su - |
apt-get -y update apt-get -y upgrade |
apt-get -y install wget sudo vim unzip gzip rsync sysstat cifs-utils nmap tcpdump tmux virt-what chrony smbclient ufw curl net-tools nload fontconfig |
VIM detects the mouse, and copy pasting between two terminal windows is annoying because of this. Disable this as follows for root and jtel:
cat << EOFF >> ~/.vimrc set mouse-=a EOFF cp ~/.vimrc /home/jtel chown jtel:jtel /home/jtel/.vimrc |
The following command adds the jtel user to the sudo group:
adduser jtel sudo |
Sometimes the command will not work. Try adding "sudo" to the beginning:
sudo adduser jtel sudo |
First of all, stop ufw logging to the default syslog destination (/var/log/messages).
sed -i -e "s/^#\& stop/\& stop/" /etc/rsyslog.d/20-ufw.conf systemctl restart rsyslog |
From Debian 11.5 and later the base config under /etc/rsyslog.d/20-ufw.conf is correct and logs into /var/log/ufw.log . No additional settings must be made to the configuration file. |
The following commands enable the firewall and allow ssh.
ufw --force reset ufw --force default deny incoming ufw --force default allow outgoing ufw allow ssh ufw --force enable |
The following commands install chrony and modify the basic chrony.conf file to remove usage of the default pool and any configured servers, and replace this with the 3 (very reliable) time servers from the German PTB.
# Replace all existing servers sed -i -e "s/^server /# server /" /etc/chrony/chrony.conf # Replace pool setting sed -i -e "s/^pool /# pool /" /etc/chrony/chrony.conf # Add PTB Servers cat << EOFF >> /etc/chrony/chrony.conf # Servers to use server ptbtime1.ptb.de iburst server ptbtime2.ptb.de iburst server ptbtime3.ptb.de iburst EOFF # Disable timesyncd daemon systemctl disable systemd-timesyncd # Enable Chrony systemctl enable chrony # Stop (just in case it was started), then start and get status systemctl stop chrony systemctl start chrony |
systemctl status chrony chronyc sources |
The following script does the following:
# root user cat <<'EOFF' >> ~/.bashrc [ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" alias git='printf "It looks like you are trying to run GIT as ROOT.\nFor jtel installations, GIT should always be run from the jtel user.\nIf you really want to run git as root, you will need to access it directly, using /usr/bin/git for example.\n"' EOFF source ~/.bashrc # jtel user cat <<'EOFF' >> /home/jtel/.bashrc [ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" EOFF |
# Enable stats sed -i 's/ENABLED="false"/ENABLED="true"/g' /etc/default/sysstat systemctl enable sysstat # Restart sysstat daemon systemctl stop sysstat systemctl start sysstat |
# Enable stats sed -i 's/ENABLED="false"/ENABLED="true"/g' /etc/default/sysstat systemctl enable sysstat # Restart sysstat daemon systemctl stop sysstat systemctl start sysstat |
In early versions of Debian 11 Buster, a setting must be made in the configuration file /lib/systemd/system/anacron.timer and the deamon/service must be reloaded. Otherwise, the daily cron jobs will run at the default value, which is <07..23:30> This problem has not been seen after Debian 11.4.
|
virt-what |
The tools are installed as follows:
apt-get -y install open-vm-tools |
Hyper-V
The tools are installed as follows:
apt-get -y install hyperv-daemons |
KVM
The tools are installed as follows:
apt-get -y install qemu-guest-agent |
Other Hypervisors
Consult the manufacturer for further detals.
Reboot to load the new kernel if one was downloaded and make sure the guest tools are running OK.
If a proxy server is used, the following commands will configure the proxy server for root and the jtel user.
The top 5 lines should be modified.
PROXY_USERNAME= PROXY_PASSWORD= PROXY_SERVER=proxy.example.de PROXY_PORT=3128 PROXY_EXCEPTIONS=.example.de,.local,10. if [ -n "$PROXY_USERNAME" ] && [ -n "$PROXY_PASSWORD" ] then PROXY="http://$USERNAME:$PASSWORD@$PROXY_SERVER:$PROXY_PORT" elif [ -n "$PROXY_USERNAME" ] then PROXY="http://$USERNAME@$PROXY_SERVER:$PROXY_PORT" else PROXY="http://$PROXY_SERVER:$PROXY_PORT" fi cat <<EOFF >> ~/.bashrc export ALL_PROXY=$PROXY export HTTP_PROXY=$PROXY export HTTPS_PROXY=$PROXY export FTP_PROXY=$PROXY export RSYNC_PROXY=$PROXY export http_proxy=$PROXY export https_proxy=$PROXY export ftp_proxy=$PROXY export rsync_proxy=$PROXY export NO_PROXY=$PROXY_EXCEPTIONS EOFF cat <<EOFF >> /home/jtel/.bashrc export ALL_PROXY=$PROXY export HTTP_PROXY=$PROXY export HTTPS_PROXY=$PROXY export FTP_PROXY=$PROXY export RSYNC_PROXY=$PROXY export http_proxy=$PROXY export https_proxy=$PROXY export ftp_proxy=$PROXY export rsync_proxy=$PROXY export NO_PROXY=$PROXY_EXCEPTIONS EOFF source ~/.bashrc |