You are here: Home / Debian GNU/Linux / System / Setup / Additions to a fresh Debian GNU/Linux install

Additions to a fresh Debian GNU/Linux install

by Pierre-Yves Landuré last modified Nov 08, 2017 03:09

This howto helps to add some security and usability features to the default Debian setup.

This howto is tested on :

  • Debian 5.0 Lenny
  • Debian 6.0 Squeeze
  • Debian 7.0 Wheezy

Prerequisites

This howto needs you to be authenticated as root super-user :

command su -

Parameters

Provide the sysadmin e-mail address :

ROOT_EMAIL="account@gmail.com"

Minimal configuration

System's E-mails

The root account receive most of the system notifications (when problem occurs for example). These e-mails help the system administrator to keep the system stable.

Install the Exim 4 SMTP server :

command apt-get install exim4

Initialize the server email domain :

command hostname --fqdn > '/etc/mailname'

Setup the SMTP server to send emails directly (direct Internet connection) :

command sed -i \
-e "s|dc_eximconfig_configtype=.*\$|dc_eximconfig_configtype='internet'|" \ -e "s|dc_other_hostnames=.*\$|dc_other_hostnames='$(command hostname --fqdn)'|" \
-e "s|dc_use_split_config=.*\$|dc_use_split_config='true'|" \
'/etc/exim4/update-exim4.conf.conf'

Update the SMTP server configuration :

command update-exim4.conf
/etc/init.d/exim4 restart

Transfer the root account e-mails to the given e-mail account :

command sed -i \
-e "s/^\\(root:\\).*\$/\\1 ${ROOT_EMAIL}/" \ '/etc/aliases'

Reload the aliases list (Exim 4 only) :

if [ -n "$(command which newaliases)" ]; then
command newaliases
fi

APT repositories

Disable the CDROM apt source in order to download all packages from Internet :

command sed -i -e 's/^\(deb cdrom\)/#\1/' '/etc/apt/sources.list'

Update the available packages list :

command apt-get update

Time synchronization

Install the Internet time synchronization tools :

command apt-get install ntp ntpdate

Run the first synchronization :

command ntpdate fr.pool.ntp.org

The ntp daemon keep the system time synchronized.

Command line colorization

Enable the ls command output colorization :

command cp '/etc/skel/.bashrc' "${HOME}"
command sed -i -e 's/^# \(.*\(LS_OPTIONS\|dircolors\).*\)$/\1/' "${HOME}/.bashrc"

The changes will be visible after next login.

Text editor

A Unix sysadmin make heavy use of a text editor. It need a tool that fits its needs. For example : Vim.

Install the Vim text editor :

command apt-get install 'vim'

If you wish, adapt the editor configuration :

command echo "set list
set number
set expandtab
set tabstop=2
set softtabstop=2
set shiftwidth=2
set nobackup
set encoding=utf-8
set fileencoding=utf-8
syn on" >> "${HOME}/.vimrc"

Setup vim as system default editor:

command update-alternatives --set 'editor' "$(command -v 'vim.basic')"

Note: use this for learning vim usage:

command vimtutor

Server configuration

Remote access

Install the Secure SHell server:

command apt-get install openssh-server fail2ban

    Protect the server by following the article Harden SSH access security on Debian.

    Logs watch

    Install logwatch to analyse system logs. This software send daily reports to root account :

    command apt-get install logwatch libdate-manip-perl

    Security and backups

    Enhance the system security :

    Setup backups :

    References

    These books can help you: