Change to root
Update
apt-get -y update
apt-get -y upgrade |
Install Packages
apt-get -y install sudo vim unzip rsync sysstat cifs-utils nmap tcpdump tmux virt-what chrony smbclient ufw curl net-tools nload |
Configure VIM
VIM detects the mouse, and copy pasting between two terminal windows is annoying because of this. Disable this as follows for root and jtel:
cat << EOFF >> ~/.vimrc
set mouse-=a
EOFF
cp ~/.vimrc /home/jtel
chown jtel:jtel /home/jtel/.vimrc |
Configure Sudo for jtel User
The following command adds the jtel user to the sudo group:
Sometimes the command will not work. Try adding "sudo" to the beginning:
Setup the Firewall
Debian
First of all, stop ufw logging to the default syslog destination (/var/log/messages).
sed -i -e "s/^#\& stop/\& stop/" /etc/rsyslog.d/20-ufw.conf
systemctl restart rsyslog |
The following commands enable the firewall and allow ssh.
ufw --force reset
ufw --force default deny incoming
ufw --force default allow outgoing
ufw allow ssh
ufw --force enable |
Setup chrony
The following commands install chrony and modify the basic chrony.conf file to remove usage of the default pool and any configured servers, and replace this with the 3 (very reliable) time servers from the German PTB.
# Replace all existing servers
sed -i -e "s/^server /# server /" /etc/chrony/chrony.conf
# Replace pool setting
sed -i -e "s/^pool /# pool /" /etc/chrony/chrony.conf
# Add PTB Servers
cat << EOFF >> /etc/chrony/chrony.conf
# Servers to use
server ptbtime1.ptb.de iburst
server ptbtime2.ptb.de iburst
server ptbtime3.ptb.de iburst
EOFF
# Enable Chrony
systemctl enable chrony
# Stop (just in case it was started), then start and get status
systemctl stop chrony
systemctl start chrony |
Check chrony
systemctl status chrony
chronyc sources |
Bash Settings
The following script does the following:
- Setup a warning when using git as root (on root only)
- Allow for less on zipped files
# root user
cat <<'EOFF' >> ~/.bashrc
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
alias git='printf "It looks like you are trying to run GIT as ROOT.\nFor jtel installations, GIT should always be run from the jtel user.\nIf you really want to run git as root, you will need to access it directly, using /usr/bin/git for example.\n"'
EOFF
source ~/.bashrc
# jtel user
cat <<'EOFF' >> /home/jtel/.bashrc
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
EOFF |
Enable sar
Debian 9
# Enable stats
sed -i 's/ENABLED="false"/ENABLED="true"/g' /etc/default/sysstat
# Restart sysstat daemon
service sysstat restart |
Debian 10+
# Enable stats
sed -i 's/ENABLED="false"/ENABLED="true"/g' /etc/default/sysstat
# Restart sysstat daemon
systemctl restart sysstat |
Configure Cron - Debian 11
In Debian 11 Buster, a setting must be made in the configuration file /lib/systemd/system/anacron.timer and the deamon/service must be reloaded. Otherwise, the daily cron jobs will run at the default value, which is <07..23:30> vi /lib/systemd/system/anacron.timer
<OnCalendar=*-*-* 04..23:30>
systemctl daemon-reload
systemctl restart anacron.timer
systemctl status anacron.timer
|
This only needs to be done on systems where anacron is installed. If the File in /lib/systemd/system/anacron.timer does not exist, then there is no anacron and this step can be ignored. In that case, check the default values of cron.d under /etc/crontab |
|
Detect the Hypervisor
VMWare
The tools are installed as follows:
apt-get -y install open-vm-tools |
Hyper-V
The tools are installed as follows:
apt-get -y install hyperv-daemons |
KVM
The tools are installed as follows:
apt-get -y install qemu-guest-agent |
Other Hypervisors
Consult the manufacturer for further detals.
Reboot
Reboot to load the new kernel if one was downloaded and make sure the guest tools are running OK.
Proxy Server
Proxy Server
If a proxy server is used, the following commands will configure the proxy server for root and the jtel user.
The top 5 lines should be modified.
PROXY_USERNAME=
PROXY_PASSWORD=
PROXY_SERVER=proxy.example.de
PROXY_PORT=3128
PROXY_EXCEPTIONS=.example.de,.local,10.
if [ -n "$PROXY_USERNAME" ] && [ -n "$PROXY_PASSWORD" ]
then
PROXY="http://$USERNAME:$PASSWORD@$PROXY_SERVER:$PROXY_PORT"
elif [ -n "$PROXY_USERNAME" ]
then
PROXY="http://$USERNAME@$PROXY_SERVER:$PROXY_PORT"
else
PROXY="http://$PROXY_SERVER:$PROXY_PORT"
fi
cat <<EOFF >> ~/.bashrc
export ALL_PROXY=$PROXY
export HTTP_PROXY=$PROXY
export HTTPS_PROXY=$PROXY
export FTP_PROXY=$PROXY
export RSYNC_PROXY=$PROXY
export http_proxy=$PROXY
export https_proxy=$PROXY
export ftp_proxy=$PROXY
export rsync_proxy=$PROXY
export NO_PROXY=$PROXY_EXCEPTIONS
EOFF
cat <<EOFF >> /home/jtel/.bashrc
export ALL_PROXY=$PROXY
export HTTP_PROXY=$PROXY
export HTTPS_PROXY=$PROXY
export FTP_PROXY=$PROXY
export RSYNC_PROXY=$PROXY
export http_proxy=$PROXY
export https_proxy=$PROXY
export ftp_proxy=$PROXY
export rsync_proxy=$PROXY
export NO_PROXY=$PROXY_EXCEPTIONS
EOFF
source ~/.bashrc |