download the Debian netinst iso and launch the installer. Upon software selecteion, unselect all groups except for system tools. Boot the machine run the following post install script as root (download script):

#!/bin/bash
apt-get update
apt-get dist-upgrade
apt-get install -y xorg openbox tint2 iceweasel vim-nox rungetty unattended-upgrades xterm sudo
apt-get purge nano
cd /etc/X11/xinit
mv xinitrc xinitrc.orig
cat > xinitrc << "EOF"
setxkbmap de
exec openbox-session
EOF
mkdir -pv /etc/systemd/system/getty@tty1.service.d/
cd /etc/systemd/system/getty@tty1.service.d/
cat > autologin.conf << "EOF"
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin user --noclear %I 38400 linux
EOF
systemctl enable getty@tty1.service
sed -i.bak 's/GRUB_TIMEOUT=.*/GRUB_TIMEOUT=0/g' /etc/default/grub
update-grub
cat >> /usr/local/bin/shutdown.sh << "EOF"
#!/bin/bash
shutdown -h now
EOF
chmod +x /usr/local/bin/shutdown.sh
echo "Now, add the following line to sudoers:"
echo "ALL ALL = NOPASSWD: /usr/local/bin/shutdown.sh"
read -p "Press enter when ready " foobar
visudo
echo "Done"

Then, log in as the regular user and run the following script (download script):

#!/bin/bash
mkdir -p ~/.config/openbox
mkdir -p $HOME/.config/openbox
cp /etc/xdg/openbox/menu.xml $HOME/.config/openbox/
cp /etc/xdg/openbox/rc.xml $HOME/.config/openbox/
cat > ~/.config/openbox/autostart << "EOF"
#!/bin/bash
tint2 &
EOF
cat >> $HOME/.bashrc << "EOF"
if [ "$TERM" == "linux" ];then
        startx
fi
EOF

Finally, edit ~/.config/openbox/menu.xml to contain the following entry:

<item label="Shutdown">
   <action name="Execute" ><execute>sudo /usr/local/bin/shutdown.sh</execute></action>
</item>

Config File for kvm script:

source $CONFIG_DIR/default
DISK_IMAGE=/home/tempdata/kvm_hds/bitbox.img
#CDROM=$HOME/installationfiles/linux/debian/debian-8.2.0-amd64-netinst.iso
VM_NAME="browser"