Install_Debian

***

2/17/25

Debian

Ver

Install_Debian

2/17/25

home

Info

Releases

cat /proc/version

Install / Debian

systemctl -a

nano

systemctl  list-unit-files

Tweaks

Pkg Mgt

MX

Install

Debian 13 Trixie: Install

Server-World

FAQ

Archives

Linux

1

Initial Settings

Create your swapfile

Once Debian boots for the first time:

sudo fallocate -l 4G /swapfile

sudo chmod 600 /swapfile

sudo mkswap /swapfile

sudo swapon /swapfile

Add to /etc/fstab

/swapfile none swap sw 0 0

Add user mdh to groups

sudo usermod -aG sudo mdh

Adding  user mdh to the sudo group

sudo usermod -aG adm mdh

Adding  user mdh to the adm group

See the scrolling test during bootups

sudo nano /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT=""

sudo update-grub

2

Update / Upgrade

First, make sure that your /etc/apt/sources.list contains the buster/updates repository (this makes sure you always get the newest updates),

and that the contrib and non-free repositories are enabled.

deb http://deb.debian.org/debian/ buster main contrib non-free

https://www.google.com/search?q=%27cdrom%3A%2F%2F%5BDebian+GNU%2FLinux+10.0.0+_Buster_+-+Official+amd64+DVD+Binary-1+20190706-10%3A24%5D+buster+Release%27+does+not+have+a+Release+file.&rlz=1C1CAFC_enUS835US835&oq=%27cdrom%3A%2F%2F%5BDebian+GNU%2FLinux+10.0.0+_Buster_+-+Official+amd64+DVD+Binary-1+20190706-10%3A24%5D+buster+Release%27+does+not+have+a+Release+file.&aqs=chrome..69i57.2751j0j3&sourceid=chrome&ie=UTF-8

deb-src http://deb.debian.org/debian/ buster main contrib non-free

https://superuser.com/questions/1340855/debian-apt-update-doesnt-allow-dvds

deb http://security.debian.org/debian-security buster/updates main contrib non-free

deb-src http://security.debian.org/debian-security buster/updates main contrib non-free

--->

sudo apt update && sudo apt upgrade -y

apt update

apt-get update --allow-insecure-repositories

apt-get update --allow-unauthenticated

apt upgrade

apt-get upgrade --allow-unauthenticated

apt list --upgradable

Other installs could go here (and removals)

Google Chrome

RustDesk

Tailscale

apt install cifs-utils

apt install net-tools

install network tools

apt install samba

apt install inxi

an amazing tool to check hardware information on Linux

Binary Tides

apt install ntfs-3g

make NTFS drives available

apt install bsd-mailx

apt install msmtp

apt install msmtp-mta

Install Caddy

Install

Caddyserver.com  > Documentation > Get Caddy >  Install > Debian, Ubuntu, …

After installing, see --->

using the service

$

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl

$

curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg

$

curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list

$

sudo chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg

$

sudo chmod o+r /etc/apt/sources.list.d/caddy-stable.list

$

sudo apt update

$

sudo apt upgrade

$

sudo apt install caddy

$

caddy -v

v2.11.2

h1:iOlpsSiSKqEW+SIXrcZsZ/NO74SzB/ycqqvAIEfIm64=

$

sudo service caddy status

3

SSH

# ip a

get IP address and set into PUTTY

/etc/ssh/sshd_config

port  8267

systemctl restart sshd

Setup passwordless login in Putty

https://help.dreamhost.com/hc/en-us/articles/215464758-How-do-I-set-up-passwordless-login-in-PuTTY

Setup passwordless SSH

https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

1

$

ssh-keygen -t rsa

Create the RSA Key Pair

2

$

Enter file in which to save the key (/home/mdh/.ssh/id_rsa):

<enter>

(accept default location)

Store the Keys and Passphrase

$

Enter passphrase (empty for no passphrase):

<enter>

(don't add a passphrase)

3

$

ssh-copy-id  -p 8269 mdh@192.168.2.69

(copy the public key to the remote host)

Copy the Public Key

ssh -p 8269 mdh@192.168.2.69

4

Networking

Net-Tools and Static IP

ip a

get your ip address

Static IP

Setting a static IP on Debian 13 (Trixie) is most reliably done through NetworkManager,

which is the default network stack for most Debian installations.

Check Service Status (The Quickest Way)

Active

systemctl is-active NetworkManager

returns either active or inactive

Inactive

systemctl is-active systemd-networkd

returns either active or inactive

Check via nmcli

nmcli device status

If it works: You’ll see a list of your interfaces (like enp3s0 or eth0) and their connection states.

If it says "command not found": You likely aren't using NetworkManager.

Identify the "Old School" Method

cat /etc/network/interfaces

If you see lines like iface eth0 inet dhcp or iface enp3s0 inet static,

then your system is managed by the traditional Debian networking scripts rather than a modern daemon.

Result

Meaning

NetworkManager is active

You have a full-featured manager (best for Wi-Fi and Desktop). Use nmtui or nmcli.

systemd-networkd is active

You have a modern, lightweight manager (common on servers/cloud). Configuration is in /etc/systemd/network/.

Active interfaces in

You're using the classic Debian approach. Direct file editing is required here.

/etc/network/interfaces

Method 1: Command Line (nmcli)

This is the preferred method for servers or if you are SSH'd into your machine.

enp2s0

1

nmcli device

Identify your interface name

Look for your ethernet or Wi-Fi name (e.g., eth0 or enp3s0).

2

sudo nmcli con mod "Wired connection 1" ipv4.addresses 192.168.0.68/24 ipv4.gateway 192.168.0.1 ipv4.dns "8.8.8.8,1.1.1.1" ipv4.method manual

3

sudo nmcli con up "Wired connection 1"

ie

nmcli connection show

sudo nmcli con mod "Wired connection 1" \

ipv4.addresses 192.168.0.68/24 \

ipv4.gateway 192.168.0.1 \

ipv4.dns "8.8.8.8,1.1.1.1" \

ipv4.method manual

sudo nmcli con up "Wired connection 1"

ip addr show

Verify the New Settings

Troubleshooting Tip

sudo nmcli con mod "Wired connection 1" ipv4.method auto

If you ever need to revert back to DHCP (automatic IP)

sudo nmcli con up "Wired connection 1"

restart the connection

nmcli device show | grep IP4

If you ever need to verify that your static IP is correctly active and not being overridden by a secondary DHCP lease.

This will give you a clean breakdown of the current Address, Gateway, and DNS settings.

5

SAMBA

sudo apt update && sudo apt install cifs-utils

install the helper package first

smbpasswd  -a  mdh

( new samba user )

Note:

to add a new samba user, you must have that same user in linux.

apt install samba

New SMB password:

mdh

ie

add samba functionality to the linux user mdh

#======================= Global Settings =====================================

Retype new SMB password:

mdh

[global]

/etc/samba/

cp smb.conf  smb.conf-org

workgroup = hvezda

vi  smb.conf

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

server string = Samba Server Version %v

netbios name = T30

systemctl status smbd nmbd

systemctl restart smbd.service

smbd.service

# --------------------------- Logging Options -----------------------------

systemctl restart nmbd.service

nmbd.service

# log files split per-machine:

log file = /var/log/samba/log.%m

# maximum size of 50KB per log file, then rotate:

6

set the CRONTAB editor

max log size = 50

$

update-alternatives --list editor

List of available editors

# ----------------------- Standalone Server Options ------------------------

#

update-alternatives --set editor /usr/bin/vim.tiny

Set the default editor

security = user

passdb backend = tdbsam

(from) prev  -----> (to) cur

crontab  -e      ---->     crontab  -e

copy and paste cron jobs to new server

#============================ Share Definitions ==============================

Root Cron Jobs

mdh Cron Jobs

[homes]

comment = Home Directories

root@T30:/etc/samba# crontab -l

# m h  dom mon dow   command

path = /home

MAILTO="mdhvezda2@gmail.com"

MAILTO="mdhvezda2@gmail.com"

browseable = yes

# m h  dom mon dow   command

# 00 00  * * *   /home/scripts/bash/daily_freezer.sh >/dev/null 2>&1

writable = yes

00 * * * *  /usr/local/bin/cloudflare.sh >/dev/null 2>&1

# 00 00  * * *   /home/scripts/bash/daily_esp.sh >/dev/null 2>&1

15 * * * *  /usr/local/bin/cloudflare.sh >/dev/null 2>&1

52 00  * * *   /home/scripts/bash/close-logs.sh >/dev/null 2>&1

[www]

30 * * * *  /usr/local/bin/cloudflare.sh >/dev/null 2>&1

06 01  * * *   /home/scripts/bash/init-logs.sh >/dev/null 2>&1

comment = web site 67

45 * * * *  /usr/local/bin/cloudflare.sh >/dev/null 2>&1

59  *  * * *   /home/scripts/bash/tasks_hourly.bash >/dev/null 2>&1

path = /var/www/html

25 02  * * *   /home/scripts/bash/set_perms.sh >/dev/null 2>&1

# 59  *  * * *   /home/scripts/bash/alerts3-freezer.sh >/dev/null 2>&1

browseable = yes

# 07  *  * * *   /home/scripts/bash/espPID-chk.sh >/dev/null 2>&1

# 59  *  * * *   /home/scripts/bash/alerts3-esp.sh >/dev/null 2>&1

guest ok = yes

# 22  *  * * *   /home/scripts/bash/espPID-chk.sh >/dev/null 2>&1

45 20  * * *   /home/scripts/bash/tasks_daily.bash >/dev/null 2>&1

writable = yes

# 37  *  * * *   /home/scripts/bash/espPID-chk.sh >/dev/null 2>&1

53 20  * * Sat /home/scripts/bash/tasks_weekly.bash >/dev/null 2>&1

# 52  *  * * *   /home/scripts/bash/espPID-chk.sh >/dev/null 2>&1

57 20 13 * *   /home/scripts/bash/tasks_monthly.bash >/dev/null 2>&1

[flash]

# 17  *  * * *   /home/scripts/bash/freezerPID-chk.sh >/dev/null 2>&1

57 19  * * Sat /home/scripts/bash/hvezda.bash >/dev/null 2>&1

comment = flash drive

21  *  * * *   /home/scripts/bash/logons.bash >/dev/null 2>&1

path = /mnt/flash

browseable = yes

guest ok = yes

new

orig

writable = yes

7

File Ownership / Permissions

/var/log/

apache2

755

700

cron job needed

Cur:

Fed 27

auth.log

755

700

[apache-logs]

samba

755

750

comment = Apache Logs

fail2ban.log

644

600

cron job needed

path = /var/log/apache2

messages

644

600

browseable = yes

daemon.log

644

600

guest ok = yes

debug

644

600

writable = yes

kern.log

644

600

syslog

644

600

chmod 644 /var/log/apache2/*

the entire apache2 directory

**

/var/www/

html

chown -R  mdh:mdh  /var/www/html

html

chmod -R 755  /var/www/html

When you see Error 5 or Error 1244, it’s usually because Samba has successfully "shaken hands" with Windows,

but when it tries to actually step into that folder as the user mdh, the Linux kernel stops it at the door.

Default Permissions: New Debian installs/upgrades often set /var/www ownership to root:root or www-data:www-data with 755 or 750 permissions.

The "Other" Bit: If mdh wasn't the owner or part of the www-data group (with write bits set),

Windows interprets that Linux "Permission Denied" as a generic "Access Denied" or "Not Authenticated" error.

Pro-Tip for your T30 setup:

If you plan on having multiple services (like Apache/Nginx and your Windows user) touching that /var/www/html folder,

you might want to add your user to the web server group to avoid future headaches:

sudo usermod -aG www-data mdh

Add your user to the group:

sudo chmod -R 2775 /var/www/html

Set the "Setgid" bit:

This ensures new files created by Windows or Debian inherit the www-data group automatically.

8

copy webs & scripts

Source --->

/var/www/html/

Destination --->

/var/www/

also see GoogleDrive \BAT\Misc\

"Debian to Windows"

sudo scp -rp mdh@192.168.0.68:/var/www/html/ /var/www/

using Putty's   pscp

to xfer from Debian to Win pc.

(from)  www ------->  (to) www

note:  be sure you have changed ownership of  /var/www/  before executing this step.

-->

scp  -rp  -P 8269   mdh@192.168.2.69:/var/www/html/    /var/www/

from (69) --->  to (xx) ("on xx")

"pull"

successful, added new key   (could pull from remote host)

-->

scp  -rp  -P 8269   mdh@192.168.2.69:/home/scripts/    /home/

***

from (69) --->  to (xx) ("on xx")

"pull"

sudo scp  -rp   mdh@192.168.0.68:/home/scripts/ /home/

from (68) --->  to (xx) ("on xx")

"pull"

successful, added new key   (could pull from remote host)

sudo scp  -rp   mdh@192.168.0.68:/home/data/ /home/

from (68) --->  to (xx) ("on xx")

"pull"

sudo scp -rp mdh@192.168.0.68:/var/www/html/ /var/www/

from (67) --->  to (xx) ("on xx")

"pull"

successful, added new key   (could pull from remote host)

scp  -rp  -P 8267  mdh@192.168.2.67:/home/scripts/    /home/

from (67) --->  to (xx) ("on xx")

"pull"

scp  -rp  -P 8267    /var/www/html/*    mdh@192.168.1.67:/var/www/html/

from (xx)  ("on xx")  --->  to (67)

"push"

failed due to "strict checking"   (could not push to a remote host)

(successful, after I deleted the contents of .68's known_hosts)

scp  -rp  -P 8268    /var/www/html/*    mdh@192.168.1.68:/var/www/html/

from (xx)  ("on xx") --->  to (68)

"push"

failed due to "strict checking"   (could not push to a remote host)

scp        -P 8268     testfile               mdh@192.168.1.68:/home/mdh/

(successful)

notes:

-P (the port to connect to, on the remote Host)

***

after copying scripts over,  file ownership needs updating  (from root to mdh)

---->

chown -R  mdh:mdh  /home/scripts

9

Fail2ban

https://glennr.nl/s/unifi-fail2ban

https://www.linode.com/docs/security/using-fail2ban-to-secure-your-server-a-tutorial/

apt install fail2ban

https://www.vultr.com/docs/how-to-setup-fail2ban-on-debian-9-stretch

systemctl enable fail2ban.service

to make it auto start

https://serverfault.com/questions/997099/fail2ban-on-debian-buster-the-right-way-to-configure

fail2ban-client status

fail2ban-client status JAILname

ie

fail2ban-client status unifi

ie

fail2ban-client status sshd

10

ufw

sudo ufw status verbose

If it says inactive, UFW is turned off

sudo ufw disable

temporarily stop the firewall

sudo apt remove ufw

uninstall and remove all rules

sudo apt purge ufw

sudo ufw status

It should return "command not found" if successfully removed.

sudo ufw allow 22/tcp

Allow SSH (important!) Before enabling UFW, make sure to allow SSH so you don’t get locked out:

sudo ufw allow icmp

sudo ufw allow 80/tcp   # Allow HTTP

sudo ufw allow 443/tcp  # Allow HTTPS

sudo ufw enable

#

iptables -L

11

Set the Hostname of PC

Since you're running Debian Trixie (Debian 13), you are using a modern systemd-based environment.

The "best" way—meaning the most persistent and cleanest—is using the hostnamectl command.

It handles all the heavy lifting, ensuring the change sticks across reboots and updates the necessary configuration files automatically.

1. The Standard Method: hostnamectl

This is the recommended approach for modern Debian systems. It updates /etc/hostname without you having to open a text editor.

hostnamectl

Check your current settings:

sudo hostnamectl set-hostname inspiron

Replace new-computer-name with your desired name.

sudo nano /etc/hosts

While hostnamectl changes the system name, it doesn't always update your local table of hostnames.

If you skip this, you might see "unable to resolve host" errors when using sudo.

127.0.1.1 old-computer-name

Find the line that looks like this:

127.0.1.1 new-computer-name

Change old-computer-name to your new name.

Note: Your terminal prompt (e.g., user@oldname:~$) might still show the old name until you start a new terminal session or log out and back in.

tip:

Stick to lowercase letters, numbers, and hyphens

Debian (and Linux in general) can get a bit grumpy if you try to use spaces, underscores, or special characters in a hostname!

12

13