Setting up a Debian box
source link: https://peter.bourgon.org/blog/2010/03/02/setting-up-a-debian-box.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Setting up a Debian box
2010 03 02
I recently bought a Linode virtual server, and in the course of setting it up I realized I have a pretty by-rote series of things I like to do to any new Linux (Debian) machine.
First, it’s important to grab any/all security updates, as specified by the Linode Getting Started guide
# apt-get upgrade
# apt-get upgrade --show-upgraded
You don’t want to really ever log in as root, so make sure your user account (created via adduser) can do superuser things via apt-get install sudo and editing /etc/sudoers.
# User privilege specification
root ALL=(ALL) ALL
foobar ALL=(ALL) ALL
Then, I like to tweak sshd a bit, by editing /etc/sshd/sshd_config. Most importantly, I make sure root login is disabled. Also, I try to prevent my connection from timing out while sitting idle (super annoying!).
PermitRootLogin no
ClientAliveInterval 600
ClientAliveCountMax 10
Then bounce sshd via /etc/init.d/ssh restart.
That typically does it for initial system config. I usually end up installing Squid as a general-purpose web proxy (surprisingly useful) via apt-get install squid, and in order for me to use it from the internet at large there is a bit in the config that I normally have to dig around for.
# http_access allow localnet
http_access allow all # allow all IPs to use the proxy
# And finally deny all other access to this proxy
#http_access deny all # make sure this is commented out
There’s a fun little shell script you can write to help automate the blocking of malicious IPs. Edit /etc/network/interfaces and make sure at the bottom there’s the following line:
post-up iptables-restore /etc/network/iptables.save
Then, you can use this shell script:
#!/bin/bash
if [ "$1" == "" ] ; then
echo "Usage: $0 <ip-address>"
exit
fi
sudo iptables -I INPUT -s $1 -j DROP
sudo bash -c "iptables-save > /etc/network/iptables.save"
Beyond that, there are a number of packages I like to have, but installing them is an easy apt-get install X away.
sudo apt-get install g++ python2.5 git-core mercurial subversion screen nmap
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK