Change to root
su -
Update
apt-get -y update apt-get -y upgrade
Install Packages
apt-get -y install sudo vim unzip rsync sysstat cifs-utils nmap tcpdump tmux virt-what chrony smbclient ufw curl net-tools nload
Configure VIM
VIM detects the mouse, and copy pasting between two terminal windows is annoying because of this. Disable this as follows for root and jtel:
cat << EOFF >> ~/.vimrc set mouse-=a EOFF cp ~/.vimrc /home/jtel chown jtel:jtel /home/jtel/.vimrc
Configure Sudo for jtel User
The following command adds the jtel user to the sudo group:
adduser jtel sudo
Sometimes the command will not work. Try adding "sudo" to the beginning:
sudo adduser jtel sudo
Setup the Firewall
Debian
First of all, stop ufw logging to the default syslog destination (/var/log/messages).
sed -i -e "s/^#\& stop/\& stop/" /etc/rsyslog.d/20-ufw.conf systemctl restart rsyslog
The following commands enable the firewall and allow ssh.
ufw --force reset ufw --force default deny incoming ufw --force default allow outgoing ufw allow ssh ufw --force enable
Setup chrony
The following commands install chrony and modify the basic chrony.conf file to remove usage of the default pool and any configured servers, and replace this with the 3 (very reliable) time servers from the German PTB.
# Replace all existing servers sed -i -e "s/^server /# server /" /etc/chrony/chrony.conf # Replace pool setting sed -i -e "s/^pool /# pool /" /etc/chrony/chrony.conf # Add PTB Servers cat << EOFF >> /etc/chrony/chrony.conf # Servers to use server ptbtime1.ptb.de iburst server ptbtime2.ptb.de iburst server ptbtime3.ptb.de iburst EOFF # Enable Chrony systemctl enable chrony # Stop (just in case it was started), then start and get status systemctl stop chrony systemctl start chrony
Check chrony
systemctl status chrony chronyc sources
Bash Settings
The following script does the following:
- Setup a warning when using git as root (on root only)
- Allow for less on zipped files
# root user cat <<'EOFF' >> ~/.bashrc [ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" alias git='printf "It looks like you are trying to run GIT as ROOT.\nFor jtel installations, GIT should always be run from the jtel user.\nIf you really want to run git as root, you will need to access it directly, using /usr/bin/git for example.\n"' EOFF source ~/.bashrc # jtel user cat <<'EOFF' >> /home/jtel/.bashrc [ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" EOFF
Enable sar
Debian 9
# Enable stats sed -i 's/ENABLED="false"/ENABLED="true"/g' /etc/default/sysstat # Restart sysstat daemon service sysstat restart
Debian 10+
# Enable stats sed -i 's/ENABLED="false"/ENABLED="true"/g' /etc/default/sysstat # Restart sysstat daemon systemctl restart sysstat
Configure Cron - Debian 11
Caution - Debian 11
In Debian 11 Buster, a setting must be made in the configuration file /lib/systemd/system/anacron.timer and the deamon/service must be reloaded. Otherwise, the daily cron jobs will run at the default value, which is <07..23:30>
vi /lib/systemd/system/anacron.timer <OnCalendar=*-*-* 04..23:30> systemctl daemon-reload systemctl restart anacron.timer systemctl status anacron.timer
This only needs to be done on systems where anacron is installed. If the File in /lib/systemd/system/anacron.timer does not exist, then there is no anacron and this step can be ignored.
In that case, check the default values of cron.d under /etc/crontab
Detect the Hypervisor
virt-what
VMWare
The tools are installed as follows:
apt-get -y install open-vm-tools
Hyper-V
The tools are installed as follows:
apt-get -y install hyperv-daemons
KVM
The tools are installed as follows:
apt-get -y install qemu-guest-agent
Other Hypervisors
Consult the manufacturer for further detals.
Reboot
Reboot to load the new kernel if one was downloaded and make sure the guest tools are running OK.
Proxy Server
Proxy Server
If a proxy server is used, the following commands will configure the proxy server for root and the jtel user.
The top 5 lines should be modified.
PROXY_USERNAME= PROXY_PASSWORD= PROXY_SERVER=proxy.example.de PROXY_PORT=3128 PROXY_EXCEPTIONS=.example.de,.local,10. if [ -n "$PROXY_USERNAME" ] && [ -n "$PROXY_PASSWORD" ] then PROXY="http://$USERNAME:$PASSWORD@$PROXY_SERVER:$PROXY_PORT" elif [ -n "$PROXY_USERNAME" ] then PROXY="http://$USERNAME@$PROXY_SERVER:$PROXY_PORT" else PROXY="http://$PROXY_SERVER:$PROXY_PORT" fi cat <<EOFF >> ~/.bashrc export ALL_PROXY=$PROXY export HTTP_PROXY=$PROXY export HTTPS_PROXY=$PROXY export FTP_PROXY=$PROXY export RSYNC_PROXY=$PROXY export http_proxy=$PROXY export https_proxy=$PROXY export ftp_proxy=$PROXY export rsync_proxy=$PROXY export NO_PROXY=$PROXY_EXCEPTIONS EOFF cat <<EOFF >> /home/jtel/.bashrc export ALL_PROXY=$PROXY export HTTP_PROXY=$PROXY export HTTPS_PROXY=$PROXY export FTP_PROXY=$PROXY export RSYNC_PROXY=$PROXY export http_proxy=$PROXY export https_proxy=$PROXY export ftp_proxy=$PROXY export rsync_proxy=$PROXY export NO_PROXY=$PROXY_EXCEPTIONS EOFF source ~/.bashrc