Install_Debian

***

2/17/25

Debian

Ver

Install_Debian

2/17/25

home

Info

Releases

cat /proc/version

Install / Debian

systemctl -a

nano

systemctl  list-unit-files

Tweaks

Pkg Mgt

Install

MX

Debian 10 Buster : Install

Server-World

FAQ

How to Install a Debian 10 (Buster) Minimal Server

Linux

Initial Settings

1

SSH

# ip a

get IP address and set into PUTTY

/etc/ssh/sshd_config

port  8267

systemctl restart sshd

Setup passwordless login in Putty

https://help.dreamhost.com/hc/en-us/articles/215464758-How-do-I-set-up-passwordless-login-in-PuTTY-

Setup passwordless SSH

https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

1

$

ssh-keygen -t rsa

Create the RSA Key Pair

2

$

Enter file in which to save the key (/home/mdh/.ssh/id_rsa):

<enter>

(accept default location)

Store the Keys and Passphrase

$

Enter passphrase (empty for no passphrase):

<enter>

(don't add a passphrase)

3

$

ssh-copy-id  -p 8269 mdh@192.168.2.69

(copy the public key to the remote host)

Copy the Public Key

ssh -p 8269 mdh@192.168.2.69

2

apt

apt prompts for CDs when installing packages, how do I make it stop?

https://unix.stackexchange.com/questions/16370/apt-get-prompts-for-cds-when-installing-packages-how-do-i-make-it-stop

/etc/apt/sources.list

Comment out the "CDROM line"

/etc/apt/sources.list.d/*.list

3

Update / Upgrade

First, make sure that your /etc/apt/sources.list contains the buster/updates repository (this makes sure you always get the newest updates),

and that the contrib and non-free repositories are enabled.

deb http://deb.debian.org/debian/ buster main contrib non-free

https://www.google.com/search?q=%27cdrom%3A%2F%2F%5BDebian+GNU%2FLinux+10.0.0+_Buster_+-+Official+amd64+DVD+Binary-1+20190706-10%3A24%5D+buster+Release%27+does+not+have+a+Release+file.&rlz=1C1CAFC_enUS835US835&oq=%27cdrom%3A%2F%2F%5BDebian+GNU%2FLinux+10.0.0+_Buster_+-+Official+amd64+DVD+Binary-1+20190706-10%3A24%5D+buster+Release%27+does+not+have+a+Release+file.&aqs=chrome..69i57.2751j0j3&sourceid=chrome&ie=UTF-8

deb-src http://deb.debian.org/debian/ buster main contrib non-free

https://superuser.com/questions/1340855/debian-apt-update-doesnt-allow-dvds

deb http://security.debian.org/debian-security buster/updates main contrib non-free

deb-src http://security.debian.org/debian-security buster/updates main contrib non-free

--->

sudo apt update && sudo apt upgrade -y

apt update

to update the apt package database

apt upgrade

to install the latest updates (if there are any).

apt-get update --allow-insecure-repositories

apt-get upgrade --allow-unauthenticated

apt-get update --allow-unauthenticated

apt list --upgradable

apt update

apt upgrade

Other installs could go here (and removals)

sudo apt install apache2 -y

sudo systemctl status apache2

Verify the Installation

You should see active (running) in the output.

apt install net-tools

install network tools

apt install samba

apt install msmtp

apt install msmtp-mta

apt install bsd-mailx

apt install inxi

apt install ntfs-3g

apt remove nano

4

Networking

Net-Tools and Static IP

Previous

vi /etc/network/interfaces

ip a

get your ip address

Method

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

Static IP

Setting a static IP on Debian 13 (Trixie) is most reliably done through NetworkManager,

which is the default network stack for most Debian installations.

source /etc/network/interfaces.d/*

Method 1: Command Line (nmcli)

# The loopback network interface

This is the preferred method for servers or if you are SSH'd into your machine.

auto lo

enp2s0

1

nmcli device

Identify your interface name

Look for your ethernet or Wi-Fi name (e.g., eth0 or enp3s0).

iface lo inet loopback

2

sudo nmcli con mod "Wired connection 1" ipv4.addresses 192.168.0.68/24 ipv4.gateway 192.168.0.1 ipv4.dns "8.8.8.8,1.1.1.1" ipv4.method manual

3

sudo nmcli con up "Wired connection 1"

# The primary network interface

auto enp0s31f6

<----- this line is needed.

https://lists.debian.org/debian-user/2017/09/msg00911.html

ie

nmcli connection show

iface enp0s31f6 inet static

sudo nmcli con mod "Wired connection 1" \

address 192.168.2.67

ipv4.addresses 192.168.0.68/24 \

netmask 255.255.255.0

ipv4.gateway 192.168.0.1 \

network 192.168.2.0

ipv4.dns "8.8.8.8,1.1.1.1" \

broadcast 192.168.2.255

ipv4.method manual

gateway 192.168.2.1

sudo nmcli con up "Wired connection 1"

# This is an autoconfigured IPv6 interface

ip addr show

Verify the New Settings

iface ens33 inet6 auto

Troubleshooting Tip

sudo nmcli con mod "Wired connection 1" ipv4.method auto

If you ever need to revert back to DHCP (automatic IP)

sudo nmcli con up "Wired connection 1"

restart the connection

nmcli device show | grep IP4

If you ever need to verify that your static IP is correctly active and not being overridden by a secondary DHCP lease.

This will give you a clean breakdown of the current Address, Gateway, and DNS settings.

Check Service Status (The Quickest Way)

systemctl is-active NetworkManager

returns either active or inactive

systemctl is-active systemd-networkd

returns either active or inactive

Check via nmcli

nmcli device status

If it works: You’ll see a list of your interfaces (like enp3s0 or eth0) and their connection states.

If it says "command not found": You likely aren't using NetworkManager.

Identify the "Old School" Method

cat /etc/network/interfaces

If you see lines like iface eth0 inet dhcp or iface enp3s0 inet static,

then your system is managed by the traditional Debian networking scripts rather than a modern daemon.

Result

Meaning

NetworkManager is active

You have a full-featured manager (best for Wi-Fi and Desktop). Use nmtui or nmcli.

systemd-networkd is active

You have a modern, lightweight manager (common on servers/cloud). Configuration is in /etc/systemd/network/.

Active interfaces in

You're using the classic Debian approach. Direct file editing is required here.

/etc/network/interfaces

5

Apache

systemctl status apache2

na

systemctl stop apache2

systemctl start apache2

systemctl restart apache2

Full restart

systemctl reload apache3

Apply config changes without dropping connections

systemctl enable apache2

Start automatically at boot

/etc/apache2/apache2.conf

Main Configuration

Listen 8067

Alias's

Alias /etc/ "/etc/"

Alias /logs/ "/var/log/"

Alias /r/ "/"

Alias /flash/ "/mnt/flash"

<Directory /etc/>

<Directory /var/log/>

<Directory />

<Directory /mnt/flash/>

Alias /homes/ "/home/"

Options Indexes FollowSymLinks

Options Indexes FollowSymLinks

Options Indexes FollowSymLinks

Options Indexes FollowSymLinks

AllowOverride None

AllowOverride None

AllowOverride None

AllowOverride None

Require all granted

Require all granted

Require all granted

Require all granted

</Directory>

</Directory>

</Directory>

</Directory>

Find and insert after the above alias's

<Directory /var/www/>

Options Indexes FollowSymLinks

AllowOverride None

Require all granted

</Directory>

Important File Locations

/var/www/html/

Web Content:  (Place your website files here).

/etc/apache2/sites-available/

Virtual Host Configurations

/var/log/apache2/error.log

Error Logs

6

SAMBA

sudo apt update && sudo apt install cifs-utils

install the helper package first

apt install samba

smbpasswd  -a  mdh

( new samba user )

Note:

to add a new samba user, you must have that same user in linux.

New SMB password:

mdh

ie

add samba functionality to the linux user mdh

#======================= Global Settings =====================================

Retype new SMB password:

mdh

[global]

/etc/samba/

cp smb.conf  smb.conf-org

workgroup = hvezda

vi  smb.conf

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

server string = Samba Server Version %v

netbios name = T30

systemctl restart smbd.service

smbd.service

# --------------------------- Logging Options -----------------------------

systemctl restart nmbd.service

nmbd.service

# log files split per-machine:

log file = /var/log/samba/log.%m

# maximum size of 50KB per log file, then rotate:

7

File Ownership / Permissions

new

orig

max log size = 50

Cur:

Fed 27

/var/log/

apache2

755

700

cron job needed

auth.log

755

700

# ----------------------- Standalone Server Options ------------------------

samba

755

750

security = user

fail2ban.log

644

600

cron job needed

passdb backend = tdbsam

messages

644

600

daemon.log

644

600

debug

644

600

#============================ Share Definitions ==============================

kern.log

644

600

syslog

644

600

[homes]

comment = Home Directories

chmod 644 /var/log/apache2/*

the entire apache2 directory

path = /home

browseable = yes

**

/var/www/

html

chown -R  mdh:mdh  /var/www/html

writable = yes

html

chmod -R 755  /var/www/html

[www]

comment = web site 67

8

Email

1

apt install msmtp

Install msmtp

https://www.howtoinstall.co/en/debian/stretch/msmtp

path = /var/www/html

capability to send email

2

apt install msmtp-mta

Install msmtp-mta

browseable = yes

(see Notes > Unix_Mail.xlsm)

3

apt install bsd-mailx

Install bsd-mailx

guest ok = yes

writable = yes

3

setup onfig files >>>

~/.msmtprc

~/.mailrc

# Set default values for all following accounts.

set sendmail="/usr/bin/msmtp"

[flash]

defaults

comment = flash drive

port 587

path = /mnt/flash

tls on

browseable = yes

tls_trust_file /etc/ssl/certs/ca-certificates.crt

guest ok = yes

writable = yes

account gmail

host smtp.gmail.com

[apache-logs]

from mdhvezda2@gmail.com

comment = Apache Logs

auth on

path = /var/log/apache2

user mdhvezda2

browseable = yes

password googlede@00Vere

guest ok = yes

writable = yes

# Set a default account

account default : gmail

4

test >>>>>>

echo `date` | mail -v -s "msmtp test"   mdhvezda2@gmail.com

9

copy webs & scripts

(from)  www ------->  (to) www

note:  be sure you have changed ownership of  /var/www/  before executing this step.

also see GoogleDrive \BAT\Misc\

-->

scp  -rp  -P 8269   mdh@192.168.2.69:/var/www/html/    /var/www/

from (69) --->  to (xx) ("on xx")

"pull"

successful, added new key   (could pull from remote host)

"Debian to Windows"

-->

scp  -rp  -P 8269   mdh@192.168.2.69:/home/scripts/    /home/

***

from (69) --->  to (xx) ("on xx")

"pull"

using Putty's   pscp

to xfer from Debian to Win pc.

scp  -rp  -P 8268  mdh@192.168.2.68:/var/www/html/    /var/www/

from (68) --->  to (xx) ("on xx")

"pull"

successful, added new key   (could pull from remote host)

scp  -rp  -P 8268  mdh@192.168.2.68:/home/scripts/    /home/

from (68) --->  to (xx) ("on xx")

"pull"

scp  -rp  -P 8267  mdh@192.168.2.67:/var/www/html/    /var/www/

from (67) --->  to (xx) ("on xx")

"pull"

successful, added new key   (could pull from remote host)

scp  -rp  -P 8267  mdh@192.168.2.67:/home/scripts/    /home/

from (67) --->  to (xx) ("on xx")

"pull"

scp  -rp  -P 8267    /var/www/html/*    mdh@192.168.1.67:/var/www/html/

from (xx)  ("on xx")  --->  to (67)

"push"

failed due to "strict checking"   (could not push to a remote host)

(successful, after I deleted the contents of .68's known_hosts)

scp  -rp  -P 8268    /var/www/html/*    mdh@192.168.1.68:/var/www/html/

from (xx)  ("on xx") --->  to (68)

"push"

failed due to "strict checking"   (could not push to a remote host)

scp        -P 8268     testfile               mdh@192.168.1.68:/home/mdh/

(successful)

notes:

-P (the port to connect to, on the remote Host)

***

after copying scripts over,  file ownership needs updating  (from root to mdh)

---->

chown -R  mdh:mdh  /home/scripts

10

Misc stuff

(from) prev  -----> (to) cur

Cron Jobs

crontab  -e      ---->     crontab  -e

copy and paste cron jobs to new server

Drive Mappings:  Win pc's

Drive Mappings:  apache-logs (L:) ,  www (w:) ,  and  homes(h:)

on Win pc's

11

Freezer

#

dpkg -l

( see Programming_Python.xlsm )

#

apt-get install python3-pip

https://www.tecmint.com/install-pip-in-linux/

( the PySerial tab )

#

python3 -m pip install pyserial

pyserial in /usr/local/lib/python3.7/dist-packages (3.4)

for finding the "COM" port

in linux.

#

python3  /home/scripts/python/freezer.py

12

set the CRONTAB editor

$

update-alternatives --list editor

List of available editors

#

update-alternatives --set editor /usr/bin/vim.tiny

Set the default editor

apt remove nano

https://superuser.com/questions/281617/change-default-text-editor-for-crontab-to-vim

13

Fail2ban

apt install fail2ban

https://glennr.nl/s/unifi-fail2ban

https://www.linode.com/docs/security/using-fail2ban-to-secure-your-server-a-tutorial/

https://www.vultr.com/docs/how-to-setup-fail2ban-on-debian-9-stretch

systemctl enable fail2ban.service

to make it auto start

https://serverfault.com/questions/997099/fail2ban-on-debian-buster-the-right-way-to-configure

fail2ban-client status

fail2ban-client status JAILname

ie

fail2ban-client status unifi

ie

fail2ban-client status sshd

14

Other

apt install inxi

an amazing tool to check hardware information on Linux

Binary Tides

apt install ntfs-3g

make NTFS drives available