Recently I've been deploying Debian 6.0 (Squeeze) and 7.0 (Wheezy) servers for some personal projects. These servers are installed in different ways:
Consqeuently the basic configuration needs a little bit of tweaking as they all differ slightly after the initial install. This blog post is a "cheat sheet" so I can ensure consistent basic setup on each of the servers.
dpkg-reconfigure tzdata dpkg-reconfigure locales update-locale LC_CTYPE=en_GB.UTF-8 locale -a locale-gen
echo box.example.org > /etc/hostname /bin/hostname -F /etc/hostname
/etc/hosts and update accordingly.
As these boxes are headless and remote, therefore I have enabled
fsck auto repair.
sed -i 's/FSCKFIX=no/FSCKFIX=yes/' /etc/default/rcS
sed -i 's/#FSCKFIX=no/FSCKFIX=yes/' /etc/default/rcS
lsb_release to get access to release details.
apt-get install lsb_release
This is what I put in
cat >/etc/apt/sources.list<<EOF deb http://ftp.us.debian.org/debian/ $(lsb_release -cs) main contrib non-free deb-src http://ftp.us.debian.org/debian/ $(lsb_release -cs) main contrib non-free deb http://security.debian.org/ $(lsb_release -cs)/updates main contrib non-free deb-src http://security.debian.org/ $(lsb_release -cs)/updates main contrib non-free # $(lsb_release -cs)-updates, previously known as 'volatile' deb http://ftp.us.debian.org/debian/ $(lsb_release -cs)-updates main contrib non-free deb-src http://ftp.us.debian.org/debian/ $(lsb_release -cs)-updates main contrib non-free EOF
ftp.uk for servers located in the United Kingdom.
sed -i 's/ftp\.us/ftp\.gb/g' /etc/apt/sources.list
I add the Backports repository in order to access some updated packages. This is most useful for Squeeze but will become of more use to Wheezy in time.
echo "deb http://backports.debian.org/debian-backports $(lsb_release -cs)-backports main contrib non-free" > /etc/apt/sources.list.d/backports.list apt-get update
echo "deb http://backports.debian.org/debian $(lsb_release -cs)-backports main contrib non-free" > /etc/apt/sources.list.d/backports.list apt-get update
apt-get install nano wget curl rsync tree screen less htop iotop
apt-get install sudo
Add a user with
sudo capability. Just drop
--groups to create a
useradd user_a --create-home --shell /bin/bash --user-group --groups adm,dialout,cdrom,plugdev,sudo
Assign a password.
echo user_a:mypassword | chpasswd
apt-get install ufw
See my blog post Uncomplicated Firewall (UFW) on Arch Linux for the basic firewall configuration.
apt-get install denyhosts
See my blog post about SSH brute force defence.
That about covers the essentials.Comments powered by Disqus