Background
There are many GNU/Linux distributions available but my favorite is Debian. The latest version at the time of this post is Debian 9 “Strecth”. Debian does not come optimally prepared for my specific needs right out of the box. Other distributions come with some of these things pre-installed, but Debian does not want to force them on those who don’t want them. However, with a few quick configuration changes and additional packages, the system can be greatly improved. This post describes the initial changes I prefer to make after installing the stock images.
Ensure the Packages are Updated
The first step is to ensure that all packages are up to date.
# apt-get update # apt-get upgrade
Install etckeeper
The first thing I like to install is etckeeper, which keeps track of any changes made to etc configuration files with a version control system. But before I install etckeeper, I first install and configure git. I prefer to do this first so that all my other configuration changes in /etc are tracked in git.
# apt-get install -y git # git config --global user.name "Jon Doe" # git config --global user.email "jondoe@example.com" # apt-get install -y etckeeper
Install vim
Next I like to install vim and make sure it is selected as the default editor.
# apt-get install -y vim # echo 'SELECTED_EDITOR="/usr/bin/vim.basic"' > ~/.selected_editor
I also run update-alternatives to set vim.basic as my editor of choice. You can optionally use readlink to confirm that the change worked.
# update-alternatives --set editor /usr/bin/vim.basic # readlink /etc/alternatives/editor /usr/bin/vim.basic
Modify bashrc
Define PS1 in root’s .bashrc to add color to terminal prompt.
# sed -i \
-e "s/^# export LS_OPTIONS='--color=auto'$/export LS_OPTIONS='--color=auto'/" \
-e "s/^# eval \"\`dircolors\`\"$/eval \"\`dircolors\`\"/" \
-e "s/^# alias ls='ls \$LS_OPTIONS'$/alias ls='ls \$LS_OPTIONS'/" \
-e "s/^# alias ll='ls \$LS_OPTIONS -l'$/alias ll='ls \$LS_OPTIONS -l'/" \
-e "s/^# alias l='ls \$LS_OPTIONS -lA'$/alias l='ls \$LS_OPTIONS -lA'/" \
-e "s/^# alias rm='rm -i'$/alias rm='rm -i'/" \
-e "s/^# alias cp='cp -i'$/alias cp='cp -i'/" \
-e "s/^# alias mv='mv -i'$/alias mv='mv -i'/" \
/root/.bashrc
# echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]$ '" >> /root/.bashrc
Setup User Account
Next, I create a user account, add it to the sudo group, and update it’s .bashrc file.
# apt-get install -y sudo
# adduser danny
# adduser danny sudo
# sed -i \
-e "s/^#force_color_prompt=yes$/force_color_prompt=yes/" \
-e "s/^ #alias ls='ls --color=auto'$/ alias ls='ls --color=auto'/" \
-e "s/^ #alias grep='grep --color=auto'$/ alias grep='grep --color=auto'/" \
-e "s/^ #alias fgrep='fgrep --color=auto'$/ alias fgrep='fgrep --color=auto'/" \
-e "s/^ #alias egrep='egrep --color=auto'$/ alias egrep='egrep --color=auto'/" \
-e "s/^#alias ll='ls -l'/alias ll='ls -l'/" \
-e "s/^#alias la='ls -A'/alias la='ls -A'/" \
-e "s/^#alias l='ls -CF'/alias l='ls -CF'/" \
-e "$a\\nexport PATH=$PATH:/usr/sbin:/sbin" \
/home/danny/.bashrc
Keep Clock Synchronized with NTP
To keep the clock synchronized with internet standard time servers, install the ntp daemon.
$ sudo apt-get install -y ntp
Prevent Catastrophic User Error
Next, I like to install several packages that help prevent catastrophic user error. Firstly, I like to install safe-rm, which is a wrapper around the rm command that prevents accidental deletions of files. Secondly, I like to install molly-guard, which guards against accidental shutdowns or reboots by prompting the user for the hostname before allowing the instructions to execute.
$ sudo apt-get install -y safe-rm molly-guard
Ensure Latest Version of Libraries Are In Use
needrestart checks which running daemons need to be restarted after library upgrades. This may help catch issues sooner and ensure that the latest version of the library is being used by all running daemons. It also informs you when a restart is required to use a newer version of the kernel.
$ sudo apt-get install -y needrestart
Make iptables Changes Persistent
By default changes to iptables will not be preserved on reboot. To fix this, I install iptables-persistent and have it save the current running configuration to /etc/iptables/rules.v4 and /etc/iptables/rules.v6 for IPv4 and IPv6, respsectively.
$ sudo apt-get install -y iptables-persistent
Whenever changes are made to iptables, the files can be updated with the following commands for IPv4 and IPv6, respectively:
$ sudo iptables-save > /etc/iptables/rules.v4 $ sudo ip6tables-save > /etc/iptables/rules.v6
Email Notifications Listing Packages Pending an Upgrade
Some upgrades have important bug or security patches that leave the system vulnerable if they remain unpatched. Email notifications may help keep the system administrator informed about important updates.
$ sudo apt-get install -y apticron
Install and Configure ufw
Uncomplicated firewall (ufw) is an easy to use front-end for netfilter.
$ sudo apt-get install ufw $ sudo ufw allow ssh $ sudo ufw enable
Install Optional Utilities
The tree utility lists contents of directories in a tree-like format. The file utility determines file type. The less utility is an alternative pager to the more utility that allows scrolling upwards.
$ sudo apt-get install -y tree file less
The dos2unix utility converts text files from DOS to Unix. The renameutils package provides utilities for quickly moving or copying files, editing the file name in a text editor. The bzip2 package provides utilities for bzip2 compression.
$ sudo apt-get install -y dos2unix renameutils bzip2
The sysstat package which provides iostat and mpstat. The dstat utility is an alternative to iostat and mpstat that is more pretty.
$ sudo apt-get install -y sysstat dstat
The htop utility is an alternative to top but allows you to scroll and looks pretty. The iotop utility is a top-like disk I/O monitor. The itop utility is a top-like interrupt load monitor.
$ sudo apt-get install -y htop iotop itop iftop
The dnsutils package provides dig and nslookup. The bind9-host provides the host utility.
$ sudo apt-get install -y dnsutils bind9-host
The mtr-tiny package provides the mtr utility which combines the ping and traceroute programs in a single diagnostic tool. Th telnet utility is useful for testing TCP connectivity. The nmap utility is a network exploration tool and port scanner. The tcpdump utility dumps traffic on a network.
$ sudo apt-get install -y mtr-tiny telnet nmap tcpdump