Additions to a fresh Debian GNU/Linux install

This howto is tested on :

• Debian 5.0 Lenny
• Debian 6.0 Squeeze
• Debian 7.0 Wheezy

Prerequisites

This howto needs you to be authenticated as root super-user :

command su -

Parameters

Provide the sysadmin e-mail address :

ROOT_EMAIL="account@gmail.com"

Minimal configuration

System's E-mails

The root account receive most of the system notifications (when problem occurs for example). These e-mails help the system administrator to keep the system stable.

Install the Exim 4 SMTP server :

command apt-get install exim4

Initialize the server email domain :

command hostname --fqdn > '/etc/mailname'

Setup the SMTP server to send emails directly (direct Internet connection) :

command sed -i \
    -e "s|dc_eximconfig_configtype=.*\$|dc_eximconfig_configtype='internet'|" \
    -e "s|dc_other_hostnames=.*\$|dc_other_hostnames='$(command hostname --fqdn)'|" \
    -e "s|dc_use_split_config=.*\$|dc_use_split_config='true'|" \
  '/etc/exim4/update-exim4.conf.conf'

Update the SMTP server configuration :

command update-exim4.conf
/etc/init.d/exim4 restart

Transfer the root account e-mails to the given e-mail account :

command sed -i \
            -e "s/^\\(root:\\).*\$/\\1 ${ROOT_EMAIL}/" \
        '/etc/aliases'

Reload the aliases list (Exim 4 only) :

if [ -n "$(command which newaliases)" ]; then
  command newaliases
fi

APT repositories

Disable the CDROM apt source in order to download all packages from Internet :

command sed -i -e 's/^\(deb cdrom\)/#\1/' '/etc/apt/sources.list'

Update the available packages list :

command apt-get update

Time synchronization

Install the Internet time synchronization tools :

command apt-get install ntp ntpdate

Run the first synchronization :

command ntpdate fr.pool.ntp.org

The ntp daemon keep the system time synchronized.

Command line colorization

Enable the ls command output colorization :

command cp '/etc/skel/.bashrc' "${HOME}"
command sed -i -e 's/^# \(.*\(LS_OPTIONS\|dircolors\).*\)$/\1/' "${HOME}/.bashrc"

The changes will be visible after next login.

Text editor

A Unix sysadmin make heavy use of a text editor. It need a tool that fits its needs. For example : Vim.

Install the Vim text editor :

command apt-get install 'vim'

If you wish, adapt the editor configuration :

command echo "set list
set number
set expandtab
set tabstop=2
set softtabstop=2
set shiftwidth=2
set nobackup
set encoding=utf-8
set fileencoding=utf-8
syn on" >> "${HOME}/.vimrc"

Setup vim as system default editor:

command update-alternatives --set 'editor' "$(command -v 'vim.basic')"

Note: use this for learning vim usage:

command vimtutor

Server configuration

Remote access

Install the Secure SHell server:

command apt-get install openssh-server fail2ban

Protect the server by following the article Harden SSH access security on Debian.

Logs watch

Install logwatch to analyse system logs. This software send daily reports to root account :

command apt-get install logwatch libdate-manip-perl

Security and backups

Enhance the system security :

• Watch for system upgrades on Debian
• Install Rootkit Hunter sur Debian
• Harden SSH access security on Debian
• Install the ClamAV anti-virus on Debian
• Secure the temporary folder on Debian

Setup backups :

• Install and setup Backup Manager on Debian

References

• Debian reference
• Debian security manual
• Some useful tools for enhenance Debian security

These books can help you:

• The Debian System: Concepts and Techniques
• Linux System Administration