Installation
Installation of new computer (Debian Testing)
Installation images (Debian Testing)
Installation images AMD64 (STABLE / unofficial / non-free / including-firmware)
Installation images AMD64 (TESTING / unofficial / non-free / including-firmware)
Create installation USB:
dd if=firmware-9.3.0-amd64-netinst.iso of=/dev/sdX
During installation, do NOT fill in root password, account will be disabled and new user will be member of sudo group.
New disk partitions:
/
/home
/opt
/etc/fstab
/dev/sda1 / ext4 errors=remount-ro 0 1
/dev/sda2 /home ext4 defaults 0 2
/dev/sda5 /opt ext4 defaults 0 2
192.168.122.1:/disk /disk nfs rw,rsize=8192,wsize=8192,timeo=14,intr 0 1
Skeleton:
/etc/default/useradd
HOME=/home
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
Users:
useradd -G users username
usermod -a -G users username
Sudo:
visudo
Add or modify following line.
%sudo ALL=(ALL) NOPASSWD:ALL
Firmware:
apt-get install firmware-linux-free firmware-linux-nonfree firmware-iwlwifi
Multimedia:
apt-get install deb-multimedia-keyring
XFCE + Web browser:
apt-get install xorg lightdm xfce4 iceweasel iceweasel-l10n-cs gksu
XFCE tools:
apt-get install network-manager-gnome ttf-mscorefonts-installer unrar flashplayer-mozilla openjdk-7-jre icedtea-7-plugin
System core tools:
apt-get install apt-utils adduser sudo aptitude base-files bash coreutils cups-bsd debconf findutils grep grub-pc gzip hostname ifupdown iptables iproute less lsof menu locales netbase passwd portmap tar time mtr-tiny wget curl ncdu whois hwinfo traceroute logrotate lshw lsof postfix gnupg dirmngr procinfo inxi apt-transport-https
Optional core tools:
apt-get install ntp vim nmap htop iotop iftop iptraf acpid eject screen usbutils pciutils ethtool cryptsetup openssh-server lshw ufw ipcalc mc parted hddtemp smartmontools numlockx rsyslog lm-sensors links logrotate pm-utils speedometer sysv-rc-conf bsdutils btrfs-tools fuse-utils hddtemp hdparm smbclient cups-client atop fsarchiver sysstat logwatch fail2ban mutt needrestart
Basic operator tools:
apt-get install p7zip gnome-system-monitor libreoffice-bundled brasero deluge cheese vlc gnome-mplayer totem pidgin guake openvpn baobab epiphany-browser tsclient libwebcam0 gnome-disk-utility network-manager-openvpn-gnome libwebcam0 rdesktop gimp
HP printer dependencies:
apt-get install cups cups-client cups-bsd system-config-printer hplip printer-driver-hpijs foomatic-db-compressed-ppds printer-driver-hpcups
Non-free tools:
apt-get install flashplayer-chromium flashplayer-mozilla
Virtual box dependencies:
apt-get install fakeroot linux-headers-$(uname -r) busybox initramfs-tools gcc cpp dkms binutils make
Java dependencies:
apt-get install java-common openjdk-9-jre
HP LIP Debug:
apt-get install libcups2 cups libcups2-dev cups-bsd cups-client libcupsimage2-dev libdbus-1-dev build-essential ghostscript openssl libjpeg-turbo8-dev libsnmp-dev libtool libusb-dev python-imaging policykit-1 policykit-1-gnome python-qt4 python-qt4-dbus python-dbus python-gobject python-dev python-notify python python-reportlab libsane libsane-dev sane-utils xsane
Optional international fonts:
apt-get install xfonts-thai
Configuration
Skype:
https://wiki.debian.org/skype
dpkg -s apt-transport-https > /dev/null || bash -c "sudo apt-get update; sudo apt-get install apt-transport-https libappindicator1 -y"
echo "deb [arch=amd64] https://repo.skype.com/deb stable main" | sudo tee /etc/apt/sources.list.d/skypeforlinux.list
sudo apt-get update && sudo apt-get install skypeforlinux -y
Logwatch:
mkdir /var/cache/logwatch
/usr/share/logwatch/default.conf/logwatch.conf
Detail = High
Locales:
(Debian)
/etc/locale.gen
(Ubuntu)
/var/lib/locales/supported.d/local
cs_CZ.UTF-8 UTF-8
en_US.UTF-8 UTF-8
/etc/default/locale
LANG="en_US.UTF-8"
LANGUAGE="en_US.UTF-8"
LC_TIME="cs_CZ.UTF-8"
LC_NUMERIC="cs_CZ.UTF-8"
LC_MONETARY="cs_CZ.UTF-8"
LC_PAPER="cs_CZ.UTF-8"
LC_NAME="cs_CZ.UTF-8"
LC_ADDRESS="cs_CZ.UTF-8"
LC_TELEPHONE="cs_CZ.UTF-8"
LC_MEASUREMENT="cs_CZ.UTF-8"
LC_IDENTIFICATION="cs_CZ.UTF-8"
locale-gen
Timezone:
/etc/timezone
Europe/Prague
dpkg-reconfigure tzdata
NTP:
/etc/ntp.conf
server tik.cesnet.cz
server tak.cesnet.czservice ntp restart
Postfix:
/etc/postfix/main.cf
/etc/aliases
SSH – restore keys:
/etc/ssh/
sshd_config ssh_host_dsa_key.pub ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub ssh_host_dsa_key ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
UFW rules:
copy from backup /lib/ufw/user.rules
Autologin:
/etc/lightdm/lightdm.conf
autologin-user=username
Multisystem:
deb http://liveusb.info/multisystem/depot all main
deb-src http://liveusb.info/multisystem/depot all main
Virtualbox:
deb http://download.virtualbox.org/virtualbox/debian wheezy contrib
Google Talk plugin:
apt-get install google-talkplugin
deb http://dl.google.com/linux/talkplugin/deb/ stable main
Add apt keys:
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 54422A4B98AB5139 07DC563D1F41B907 3EE67F3D0FF405B2 A040830F7FAC5991 4E940D7FDD7FB8CC
/etc/apt/sources.list
deb http://ftp.cz.debian.org/debian/ stretch main contrib non-free
deb-src http://ftp.cz.debian.org/debian/ stretch main contrib non-free
deb http://security.debian.org/ stretch/updates main contrib non-free
deb-src http://security.debian.org/ stretch/updates main contrib non-free
deb http://ftp.cz.debian.org/debian/ stretch-updates main contrib non-free
deb-src http://ftp.cz.debian.org/debian/ stretch-updates main contrib non-free
deb http://ftp.cz.debian.org/debian/ stretch-backports main contrib non-free
deb-src http://ftp.cz.debian.org/debian/ stretch-backports main contrib non-free
## only for laptops and desktops
# Debian Multimedia repository
deb http://www.deb-multimedia.org/ stretch main non-free
deb-src http://www.deb-multimedia.org/ stretch main
# Linux Mint Debian Edition (LMDE 3) repository is Cindy (older is Betsy)
deb http://mirrors.nic.cz/linuxmint-packages/ cindy main upstream import backport.
deb http://extra.linuxmint.com/ betsy mainNotebook tools:
apt-get install cpufreqd
Xfce4-sensors plugin:
chmod u+s /usr/sbin/hddtemp
What to backup
/home/
/root
/usr/local/bin/
/var/spool/cron/
/var/cache/apt/
/var/lib/apt/
/var/lib/mysql
/var/www/
/etc/*
(hostname, passwd, shadow, group, gshadow, fstab, crypttab, sudoers, mailname, aliases, networks, crontab, issue, motd, ssh/*, apt/*, ufw/*, cups/*, ntp.conf, rsnapshot.conf)/etc/network/interfaces
192.168.122.1 / 255.255.255.224 / 192.168.122.30
/etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
/etc/hosts
127.0.0.1 localhost
192.168.1.30 home-router home-router.local router
192.168.1.1 home-laptop home-laptop.local laptopPost install configuration
Sensors (sensors-detect)
Postfix
Securing a New Linux Installation (Logwatch, RKHunter, HostsDeny, Fail2Ban)
SmartmonTools (/etc/default/smartmontools, start_smartd=yes)
HDD temp (/etc/default/hddtemp, RUN_DAEMON="true")
CUPS
GRUB
SSH server
UFW firewall
NFS server-client
Aptitude unattended-upgrades
Linux counter
DynDNS client
Repair blank boot splash screen (Ubuntu / Mint):
sudo -s
echo FRAMEBUFFER=y>>/etc/initramfs-tools/conf.d/splash
update-alternatives --config default.plymouth
update-initramfs -u
Change repository source (fast czech mirror):
/etc/apt/sources.list
deb http://mirrors.nic.cz/linuxmint-packages/ debian main upstream import backport
Clean unused packages:
apt-get autoremove
List of all packages
acpi acpid adduser airport-utils and apt apt-utils aptitude at aufs-tools autoconf automake avahi-utils baobab base-files base-passwd bash bind9-host bleachbit brasero bsd-mailx bsdmainutils bsdutils btrfs-tools busybox bzip2 cabextract cheese chromium chromium-l10n cli-common coreutils cpio cron cryptsetup cups-pdf curl dash dconf-tools debconf debian-archive-keyring debianutils debootstrap deluge dia diffutils dkms dmidecode dnsutils dpkg duplicity dvd+rw-tools e2fsprogs ed efibootmgr eog fail2ban fetchmail file findutils fonts-liberation fonts-thai-tlwg foomatic-db-gutenprint fortune-mod fortunes fortunes-cs fortunes-min ftp fsarchiver fusesmb fuseiso gedit gettext-base ghostscript-x git gksu gnupg gparted grep groff-base growisofs gthumb guake gucharmap gufw gvncviewer gzip hello host hostname htop hwinfo iftop ifupdown info initramfs-tools ioping iotop ipcalc iperf iproute iproute2 iptables iptraf iputils-arping iputils-ping iputils-tracepath keyboard-configuration kismet kmod krb5-locales laptop-detect laptop-mode-tools less locales login logrotate logwatch lsb-base lshw lsof ltrace lxc lynx m4 makedev man-db mawk mbr mc memtest86+ menu mime-support mlocate mount mplayer2 mtools mtr-tiny mutt myspell-cs namebench nano nbtscan ncurses-base net-tools netbase netcat-traditional network-manager-openvpn network-manager-openvpn-gnome network-manager-pptp network-manager-pptp-gnome nfs-common nmap ntpdate numlockx openssh-client openvpn p7zip passwd pastebinit patch pciutils perl pidgin pinta pkg-config postfix pppconfig pppoe pppoeconf pptp-linux procinfo procmail procps psensor pulseaudio pulseaudio-utils python rdesktop rdiff-backup readline-common reiser4progs reiserfsprogs rpcbind rsnapshot rsync rsyslog samba screen sed smartmontools sshfs strace sudo syslinux syslinux-common sysstat sysv-rc-conf tar tcpdump telnet texinfo time traceroute ttf-freefont tzdata ucf udev ufw unattended-upgrades unicode-screensaver unrar unshield update-notifier usbutils user-setup util-linux uuid-runtime vim vim-common vim-tiny vinagre vino vnc4server w3m wavemon wget whois winetricks wireshark wodim xchat xclip xfce4-screenshooter-plugin xinput xrdp xtightvncviewer xtrans-dev xvnc4viewer zip
