Manuelle Installation
login to the new box
https://gist.github.com/stereosupersonic/43367f3934b6de2354779aa1744b4fcc
sudo apt-get update -yqq && sudo apt-get upgrade -yqq
sudo apt install -y vim htop build-essential curl git mc
sudo apt install -y ncdu # Show disk usage
sudo apt install -y mtr # mtr -t 8.8.8.8 # mtr is a better tool for network troubleshooting. It is faster and easier to use than original traceroute
sudo apt install -y pydf # https://github.com/garabik/pydf
sudo apt install -y hwinfo # hardware infos: sudo hwinfo --short
sudo apt install -y dnsutils # dig etc
sudo apt install -y fail2ban # Security
sudo apt install -y screen # or tmux
sudo vi /etc/hostname
sudo vi /etc/hosts
sudo service hostname restart
sudo groupadd admin
sudo adduser stereosonic --ingroup admin
sudo usermod -aG groupname username
e.g: sudo usermod -aG sudo stereosonic
sudo EDITOR=vi visudo
%admin ALL=(ALL) NOPASSWD:ALL #change to nopasswd
see https://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers
sudo apt-get install openssh-server
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original # save old config
sudo vim /etc/ssh/sshd_config
IgnoreRhosts yes
LoginGraceTime 120
PermitRootLogin no #Anmeldung für den Benutzer “root” für SSH-Verbindungen deaktiviert
PermitEmptyPasswords no
StrictModes yes
PubkeyAuthentication yes
Protocol 2
UseDNS no
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
AllowUsers stereosonic
mkdir -p ~/.ssh
chmod 0700 ~/.ssh
curl -sf https://github.com/stereosupersonic.keys > ~/.ssh/authorized_keys
chmod 0600 ~/.ssh/authorized_keys
sudo service ssh restart
sudo systemctl enable ssh # autostart
ssh-keygen -t rsa -b 4096 -C "michael@deimel.de"
cat ~/.ssh/id_rsa.pub # copy the key
# put it to github under Account > Settings > SSH and GPG Keys
testing access: ssh -T git@github.com
sudo apt-get install language-pack-de
sudo update-locale LANG=de_DE.UTF-8
sudo dpkg-reconfigure tzdata #zeitzone
sudo apt-get install ntp ntpdate
sudo ntpdate ntp.ubuntu.com # Update time
sudo update-alternatives --config editor
TODO maybe needed
my dotfiles https://github.com/stereosupersonic/dotfiles
git clone git://github.com/stereosupersonic/dotfiles ~/.dotfiles
cd ~/.dotfiles
rake install
sudo apt-get install ctags
https://rtcamp.com/tutorials/linux/ubuntu-postfix-gmail-smtp/
myhostname = raspi2
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = raspberrypi, localhost.localdomain, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
#inet_interfaces = ipv4
#google
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
inet_protocols = ipv4
echo "Test mail from postfix" | mail -s "Test Postfix" michael@deimel.de
vi /root/.forward #=> blah@postfach.de
setup logwatch http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers
apt-get install logwatch
vim /etc/cron.daily/00logwatch
/usr/sbin/logwatch --output mail --mailto debug@deimel.de --detail high
sudo logwatch --mailto debug@deimel.de --output mail --format html --range 'between -7 days and today' --detail high
sudo apt-get install unattended-upgrades
sudo vim /etc/apt/apt.conf.d/10periodic
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
vim /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
"Ubuntu lucid-security";
// "Ubuntu lucid-updates";
};
Setup alive https://github.com/stereosupersonic/alive
sudo apt-get install docker docker-compose
TODO
dpkg --get-selections
sudo netstat -tulpn