Change to root

su -

Update

apt-get -y update
apt-get -y upgrade

Install Packages

apt-get -y install wget sudo vim unzip gzip rsync sysstat cifs-utils nmap tcpdump tmux virt-what chrony smbclient ufw curl net-tools nload fontconfig ripgrep

Configure VIM

VIM detects the mouse, and copy pasting between two terminal windows is annoying because of this. Disable this as follows for root and jtel:

cat << EOFF >> ~/.vimrc
set mouse-=a
EOFF

cp ~/.vimrc /home/jtel
chown jtel:jtel /home/jtel/.vimrc

Configure Sudo for jtel User

The following command adds the jtel user to the sudo group:

adduser jtel sudo

Sometimes the command will not work. Try adding "sudo" to the beginning:

sudo adduser jtel sudo


Setup the Firewall

Until Debian 11.5

First of all, stop ufw logging to the default syslog destination (/var/log/messages).

sed -i -e "s/^#\& stop/\& stop/" /etc/rsyslog.d/20-ufw.conf
systemctl restart rsyslog

Debian 11.5 and later

From Debian 11.5 and later the base config under /etc/rsyslog.d/20-ufw.conf is correct and logs into /var/log/ufw.log . No additional settings must be made to the configuration file.

The following commands enable the firewall and allow ssh.

ufw --force reset
ufw --force default deny incoming
ufw --force default allow outgoing
ufw allow ssh
ufw --force enable

Setup chrony

The following commands install chrony and modify the basic chrony.conf file to remove usage of the default pool and any configured servers, and replace this with the 3 (very reliable) time servers from the German PTB.

# Replace all existing servers
sed -i -e "s/^server /# server /" /etc/chrony/chrony.conf
# Replace pool setting
sed -i -e "s/^pool /# pool /" /etc/chrony/chrony.conf
# Add PTB Servers
cat << EOFF >> /etc/chrony/chrony.conf

# Servers to use
server ptbtime1.ptb.de iburst
server ptbtime2.ptb.de iburst
server ptbtime3.ptb.de iburst
EOFF

# Disable timesyncd daemon
systemctl disable systemd-timesyncd

# Enable Chrony
systemctl enable chrony

# Stop (just in case it was started), then start and get status
systemctl stop chrony
systemctl start chrony

Check chrony

systemctl status chrony
chronyc sources

Bash Settings

The following script does the following:

  • Setup a warning when using git as root (on root only)
  • Allow for less on zipped files
# root user
cat <<'EOFF' >> ~/.bashrc
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
alias git='printf "It looks like you are trying to run GIT as ROOT.\nFor jtel installations, GIT should always be run from the jtel user.\nIf you really want to run git as root, you will need to access it directly, using /usr/bin/git for example.\n"'
EOFF
source ~/.bashrc

# jtel user
cat <<'EOFF' >> /home/jtel/.bashrc
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
EOFF

Enable sar

Debian 9

# Enable stats
sed -i 's/ENABLED="false"/ENABLED="true"/g' /etc/default/sysstat
systemctl enable sysstat

# Restart sysstat daemon
systemctl stop sysstat
systemctl start sysstat

Debian 10+

# Enable stats
sed -i 's/ENABLED="false"/ENABLED="true"/g' /etc/default/sysstat
systemctl enable sysstat

# Restart sysstat daemon
systemctl stop sysstat
systemctl start sysstat

Configure Cron - Debian 11

Caution - Debian 11

In early versions of Debian 11 Buster, a setting must be made in the configuration file /lib/systemd/system/anacron.timer and the deamon/service must be reloaded. Otherwise, the daily cron jobs will run at the default value, which is <07..23:30>

This problem has not been seen after Debian 11.4.

# Check if exists
less /lib/systemd/system/anacron.timer
 
# Edit if exists
vi /lib/systemd/system/anacron.timer

<OnCalendar=*-*-* 04..23:30>

systemctl daemon-reload
systemctl restart anacron.timer
systemctl status anacron.timer

This only needs to be done on systems where anacron is installed. If the File in /lib/systemd/system/anacron.timer does not exist, then there is no anacron and this step can be ignored.

In that case, check the default values of cron.d under /etc/crontab

Detect the Hypervisor

virt-what

VMWare

The tools are installed as follows:

apt-get -y install open-vm-tools

Hyper-V

The tools are installed as follows:

apt-get -y install hyperv-daemons

KVM

The tools are installed as follows:

apt-get -y install qemu-guest-agent

Other Hypervisors

Consult the manufacturer for further detals.

Reboot

Reboot to load the new kernel if one was downloaded and make sure the guest tools are running OK.

Proxy Server

Proxy Server

If a proxy server is used, the following commands will configure the proxy server for root and the jtel user.

The top 5 lines should be modified.

PROXY_USERNAME=
PROXY_PASSWORD=
PROXY_SERVER=proxy.example.de
PROXY_PORT=3128
PROXY_EXCEPTIONS=.example.de,.local,10.
 
if [ -n "$PROXY_USERNAME" ] && [ -n "$PROXY_PASSWORD" ]
then
    PROXY="http://$USERNAME:$PASSWORD@$PROXY_SERVER:$PROXY_PORT"
elif [ -n "$PROXY_USERNAME" ]
then
    PROXY="http://$USERNAME@$PROXY_SERVER:$PROXY_PORT"
else
    PROXY="http://$PROXY_SERVER:$PROXY_PORT"
fi
 
cat <<EOFF >> ~/.bashrc
export ALL_PROXY=$PROXY
export HTTP_PROXY=$PROXY
export HTTPS_PROXY=$PROXY
export FTP_PROXY=$PROXY
export RSYNC_PROXY=$PROXY
export http_proxy=$PROXY
export https_proxy=$PROXY
export ftp_proxy=$PROXY
export rsync_proxy=$PROXY
export NO_PROXY=$PROXY_EXCEPTIONS
EOFF
 
cat <<EOFF >> /home/jtel/.bashrc
export ALL_PROXY=$PROXY
export HTTP_PROXY=$PROXY
export HTTPS_PROXY=$PROXY
export FTP_PROXY=$PROXY
export RSYNC_PROXY=$PROXY
export http_proxy=$PROXY
export https_proxy=$PROXY
export ftp_proxy=$PROXY
export rsync_proxy=$PROXY
export NO_PROXY=$PROXY_EXCEPTIONS
EOFF
 
source ~/.bashrc
  • No labels