Compare commits
	
		
			No commits in common. "07a996361ae810a09236885b4c5158d5a78c378d" and "61a2bc7d5ef34eb04d52603fb648147bc1d6e2ac" have entirely different histories.
		
	
	
		
			07a996361a
			...
			61a2bc7d5e
		
	
		
							
								
								
									
										120
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										120
									
								
								README.md
									
									
									
									
									
								
							| @ -6,79 +6,85 @@ something else like a webserver, git-server, cloud platform, programming | |||||||
| workstation, etc.  Therefore, only a few core files applicable to nearly every | workstation, etc.  Therefore, only a few core files applicable to nearly every | ||||||
| conceivable installation are included here. | conceivable installation are included here. | ||||||
| 
 | 
 | ||||||
| This archive and included script are meant to supplement my article on setting |  | ||||||
| up a Debian base-system found at my blog: [My |  | ||||||
| Techie-Thoughts](https://mytechiethoughts.com/<post_address>) |  | ||||||
| 
 |  | ||||||
| ## Included files | ## Included files | ||||||
| 
 | 
 | ||||||
| Please refer to the `readme.md` in each subdirectory for a list and description of | ### bash template files | ||||||
| each included file. |  | ||||||
| 
 | 
 | ||||||
| ## The script file (customize.sh) | #### bash.rc | ||||||
| 
 | 
 | ||||||
| The included script file copies all the files in this archive to the proper | Included are *.bashrc* files for both new users (in the */etc/skel/* directory) | ||||||
| locations on a default Debian Stretch system.  It makes backups of your existing | and the root user.  These files are the Debian default files.  They are included | ||||||
| files in-place with the extension *.original*.  This simply saves you time and | and copied so that user profiles start out at baseline settings and pull all | ||||||
| possible errors copying the files manually.  The structure of this archive | initial customizations from */etc/bash.bashrc*.  Users are free to alter their | ||||||
| exactly mirrors a default Debian installation, so you can use that as a guide if | *.bashrc* as they see fit and those settings will override or add to the ones | ||||||
| you choose not to use the script. | I've included in */etc/bash.bashrc* | ||||||
| 
 | 
 | ||||||
| ### Running the script | #### profile | ||||||
| 
 | 
 | ||||||
| Please note you must either make the script executable or call it explicitly via | This is the Debian default *profile* and is copied to */etc/profile* to return | ||||||
| BASH.  In the latter case, you'd run the script as follows: | the system to a baseline configuration.  Again, this is done to ensure that only | ||||||
|  | */etc/bash.bashrc* is providing initial customizations to users. | ||||||
| 
 | 
 | ||||||
| ```bash | #### bash.bashrc | ||||||
| /bin/bash ./customize.sh |  | ||||||
| ``` |  | ||||||
| 
 | 
 | ||||||
| If you want to make the script executable: | Of the bash customization files, this is the only one that is NOT in a default | ||||||
|  | configuration. I have added the following customizations I find useful | ||||||
|  | especially for new users and system admins: | ||||||
| 
 | 
 | ||||||
| ```bash | - colourized directory listings with built-in automatic colour settings | ||||||
| chmod +x customize.sh | - changed prompt to include 24-hour clock, username, hostname and current | ||||||
| ./customize.sh |   directory display | ||||||
| ``` |   - username changes to RED when working as ROOT (uid=0) | ||||||
|  | - added the following command aliases | ||||||
|    |    | ||||||
| Due to location of the files being replaced, **you MUST run this script as ROOT** |   alias|full command|explanation | ||||||
| (the script will exit if you run as a different user) or run it via sudo like |   ---|---|--- | ||||||
| this (assuming you made it executable): |   ll|ls -l|default 'ls' output | ||||||
|  |   l|ls -lAsh --group-directories-first|far more useful and robust file display including sizes, permissions and owners | ||||||
|  |   rm|rm -i|confirmation prompt when deleting file | ||||||
|  |   mv|mv -i|confirmation prompt when moving file would result in overwriting existing file | ||||||
|  |   cp|cp -i|confirmation prompt when copying file would result in overwriting existing file | ||||||
| 
 | 
 | ||||||
| ```bash | ### nano defaults (nanorc) | ||||||
| sudo ./customize.sh |  | ||||||
| ``` |  | ||||||
| 
 | 
 | ||||||
| ### Passing a custom path to the script | The following options have been enabled/set in nano to provide what I feel is an | ||||||
|  | easier editing experience especially for people coming from a Windows background | ||||||
|  | and new users/admins. | ||||||
| 
 | 
 | ||||||
| If you want to test out the script before having it update your actual system | - 'rebind' numeric keypad to fix problems with using keypad with some SSH clients | ||||||
| configuration, you can supply an alternate destination path.  This is referred | - set 'smart home' some home key is useful | ||||||
| to as a 'Base Path' by the script and it will show a warning if this option is | - allow opening multiple files at once | ||||||
| used.  Please note, your 'Base Path' MUST have the same directory structure as | - always display line numbers | ||||||
| an actual system.  The expected directories must already exist or the script | - constantly display cursor position at the bottom of the screen | ||||||
| will just throw errors and not actually copy files. | - set vim lock-files | ||||||
|  | - autoindent ON, tab-size of 4 spaces | ||||||
|  | - convert tabs to spaces | ||||||
|  | - turn off hard line wrapping | ||||||
|  | - turn ON soft line wrapping for ease of readability | ||||||
|  | - closing 'brackets' (for alignment purposes) set as: "')>]} | ||||||
|  | - cut to end of line by default | ||||||
|  | - set proper bracket matching (ie. "<" matches ">", etc.) | ||||||
|  | - turned on default colours so nano doesn't look so drab | ||||||
|  | - added the following key-bindings | ||||||
| 
 | 
 | ||||||
| Let's assume you wanted to test the script and copy files to */testdir*.  You | binding|fuction | ||||||
| would do the following to prepare the directory with the expected structure: | ---|--- | ||||||
|  | alt-c/alt-C|copy selected text | ||||||
|  | alt-x/alt-X|cut selected text | ||||||
|  | alt-v/alt-V|paste text on clipboard | ||||||
| 
 | 
 | ||||||
| ```bash | ### time syncronization settings (timesyncd.conf) | ||||||
| mkdir -p /testdir/root |  | ||||||
| mkdir -p /testdir/etc/{skel,ssh,systemd} |  | ||||||
| ``` |  | ||||||
| 
 | 
 | ||||||
| Then you could invoke the script as follows (assuming you made it executable as | This file configures *systemd-timesyncd.service* and allows for very simple | ||||||
| described above): | NTP-sync setup.  Simply edit the **NTP=* to list your desired timeservers, | ||||||
|  | each separated by a single space.  In the event those timeservers are not | ||||||
|  | available, you can configure back servers by listing them on the | ||||||
|  | **FallbackNTP=** line, again space delimited. | ||||||
| 
 | 
 | ||||||
| ```bash | I've set the default in this file to be the worldwide NTP.org servers.  This | ||||||
| ./customize.sh /testdir | should work for pretty much anyone that uses this file, but you really should | ||||||
| ``` | customize the list to use geographically closer timeservers or the timeserver on | ||||||
|  | your LAN, etc. | ||||||
| 
 | 
 | ||||||
| The script would then copy all files into */testdir* while mirroring the | ### SSH server configuration (sshd_config) | ||||||
| structure of a live system beneath that.  Again, this is useful only for testing |  | ||||||
| and will NOT update your actual system! |  | ||||||
| 
 | 
 | ||||||
| ## Final thoughts |  | ||||||
| 
 |  | ||||||
| Hopefully this saves you some time and helps you standard your new system setups |  | ||||||
| with a few useful defaults.  As always, if you have suggestions or want to leave |  | ||||||
| feedback for me, please do so on my [blog |  | ||||||
| post](https://mytechiethoughts.com/<post_address>) related to this script! |  | ||||||
| @ -1,58 +1,29 @@ | |||||||
| # /etc: Included files | Configuration files and/or changes to default config files in /etc/ | ||||||
|  | = | ||||||
| 
 | 
 | ||||||
| Three files are updated in the */etc* folder. |  - Setup timesyncd for NTP syncing (using systemd, not ntp package)   | ||||||
|  |    - set to use global pool.ntp.org, you should change this! | ||||||
|  |    - verify timesyncd is working with 'timedatectl' command | ||||||
| 
 | 
 | ||||||
| ## BASH default profile (profile) |  - Setup nano with helpful configurations both locally and via SSH   | ||||||
|  |    - rebind number lock | ||||||
|  |    - constant show cursor position at bottom of screen | ||||||
|  |    - constant show line numbers on the left | ||||||
|  |    - added shortcuts for cut, copy, paste using alt-x,c,v respectively | ||||||
|  |    - enable multi-buffer for concurrent open files | ||||||
|  |    - cut to end-of-line | ||||||
|  |    - bracket and quote matching | ||||||
|  |    - tabs converted to spaces, tab = 4 spaces | ||||||
|  |    - activate default colourization | ||||||
| 
 | 
 | ||||||
| This is the Debian Stretch default *profile* and is copied to */etc/profile* to |  - Colourize prompt   | ||||||
| return accounts to a baseline configuration.  Again, this is done to ensure that |    - red username for root user or shell accessed as root (su, sudo -s, etc.) | ||||||
| only */etc/bash.bashrc* is providing initial customizations to users. |    - green username for regular users | ||||||
|  |    - display time and full path | ||||||
| 
 | 
 | ||||||
| ## Default BASH settings (bash.bashrc) |  - Setup SSH server   | ||||||
| 
 |    - use non-standard port 222 | ||||||
| Of the bash customization files, this is the only one that is NOT in a default |    - use host-keys (RSA and ED25519 - you need to generate these!) | ||||||
| configuration. I have added the following customizations I find useful |    - display a banner on sucessful connection | ||||||
| especially for new users and system admins: |    - do not allow root login | ||||||
| 
 |    - require keyfile authentication (disable password authentication) | ||||||
| - colourized directory listings with built-in automatic colour settings |  | ||||||
| - changed prompt to include 24-hour clock, username, hostname and current |  | ||||||
|   directory display |  | ||||||
|   - username changes to RED when working as ROOT (uid=0) |  | ||||||
| - added the following command aliases |  | ||||||
| 
 |  | ||||||
|   alias|full command|explanation |  | ||||||
|   ---|---|--- |  | ||||||
|   ll|ls -l|default 'ls' output |  | ||||||
|   l|ls -lAsh --group-directories-first|far more useful and robust file display including sizes, permissions and owners |  | ||||||
|   rm|rm -i|confirmation prompt when deleting file |  | ||||||
|   mv|mv -i|confirmation prompt when moving file would result in overwriting existing file |  | ||||||
|   cp|cp -i|confirmation prompt when copying file would result in overwriting existing file |  | ||||||
| 
 |  | ||||||
| ## nano defaults (nanorc) |  | ||||||
| 
 |  | ||||||
| The following options have been enabled/set in nano to provide what I feel is an |  | ||||||
| easier editing experience especially for people coming from a Windows background |  | ||||||
| and new users/admins. |  | ||||||
| 
 |  | ||||||
| - 'rebind' numeric keypad to fix problems using keypad with some SSH clients |  | ||||||
| - set 'smart home' so home key is useful |  | ||||||
| - allow opening multiple files at once |  | ||||||
| - always display line numbers |  | ||||||
| - constantly display cursor position at the bottom of the screen |  | ||||||
| - set vim lock-files |  | ||||||
| - autoindent ON |  | ||||||
| - tab-size of 4 spaces |  | ||||||
| - convert tabs to spaces |  | ||||||
| - turn off hard line wrapping |  | ||||||
| - turn ON soft line wrapping for ease of readability |  | ||||||
| - closing 'brackets' (for alignment purposes) set as: "')>]} |  | ||||||
| - cut to end of line by default |  | ||||||
| - set proper bracket matching (ie. "<" matches ">", etc.) |  | ||||||
| - turned on default colours so nano doesn't look so drab |  | ||||||
| - added the following key-bindings |  | ||||||
| 
 |  | ||||||
| binding|function |  | ||||||
| ---|--- |  | ||||||
| alt-c/alt-C|copy selected text |  | ||||||
| alt-x/alt-X|cut selected text |  | ||||||
| alt-v/alt-V|paste text on clipboard |  | ||||||
|  | |||||||
| @ -1,10 +0,0 @@ | |||||||
| # /etc/skel: Included files |  | ||||||
| 
 |  | ||||||
| ## bash.rc |  | ||||||
| 
 |  | ||||||
| This file is used to create a new user's *~/.bashrc*.  The copy included here is |  | ||||||
| the Debian Stretch default file.  Copying the default file resets all new users |  | ||||||
| to a baseline state and ensures they pull their initial custom settings from the |  | ||||||
| modified */etc/bash.bashrc* found in this archive.  If you need to reset |  | ||||||
| existing users to a baseline configuration, have them copy this file to their |  | ||||||
| home directory. |  | ||||||
| @ -1,38 +0,0 @@ | |||||||
| # /etc/ssh: Included files |  | ||||||
| 
 |  | ||||||
| ## SSH server configuration (sshd_config) |  | ||||||
| 
 |  | ||||||
| This is a pretty basic SSH server setup with a few options initially commented |  | ||||||
| out for ease of setup.  You should generate SSH Host Keys and enable the |  | ||||||
| relevant lines in the configuration.  In addition, you should generate ssh |  | ||||||
| key-pairs for your users and then set both *PermitRootLogin* and |  | ||||||
| *PasswordAuthentication* to **no**. |  | ||||||
| 
 |  | ||||||
| The default configuration included here will: |  | ||||||
| 
 |  | ||||||
| - listen on all configured interfaces |  | ||||||
| - **listen on non-standard port 222** |  | ||||||
| - permit root login |  | ||||||
| - permit passwords for authentication |  | ||||||
| 
 |  | ||||||
| The commented lines indicate the *recommended settings* and appear directly |  | ||||||
| before the setting currently enabled that should be changed (i.e. line removed |  | ||||||
| and replaced with the commented line above it). |  | ||||||
| 
 |  | ||||||
| Please see my post at [My Techie-Thoughts](https://mytechiethoughts.com/<post_address) for detailed |  | ||||||
| instructions on setting up a secure SSH server. |  | ||||||
| 
 |  | ||||||
| ## Banner file (banner) |  | ||||||
| 
 |  | ||||||
| This is a sample file that can be displayed upon successful authentication to |  | ||||||
| your server via SSH.  It is included only as an example and does not need to be |  | ||||||
| used.  You can delete/change/replace it freely.  It is referenced in the |  | ||||||
| *sshd_config* on the line that reads: |  | ||||||
| 
 |  | ||||||
| ```ini |  | ||||||
| #Banner /etc/ssh/banner |  | ||||||
| ``` |  | ||||||
| 
 |  | ||||||
| If you want to use the banner file, edit it as desired then uncomment this line |  | ||||||
| in your *sshd_config*.  If you do not want a banner displayed, simply leave this |  | ||||||
| line commented (as-is) in your configuration. |  | ||||||
| @ -1,31 +0,0 @@ | |||||||
| # /etc/systemd: Included files |  | ||||||
| 
 |  | ||||||
| ## Time synchronization settings (timesyncd.conf) |  | ||||||
| 
 |  | ||||||
| This file configures the *systemd-timesyncd.service* and allows for a very |  | ||||||
| simple NTP-sync setup.  Edit the **NTP=** line with a space-delimited list of |  | ||||||
| your desired timeservers.  In the event those timeservers are not available, you |  | ||||||
| can configure backup servers by listing them on the **FallbackNTP=** line, again |  | ||||||
| space delimited. |  | ||||||
| 
 |  | ||||||
| I've set the defaults in this file to be the worldwide NTP.org servers.  This |  | ||||||
| should work for pretty much anyone that uses this file, but you *really should* |  | ||||||
| customize the list to use geographically closer timeservers (check out the list |  | ||||||
| [here](http://support.ntp.org/bin/view/Servers/NTPPoolServers)) or the |  | ||||||
| timeserver on your LAN, etc. |  | ||||||
| 
 |  | ||||||
| When you're done editing this file, make sure you restart the *timesyncd |  | ||||||
| service* and check it's status to verify it is now using one of your defined NTP |  | ||||||
| servers. |  | ||||||
| 
 |  | ||||||
| ```bash |  | ||||||
| systemctl restart systemd-timesyncd.service && systemctl status systemd-timesyncd.service |  | ||||||
| ``` |  | ||||||
| 
 |  | ||||||
| Finally, you can confirm things are working properly by running timedatectl. |  | ||||||
| 
 |  | ||||||
| ```bash |  | ||||||
| timedatectl |  | ||||||
| ``` |  | ||||||
| 
 |  | ||||||
| You should see the correct time listed and *NTP synchronized: yes*. |  | ||||||
| @ -1,9 +1,3 @@ | |||||||
| # /root: Included files | Changes/additions in the /root folder. | ||||||
| 
 | = | ||||||
| ## bash.rc | - default .bashrc (for reference or to return to default state) | ||||||
| 
 |  | ||||||
| The copy included here is the Debian Stretch default file for the **ROOT user**. |  | ||||||
| Copying the default file resets the root user's profile to a baseline state and |  | ||||||
| ensures they pull their initial custom settings from the modified |  | ||||||
| */etc/bash.bashrc* found in this archive.  If you ever need to reset your root |  | ||||||
| user's profile, simply copy this file. |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user