jult/handy.txt

## handy.txt


apt install rsyslog curl wget mc gpg htop multitail chrony nginx php-fpm rsync php-sqlite3 dnsutils unzip libio-socket-ssl-perl libcrypt-ssleay-perl git perl iptables libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl ipset libwww-perl lsb-release  bash debhelper apt-transport-https rsync ssh openssh-server git autoconf automake libtool build-essential flex bison software-properties-common dirmngr sudo

curl -sSL https://install.pi-hole.net | bash

apt install unbound

wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints

ss -lnptu | grep 53

systemctl disable systemd-resolved --now

systemctl restart chrony
# chronyc sources
# chronyc tracking
# chronyc sourcestats
# chronyc makestep


echo 'deb http://download.opensuse.org/repositories/home:/stelas/Debian_11/ /' | sudo tee /etc/apt/sources.list.d/home:stelas.list
curl -fsSL https://download.opensuse.org/repositories/home:stelas/Debian_11/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stelas.gpg > /dev/null
apt install gclog
journalctl -t gclog

I got gclog starting at boot using a homemade systemd service calling a shell script
(this is handy info for all of us wanting to boot an old init.d script or any other standalone executable that needs to run separate from systemd using its own startup routines) ;
https://github.com/stelas/GCLog/issues/5#issuecomment-1670332493

systemctl status unbound

pihole restartdns
pihole -t

openssl dhparam -dsaparam -out /etc/ssl/dh4096.pem 4096

nginx -t
nginx -s reload

update-grub

/etc/init.d/gclogd start

dmesg
lsmod
lsusb

wget -qO - http://www.webmin.com/jcameron-key.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/jcameron-key.gpg
sh -c 'echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list'

apt update -y && apt upgrade -y && apt autoclean -y && apt autoremove -y

apt install webmin

wget http://download.configserver.com/csf.tgz
tar -xvzf csf.tgz
cd csf
bash install.sh

./csftest.pl
csf -e
csf -ra

rm -f /etc/apparmor.d/force-complain/usr.sbin.unbound
apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.unbound

- Move out Bluetooth and other unused crap:


touch /etc/modprobe.d/blacklist.conf
lspci -v
update-initramfs -u

apt purge apparmor


- traceroute on linux;
allow outgoing UDP ports 33434:33523

- stuff to run at startup, replacing rc.local with the systemd can of worms;

# touch /lib/systemd/system/startup.service

content:

[Unit]
Description=Startup Script

[Service]
ExecStart=/path_to_your/startup.sh

[Install]
WantedBy=multi-user.target

# systemctl enable startup.service --now


- the times cronjobs were failing in my 30 years managing linux are so numerous, I don't get why they still use syslog by default, so uncomment;

cron.*                          /var/log/cron.log

in /etc/rsyslog.conf !

and then in /etc/default/cron do:

EXTRA_OPTS="-L 0"

and then # systemctl restart rsyslog cron



	apt install rsyslog curl wget mc gpg htop multitail chrony nginx php-fpm rsync php-sqlite3 dnsutils unzip libio-socket-ssl-perl libcrypt-ssleay-perl git perl iptables libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl ipset libwww-perl lsb-release bash debhelper apt-transport-https rsync ssh openssh-server git autoconf automake libtool build-essential flex bison software-properties-common dirmngr sudo

	curl -sSL https://install.pi-hole.net \| bash

	apt install unbound

	wget https://www.internic.net/domain/named.root -qO- \| sudo tee /var/lib/unbound/root.hints

	ss -lnptu \| grep 53

	systemctl disable systemd-resolved --now

	systemctl restart chrony
	# chronyc sources
	# chronyc tracking
	# chronyc sourcestats
	# chronyc makestep


	echo 'deb http://download.opensuse.org/repositories/home:/stelas/Debian_11/ /' \| sudo tee /etc/apt/sources.list.d/home:stelas.list
	curl -fsSL https://download.opensuse.org/repositories/home:stelas/Debian_11/Release.key \| gpg --dearmor \| sudo tee /etc/apt/trusted.gpg.d/home_stelas.gpg > /dev/null
	apt install gclog
	journalctl -t gclog

	I got gclog starting at boot using a homemade systemd service calling a shell script
	(this is handy info for all of us wanting to boot an old init.d script or any other standalone executable that needs to run separate from systemd using its own startup routines) ;
	https://github.com/stelas/GCLog/issues/5#issuecomment-1670332493

	systemctl status unbound

	pihole restartdns
	pihole -t

	openssl dhparam -dsaparam -out /etc/ssl/dh4096.pem 4096

	nginx -t
	nginx -s reload

	update-grub

	/etc/init.d/gclogd start

	dmesg
	lsmod
	lsusb

	wget -qO - http://www.webmin.com/jcameron-key.asc \| gpg --dearmor > /etc/apt/trusted.gpg.d/jcameron-key.gpg
	sh -c 'echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list'

	apt update -y && apt upgrade -y && apt autoclean -y && apt autoremove -y

	apt install webmin

	wget http://download.configserver.com/csf.tgz
	tar -xvzf csf.tgz
	cd csf
	bash install.sh

	./csftest.pl
	csf -e
	csf -ra

	rm -f /etc/apparmor.d/force-complain/usr.sbin.unbound
	apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.unbound

	- Move out Bluetooth and other unused crap:


	touch /etc/modprobe.d/blacklist.conf
	lspci -v
	update-initramfs -u

	apt purge apparmor






	- traceroute on linux;
	allow outgoing UDP ports 33434:33523

	- stuff to run at startup, replacing rc.local with the systemd can of worms;

	# touch /lib/systemd/system/startup.service

	content:

	[Unit]
	Description=Startup Script

	[Service]
	ExecStart=/path_to_your/startup.sh

	[Install]
	WantedBy=multi-user.target

	# systemctl enable startup.service --now


	- the times cronjobs were failing in my 30 years managing linux are so numerous, I don't get why they still use syslog by default, so uncomment;

	cron.* /var/log/cron.log

	in /etc/rsyslog.conf !

	and then in /etc/default/cron do:

	EXTRA_OPTS="-L 0"

	and then # systemctl restart rsyslog cron