Skip to content

Instantly share code, notes, and snippets.

@stereosupersonic

stereosupersonic/linux_setup.md

Last active March 30, 2021 09:21
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save stereosupersonic/4b9a2048c21349ed740f8427203819ec to your computer and use it in GitHub Desktop.
Save stereosupersonic/4b9a2048c21349ed740f8427203819ec to your computer and use it in GitHub Desktop.
Download ZIP
my linux (debian) setup
Raw
linux_setup.md

Linux setup

Manuelle Installation

login to the new box

baisc script

https://gist.github.com/stereosupersonic/43367f3934b6de2354779aa1744b4fcc

update system

sudo apt-get update -yqq && sudo apt-get upgrade -yqq

install important packages

sudo apt install -y vim htop build-essential curl git  mc 
sudo apt install -y ncdu  # Show disk usage 
sudo apt install -y mtr # mtr -t 8.8.8.8 # mtr is a better tool for network troubleshooting. It is faster and easier to use than original traceroute
sudo apt install -y pydf # https://github.com/garabik/pydf
sudo apt install -y hwinfo # hardware infos: sudo hwinfo --short
sudo apt install -y dnsutils # dig etc
sudo apt install -y fail2ban # Security
sudo apt install -y screen # or tmux

setup new hostname (optional)

sudo vi /etc/hostname

sudo vi /etc/hosts

sudo service hostname restart

setup an new user

sudo groupadd admin

sudo adduser stereosonic --ingroup admin

or add an existing user to agroup

sudo usermod -aG groupname username

e.g: sudo usermod -aG sudo stereosonic

sudoer

sudo EDITOR=vi visudo

%admin ALL=(ALL) NOPASSWD:ALL #change to nopasswd

ssh

see https://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers

sudo apt-get install openssh-server

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original # save old config

sudo vim /etc/ssh/sshd_config

defaults changes /etc/ssh/sshd_config

  IgnoreRhosts yes
  LoginGraceTime 120
  PermitRootLogin no #Anmeldung für den Benutzer “root” für SSH-Verbindungen deaktiviert
  PermitEmptyPasswords no
  StrictModes yes
  PubkeyAuthentication yes
  Protocol 2
  UseDNS no
  ChallengeResponseAuthentication no
  PasswordAuthentication no
  UsePAM no
  AllowUsers stereosonic

add my ssh keys to access the box

mkdir -p ~/.ssh

chmod 0700 ~/.ssh

curl -sf https://github.com/stereosupersonic.keys > ~/.ssh/authorized_keys

chmod 0600 ~/.ssh/authorized_keys

ssh restart

sudo service ssh restart

sudo systemctl enable ssh # autostart

generate a new ssh key

ssh-keygen -t rsa -b 4096 -C "michael@deimel.de"

add to github

https://docs.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent

cat ~/.ssh/id_rsa.pub # copy the key

# put it to github under Account > Settings > SSH and GPG Keys

testing access: ssh -T git@github.com

locale

sudo apt-get install language-pack-de

sudo update-locale LANG=de_DE.UTF-8

sudo dpkg-reconfigure tzdata #zeitzone

setup time ntp

sudo apt-get install ntp ntpdate

sudo ntpdate ntp.ubuntu.com # Update time

default editor

sudo update-alternatives --config editor

ruby

TODO maybe needed

my dotfiles https://github.com/stereosupersonic/dotfiles

git clone git://github.com/stereosupersonic/dotfiles ~/.dotfiles

cd ~/.dotfiles

rake install

vim needs

sudo apt-get install ctags

setup mail with google

https://rtcamp.com/tutorials/linux/ubuntu-postfix-gmail-smtp/

myhostname = raspi2
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = raspberrypi, localhost.localdomain, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
#inet_interfaces = ipv4
#google
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
inet_protocols = ipv4

Test

echo "Test mail from postfix" | mail -s "Test Postfix" michael@deimel.de

root mails weiterleiten

vi /root/.forward #=> blah@postfach.de

setup logwatch http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers

apt-get install logwatch
vim /etc/cron.daily/00logwatch

/usr/sbin/logwatch --output mail --mailto debug@deimel.de --detail high

sudo logwatch --mailto debug@deimel.de  --output mail --format html --range 'between -7 days and today'  --detail high

setup unattended-upgrades

http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers

sudo apt-get install unattended-upgrades

sudo vim /etc/apt/apt.conf.d/10periodic

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

vim /etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Allowed-Origins {
        "Ubuntu lucid-security";
//      "Ubuntu lucid-updates";
};

Setup alive https://github.com/stereosupersonic/alive

docker

sudo apt-get install docker docker-compose

TODO

Howto

List all installed packages

dpkg --get-selections

Liste all running services

sudo netstat -tulpn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment