Install_Debian

Debian

6/29/22

Install_Debian

Home

Info

Install / Debian

cat /proc/version

Pkg Mgt

systemctl -a

systemctl list-unit-files

Install

Debian 10 Buster : Install

Server-World

How to Install a Debian 10 (Buster) Minimal Server

Initial Settings

SSH

# ip a

get IP address and set into PUTTY

/etc/ssh/sshd_config

port 8267

systemctl restart sshd

Setup passwordless login in Putty

https://help.dreamhost.com/hc/en-us/articles/215464758-How-do-I-set-up-passwordless-login-in-PuTTY-

Setup passwordless SSH

https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

ssh-keygen -t rsa

Create the RSA Key Pair

Enter file in which to save the key (/home/mdh/.ssh/id_rsa):

<enter>

(accept default location)

Store the

Enter passphrase (empty for no passphrase):

<enter>

(don't add a passphrase)

ssh-copy-id -p 8269 mdh@192.168.2.69

(copy the public key to the remote host)

Copy the

ssh -p 8269 [email protected]

apt

apt prompts for CDs when installing packages, how do I make it stop?

https://unix.stackexchange.com/questions/16370/apt-get-prompts-for-cds-when-installing-packages-how-do-i-make-it-stop

/etc/apt/sources.list

Comment out the "CDROM line"

/etc/apt/sources.list.d/*.list

Networking

Net-Tools and Static IP

ip a

get your ip address

apt install net-tools

install network tools (needs DVD #1)

Static IP

vi /etc/network/interfaces

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

auto enp0s31f6

<----- this line is needed.

https://lists

iface enp0s31f6 inet static

address 192.168.2.67

netmask 255.255.255.0

network 192.168.2.0

broadcast 192.168.2.255

gateway 192.168.2.1

# This is an autoconfigured IPv6 interface

iface ens33 inet6 auto

systemctl restart networking

Restart your network.

vi /etc/hosts

127.0.0.1 localhost.localdomain localhost

192.168.2.67 T30.hvezda.com T30

vi /etc/hostname

set hostname if needed.

systemctl reboot

reboot the server to apply the hostname change

hostname

T30

hostname -f

T30.hvezda.com

Update / Upgrade

First, make sure that your /etc/apt/sources.list contains the buster/updates repository (this makes sure you always get the newest updates),

and that the contrib and non-free repositories are enabled.

deb http://deb.debian.org/debian/ buster main contrib non-free

https://www.google.com/search?q=%27cdrom%3A%2F%2F%5BDebian+GNU%2FLinux+10.0.0+_Buster_+-+Official+amd64+DVD+Binary-1+20190706-10%3A24%5D+buster+Release%27+does+not+have+a+Release+file.&rlz=1C1CAFC_enUS835US835&oq=%27cdrom%3A%2F%2F%5BDebian+GNU%2FLinux+10.0.0+_Buster_+-+Official+amd64+DVD+Binary-1+20190706-10%3A24%5D+buster+Release%27+does+not+have+a+Release+file.&aqs=chrome..69i57.2751j0j3&sourceid=chrome&ie=UTF-8

deb-src http://deb.debian.org/debian/ buster main contrib non-free

https://superuser.com/questions/1340855/debian-apt-update-doesnt-allow-dvds

deb http://security.debian.org/debian-security buster/updates main contrib non-free

deb-src http://security.debian.org/debian-security buster/updates main contrib non-free

apt update

to update the apt package database

apt upgrade

to install the latest updates (if there are any).

apt-get update --allow-insecure-repositories

apt-get upgrade --allow-unauthenticated

apt-get update --allow-unauthenticated

apt list --upgradable

apt update

apt upgrade

Other installs could go here (and removals)

apt install samba

apt remove nano

apt install msmtp

Find and insert after the existing below

apt install msmtp-mta

apt install bsd-mailx

Options Indexes FollowSymLinks

Alias /etc/ "/etc/"

Alias /r/ "/"

Alias /homes/ "/home/"

apt install inxi

AllowOverride None

apt install ntfs-3g

Require all granted

Options Indexes FollowSymLinks

</Directory>

AllowOverride None

Require all granted

Apache

/etc/apache2/apache2.conf

/etc/apache2/ports.conf

Alias's

</Directory>

Listen 8069

/etc/apache2/apache2.conf

Alias /logs/ "/var/log/"

Alias /flash/ "/mnt/flash"

systemctl start apache2

systemctl status apache2

Options Indexes FollowSymLinks

systemctl enable apache2

AllowOverride None

Require all granted

</Directory>

SAMBA

apt install samba

smbpasswd -a mdh

( new samba user )

Note:

to add a new samba user, you must have that same user in linux.

New SMB password:

mdh

add samba functionality to the linux user mdh

#======================= Global Settings =====================================

Retype new SMB password:

mdh

[global]

/etc/samba/

cp smb.conf smb.conf-org

workgroup = hvezda

vi smb.conf

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

server string = Samba Server Version %v

netbios name = T30

systemctl restart smbd.service

smbd.service

# --------------------------- Logging Options -----------------------------

systemctl restart nmbd.service

nmbd.service

# log files split per-machine:

log file = /var/log/samba/log.%m

# maximum size of 50KB per log file, then rotate:

File Ownership / Permissions

new

orig

max log size = 50

Cur:

Fed 27

/var/log/

apache2

755

700

cron job needed

auth.log

755

700

# ----------------------- Standalone Server Options ------------------------

samba

755

750

security = user

fail2ban.log

644

600

cron job needed

passdb backend = tdbsam

messages

644

600

daemon.log

644

600

debug

644

600

#============================ Share Definitions ==============================

kern.log

644

600

syslog

644

600

[homes]

comment = Home Directories

chmod 644 /var/log/apache2/*

the entire apache2 directory

path = /home

browseable = yes

/var/www/

html

chown -R mdh:mdh /var/www/html

writable = yes

html

chmod -R 755 /var/www/html

[www]

comment = web site 67

apt install msmtp

Install msmtp

https://www.howtoinstall.co/en/debian/stretch/msmtp

path = /var/www/html

capability to send email

apt install msmtp-mta

Install msmtp-mta

browseable = yes

(see Notes > Unix_Mail.xlsm)

apt install bsd-mailx

Install bsd-mailx

guest ok = yes

writable = yes

setup onfig files >>>

~/.msmtprc

~/.mailrc

# Set default values for all following accounts.

set sendmail="/usr/bin/msmtp"

[flash]

defaults

comment = flash drive

port 587

path = /mnt/flash

tls on

browseable = yes

tls_trust_file /etc/ssl/certs/ca-certificates.crt

guest ok = yes

writable = yes

account gmail

host smtp.gmail.com

[apache-logs]

from [email protected]

comment = Apache Logs

auth on

path = /var/log/apache2

user mdhvezda2

browseable = yes

password googlede@00Vere

guest ok = yes

writable = yes

# Set a default account

account default : gmail

test >>>>>>

echo `date` | mail -v -s "msmtp test" [email protected]

copy webs & scripts

(from) www -------> (to) www

note: be sure you have changed ownership of /var/www/ before executing this step.

also see GoogleDrive \BAT\Misc\

-->

scp -rp -P 8269 [email protected]:/var/www/html/ /var/www/

from (69) ---> to (xx) ("on xx")

"pull"

successful, added new key (could pull from remote host)

"Debian to Windows"

-->

scp -rp -P 8269 [email protected]:/home/scripts/ /home/

***

from (69) ---> to (xx) ("on xx")

"pull"

using Putty's pscp

to xfer from Debian to Win pc.

scp -rp -P 8268 [email protected]:/var/www/html/ /var/www/

from (68) ---> to (xx) ("on xx")

"pull"

successful, added new key (could pull from remote host)

scp -rp -P 8268 [email protected]:/home/scripts/ /home/

from (68) ---> to (xx) ("on xx")

"pull"

scp -rp -P 8267 [email protected]:/var/www/html/ /var/www/

from (67) ---> to (xx) ("on xx")

"pull"

successful, added new key (could pull from remote host)

scp -rp -P 8267 [email protected]:/home/scripts/ /home/

from (67) ---> to (xx) ("on xx")

"pull"

scp -rp -P 8267 /var/www/html/* [email protected]:/var/www/html/

from (xx) ("on xx") ---> to (67)

"push"

failed due to "strict checking" (could not push to a remote host)

(successful, after I deleted the contents of .68's known_hosts)

scp -rp -P 8268 /var/www/html/* [email protected]:/var/www/html/

from (xx) ("on xx") ---> to (68)

"push"

failed due to "strict checking" (could not push to a remote host)

scp -P 8268 testfile [email protected]:/home/mdh/

(successful)

notes:

-P (the port to connect to, on the remote Host)

***

after copying scripts over, file ownership needs updating (from root to mdh)

---->

chown -R mdh:mdh /home/scripts

Misc stuff

(from) prev -----> (to) cur

Cron Jobs

crontab -e ----> crontab -e

copy and paste cron jobs to new server

Drive Mappings: Win pc's

Drive Mappings: apache-logs (L:) , www (w:) , and homes(h:)

on Win pc's

Freezer

dpkg -l

( see Programming_Python.xlsm )

apt-get install python3-pip

https://www.tecmint.com/install-pip-in-linux/

( the PySerial tab )

python3 -m pip install pyserial

pyserial in /usr/local/lib/python3.7/dist-packages (3.4)

for finding the "COM" port

in linux.

python3 /home/scripts/python/freezer.py

set the CRONTAB editor

update-alternatives --list editor

List of available editors

update-alternatives --set editor /usr/bin/vim.tiny

Set the default editor

apt remove nano

https://superuser.com/questions/281617/change-default-text-editor-for-crontab-to-vim

Fail2ban

apt install fail2ban

https://glennr.nl/s/unifi-fail2ban

https://www.linode.com/docs/security/using-fail2ban-to-secure-your-server-a-tutorial/

https://www.vultr.com/docs/how-to-setup-fail2ban-on-debian-9-stretch

systemctl enable fail2ban.service

to make it auto start

https://serverfault.com/questions/997099/fail2ban-on-debian-buster-the-right-way-to-configure

fail2ban-client status

fail2ban-client status JAILname

fail2ban-client status unifi

fail2ban-client status sshd

Other

apt install inxi

an amazing tool to check hardware information on Linux

Binary Tides

apt install ntfs-3g

make NTFS drives available

mount

ls -l /dev/disk/by-uuid

/etc/fstab (make a bak copy of this file, then edit the new file)

by-id

put on the bottom of the file

… … …

by-path

UUID=8b745b70-7522-4b69-b94e-c143a9b6d9d2 /mnt/FreeAgent ext4 defaults 0 2

and then reboot

Mounting a Flash drive

ls -l /dev/disk/by-label

by-id

Automount

umount /dev/sde1

by-path

/run/media/mdh/FreeAgent

mkdir /mnt/TFLASH

by-uuid

mount -t ntfs-3g,uid=mdh,gid=mdh /dev/sde1 /mnt/TFLASH

FreeAgent --> ../../sdd1

Mounting an ext4 drive

Mounting a NTFS drive

TFLASH --> ../../sde1

umount /dev/sdb1

umount /dev/sdd1

mount /dev/sdb1 /mnt/FreeAgent

mkdir /mnt/FreeAgent

mount -t ntfs-3g /dev/sdd1 /mnt/FreeAgent

Firewall

https://www.server-world.info/query?os=Fedora_27&p=initial_conf&f=2

Note:

Fedora 18 introduced firewalld as a replacement for the previous iptables service

Although firewalld is a replacement for the firewall management provided by iptables service,

it still uses the iptables command for dynamic communication with the kernel packet filter (netfilter).

So it is only the iptables service that is replaced, not the iptables command.

Cur:

Fed 27

systemctl status firewalld

systemctl start firewalld.service

Start the firewall

systemctl enable firewalld.service

Enable firewall startup on boot-up

firewall-cmd --get-default-zone

ip.67

ip.68

ip.69

firewall-cmd --get-active-zone

vnc

5900

firewall-cmd --permanent --add-port=5900/tcp

ftp

21150

default ----->

firewall-cmd --permanent --add-port=8067/tcp

http

8067

8068

8069

firewall-cmd --permanent --add-service=samba

ssh

8267

8268

8269

firewall-cmd --reload

copy permanent config to running config

firewall-cmd --permanent --list-all

verify

systemctl status firewalld

verify