asif/DebianConfigs
1
0
Fork 0
Code Issues Pull Requests Releases 1 Activity

Compare commits

base: asif:07a996361ae810a09236885b4c5158d5a78c378d
Branches Tags
asif:master
asif:V1.5
..
compare: asif:61a2bc7d5ef34eb04d52603fb648147bc1d6e2ac
Branches Tags
asif:master
asif:V1.5

No commits in common. "07a996361ae810a09236885b4c5158d5a78c378d" and "61a2bc7d5ef34eb04d52603fb648147bc1d6e2ac" have entirely different histories.
07a996361a ... 61a2bc7d5e

6 changed files with 92 additions and 200 deletions
Show Stats Expand all files Collapse all files

120
README.md
View File

@ -6,79 +6,85 @@ something else like a webserver, git-server, cloud platform, programming
workstation, etc. Therefore, only a few core files applicable to nearly every
conceivable installation are included here.
This archive and included script are meant to supplement my article on setting
up a Debian base-system found at my blog: [My
Techie-Thoughts](https://mytechiethoughts.com/<post_address>)
## Included files
Please refer to the `readme.md` in each subdirectory for a list and description of
each included file.
### bash template files
## The script file (customize.sh)
#### bash.rc
The included script file copies all the files in this archive to the proper
locations on a default Debian Stretch system. It makes backups of your existing
files in-place with the extension *.original*. This simply saves you time and
possible errors copying the files manually. The structure of this archive
exactly mirrors a default Debian installation, so you can use that as a guide if
you choose not to use the script.
Included are *.bashrc* files for both new users (in the */etc/skel/* directory)
and the root user. These files are the Debian default files. They are included
and copied so that user profiles start out at baseline settings and pull all
initial customizations from */etc/bash.bashrc*. Users are free to alter their
*.bashrc* as they see fit and those settings will override or add to the ones
I've included in */etc/bash.bashrc*
### Running the script
#### profile
Please note you must either make the script executable or call it explicitly via
BASH. In the latter case, you'd run the script as follows:
This is the Debian default *profile* and is copied to */etc/profile* to return
the system to a baseline configuration. Again, this is done to ensure that only
*/etc/bash.bashrc* is providing initial customizations to users.
```bash
/bin/bash ./customize.sh
```
#### bash.bashrc
If you want to make the script executable:
Of the bash customization files, this is the only one that is NOT in a default
configuration. I have added the following customizations I find useful
especially for new users and system admins:
```bash
chmod +x customize.sh
./customize.sh
```
- colourized directory listings with built-in automatic colour settings
- changed prompt to include 24-hour clock, username, hostname and current
directory display
- username changes to RED when working as ROOT (uid=0)
- added the following command aliases
Due to location of the files being replaced, **you MUST run this script as ROOT**
(the script will exit if you run as a different user) or run it via sudo like
this (assuming you made it executable):
alias|full command|explanation
---|---|---
ll|ls -l|default 'ls' output
l|ls -lAsh --group-directories-first|far more useful and robust file display including sizes, permissions and owners
rm|rm -i|confirmation prompt when deleting file
mv|mv -i|confirmation prompt when moving file would result in overwriting existing file
cp|cp -i|confirmation prompt when copying file would result in overwriting existing file
```bash
sudo ./customize.sh
```
### nano defaults (nanorc)
### Passing a custom path to the script
The following options have been enabled/set in nano to provide what I feel is an
easier editing experience especially for people coming from a Windows background
and new users/admins.
If you want to test out the script before having it update your actual system
configuration, you can supply an alternate destination path. This is referred
to as a 'Base Path' by the script and it will show a warning if this option is
used. Please note, your 'Base Path' MUST have the same directory structure as
an actual system. The expected directories must already exist or the script
will just throw errors and not actually copy files.
- 'rebind' numeric keypad to fix problems with using keypad with some SSH clients
- set 'smart home' some home key is useful
- allow opening multiple files at once
- always display line numbers
- constantly display cursor position at the bottom of the screen
- set vim lock-files
- autoindent ON, tab-size of 4 spaces
- convert tabs to spaces
- turn off hard line wrapping
- turn ON soft line wrapping for ease of readability
- closing 'brackets' (for alignment purposes) set as: "')>]}
- cut to end of line by default
- set proper bracket matching (ie. "<" matches ">", etc.)
- turned on default colours so nano doesn't look so drab
- added the following key-bindings
Let's assume you wanted to test the script and copy files to */testdir*. You
would do the following to prepare the directory with the expected structure:
binding|fuction
---|---
alt-c/alt-C|copy selected text
alt-x/alt-X|cut selected text
alt-v/alt-V|paste text on clipboard
```bash
mkdir -p /testdir/root
mkdir -p /testdir/etc/{skel,ssh,systemd}
```
### time syncronization settings (timesyncd.conf)
Then you could invoke the script as follows (assuming you made it executable as
described above):
This file configures *systemd-timesyncd.service* and allows for very simple
NTP-sync setup. Simply edit the **NTP=* to list your desired timeservers,
each separated by a single space. In the event those timeservers are not
available, you can configure back servers by listing them on the
**FallbackNTP=** line, again space delimited.
```bash
./customize.sh /testdir
```
I've set the default in this file to be the worldwide NTP.org servers. This
should work for pretty much anyone that uses this file, but you really should
customize the list to use geographically closer timeservers or the timeserver on
your LAN, etc.
The script would then copy all files into */testdir* while mirroring the
structure of a live system beneath that. Again, this is useful only for testing
and will NOT update your actual system!
### SSH server configuration (sshd_config)
## Final thoughts
Hopefully this saves you some time and helps you standard your new system setups
with a few useful defaults. As always, if you have suggestions or want to leave
feedback for me, please do so on my [blog
post](https://mytechiethoughts.com/<post_address>) related to this script!

79
config/etc/readme.md
View File

@ -1,58 +1,29 @@
# /etc: Included files
Configuration files and/or changes to default config files in /etc/
=
Three files are updated in the */etc* folder.
- Setup timesyncd for NTP syncing (using systemd, not ntp package)
- set to use global pool.ntp.org, you should change this!
- verify timesyncd is working with 'timedatectl' command
## BASH default profile (profile)
- Setup nano with helpful configurations both locally and via SSH
- rebind number lock
- constant show cursor position at bottom of screen
- constant show line numbers on the left
- added shortcuts for cut, copy, paste using alt-x,c,v respectively
- enable multi-buffer for concurrent open files
- cut to end-of-line
- bracket and quote matching
- tabs converted to spaces, tab = 4 spaces
- activate default colourization
This is the Debian Stretch default *profile* and is copied to */etc/profile* to
return accounts to a baseline configuration. Again, this is done to ensure that
only */etc/bash.bashrc* is providing initial customizations to users.
- Colourize prompt
- red username for root user or shell accessed as root (su, sudo -s, etc.)
- green username for regular users
- display time and full path
## Default BASH settings (bash.bashrc)
Of the bash customization files, this is the only one that is NOT in a default
configuration. I have added the following customizations I find useful
especially for new users and system admins:
- colourized directory listings with built-in automatic colour settings
- changed prompt to include 24-hour clock, username, hostname and current
directory display
- username changes to RED when working as ROOT (uid=0)
- added the following command aliases
alias|full command|explanation
---|---|---
ll|ls -l|default 'ls' output
l|ls -lAsh --group-directories-first|far more useful and robust file display including sizes, permissions and owners
rm|rm -i|confirmation prompt when deleting file
mv|mv -i|confirmation prompt when moving file would result in overwriting existing file
cp|cp -i|confirmation prompt when copying file would result in overwriting existing file
## nano defaults (nanorc)
The following options have been enabled/set in nano to provide what I feel is an
easier editing experience especially for people coming from a Windows background
and new users/admins.
- 'rebind' numeric keypad to fix problems using keypad with some SSH clients
- set 'smart home' so home key is useful
- allow opening multiple files at once
- always display line numbers
- constantly display cursor position at the bottom of the screen
- set vim lock-files
- autoindent ON
- tab-size of 4 spaces
- convert tabs to spaces
- turn off hard line wrapping
- turn ON soft line wrapping for ease of readability
- closing 'brackets' (for alignment purposes) set as: "')>]}
- cut to end of line by default
- set proper bracket matching (ie. "<" matches ">", etc.)
- turned on default colours so nano doesn't look so drab
- added the following key-bindings
binding|function
---|---
alt-c/alt-C|copy selected text
alt-x/alt-X|cut selected text
alt-v/alt-V|paste text on clipboard
- Setup SSH server
- use non-standard port 222
- use host-keys (RSA and ED25519 - you need to generate these!)
- display a banner on sucessful connection
- do not allow root login
- require keyfile authentication (disable password authentication)

10
config/etc/skel/readme.md
View File

@ -1,10 +0,0 @@
# /etc/skel: Included files
## bash.rc
This file is used to create a new user's *~/.bashrc*. The copy included here is
the Debian Stretch default file. Copying the default file resets all new users
to a baseline state and ensures they pull their initial custom settings from the
modified */etc/bash.bashrc* found in this archive. If you need to reset
existing users to a baseline configuration, have them copy this file to their
home directory.

38
config/etc/ssh/readme.md
View File

@ -1,38 +0,0 @@
# /etc/ssh: Included files
## SSH server configuration (sshd_config)
This is a pretty basic SSH server setup with a few options initially commented
out for ease of setup. You should generate SSH Host Keys and enable the
relevant lines in the configuration. In addition, you should generate ssh
key-pairs for your users and then set both *PermitRootLogin* and
*PasswordAuthentication* to **no**.
The default configuration included here will:
- listen on all configured interfaces
- **listen on non-standard port 222**
- permit root login
- permit passwords for authentication
The commented lines indicate the *recommended settings* and appear directly
before the setting currently enabled that should be changed (i.e. line removed
and replaced with the commented line above it).
Please see my post at [My Techie-Thoughts](https://mytechiethoughts.com/<post_address) for detailed
instructions on setting up a secure SSH server.
## Banner file (banner)
This is a sample file that can be displayed upon successful authentication to
your server via SSH. It is included only as an example and does not need to be
used. You can delete/change/replace it freely. It is referenced in the
*sshd_config* on the line that reads:
```ini
#Banner /etc/ssh/banner
```
If you want to use the banner file, edit it as desired then uncomment this line
in your *sshd_config*. If you do not want a banner displayed, simply leave this
line commented (as-is) in your configuration.

31
config/etc/systemd/readme.md
View File

@ -1,31 +0,0 @@
# /etc/systemd: Included files
## Time synchronization settings (timesyncd.conf)
This file configures the *systemd-timesyncd.service* and allows for a very
simple NTP-sync setup. Edit the **NTP=** line with a space-delimited list of
your desired timeservers. In the event those timeservers are not available, you
can configure backup servers by listing them on the **FallbackNTP=** line, again
space delimited.
I've set the defaults in this file to be the worldwide NTP.org servers. This
should work for pretty much anyone that uses this file, but you *really should*
customize the list to use geographically closer timeservers (check out the list
[here](http://support.ntp.org/bin/view/Servers/NTPPoolServers)) or the
timeserver on your LAN, etc.
When you're done editing this file, make sure you restart the *timesyncd
service* and check it's status to verify it is now using one of your defined NTP
servers.
```bash
systemctl restart systemd-timesyncd.service && systemctl status systemd-timesyncd.service
```
Finally, you can confirm things are working properly by running timedatectl.
```bash
timedatectl
```
You should see the correct time listed and *NTP synchronized: yes*.

12
config/root/readme.md
View File

@ -1,9 +1,3 @@
# /root: Included files
## bash.rc
The copy included here is the Debian Stretch default file for the **ROOT user**.
Copying the default file resets the root user's profile to a baseline state and
ensures they pull their initial custom settings from the modified
*/etc/bash.bashrc* found in this archive. If you ever need to reset your root
user's profile, simply copy this file.
Changes/additions in the /root folder.
=
- default .bashrc (for reference or to return to default state)