Compare commits
10 Commits
61a2bc7d5e
...
07a996361a
Author | SHA1 | Date | |
---|---|---|---|
|
07a996361a | ||
|
3d0a53279c | ||
|
8fcdc8bcaf | ||
|
0b9eb84ca1 | ||
|
9332ec97ae | ||
|
a19f626e2b | ||
|
ef9ba96918 | ||
|
a387df5147 | ||
|
563f8f058d | ||
|
991319bfde |
122
README.md
122
README.md
@ -6,85 +6,79 @@ something else like a webserver, git-server, cloud platform, programming
|
|||||||
workstation, etc. Therefore, only a few core files applicable to nearly every
|
workstation, etc. Therefore, only a few core files applicable to nearly every
|
||||||
conceivable installation are included here.
|
conceivable installation are included here.
|
||||||
|
|
||||||
|
This archive and included script are meant to supplement my article on setting
|
||||||
|
up a Debian base-system found at my blog: [My
|
||||||
|
Techie-Thoughts](https://mytechiethoughts.com/<post_address>)
|
||||||
|
|
||||||
## Included files
|
## Included files
|
||||||
|
|
||||||
### bash template files
|
Please refer to the `readme.md` in each subdirectory for a list and description of
|
||||||
|
each included file.
|
||||||
|
|
||||||
#### bash.rc
|
## The script file (customize.sh)
|
||||||
|
|
||||||
Included are *.bashrc* files for both new users (in the */etc/skel/* directory)
|
The included script file copies all the files in this archive to the proper
|
||||||
and the root user. These files are the Debian default files. They are included
|
locations on a default Debian Stretch system. It makes backups of your existing
|
||||||
and copied so that user profiles start out at baseline settings and pull all
|
files in-place with the extension *.original*. This simply saves you time and
|
||||||
initial customizations from */etc/bash.bashrc*. Users are free to alter their
|
possible errors copying the files manually. The structure of this archive
|
||||||
*.bashrc* as they see fit and those settings will override or add to the ones
|
exactly mirrors a default Debian installation, so you can use that as a guide if
|
||||||
I've included in */etc/bash.bashrc*
|
you choose not to use the script.
|
||||||
|
|
||||||
#### profile
|
### Running the script
|
||||||
|
|
||||||
This is the Debian default *profile* and is copied to */etc/profile* to return
|
Please note you must either make the script executable or call it explicitly via
|
||||||
the system to a baseline configuration. Again, this is done to ensure that only
|
BASH. In the latter case, you'd run the script as follows:
|
||||||
*/etc/bash.bashrc* is providing initial customizations to users.
|
|
||||||
|
|
||||||
#### bash.bashrc
|
```bash
|
||||||
|
/bin/bash ./customize.sh
|
||||||
|
```
|
||||||
|
|
||||||
Of the bash customization files, this is the only one that is NOT in a default
|
If you want to make the script executable:
|
||||||
configuration. I have added the following customizations I find useful
|
|
||||||
especially for new users and system admins:
|
|
||||||
|
|
||||||
- colourized directory listings with built-in automatic colour settings
|
```bash
|
||||||
- changed prompt to include 24-hour clock, username, hostname and current
|
chmod +x customize.sh
|
||||||
directory display
|
./customize.sh
|
||||||
- username changes to RED when working as ROOT (uid=0)
|
```
|
||||||
- added the following command aliases
|
|
||||||
|
|
||||||
alias|full command|explanation
|
|
||||||
---|---|---
|
|
||||||
ll|ls -l|default 'ls' output
|
|
||||||
l|ls -lAsh --group-directories-first|far more useful and robust file display including sizes, permissions and owners
|
|
||||||
rm|rm -i|confirmation prompt when deleting file
|
|
||||||
mv|mv -i|confirmation prompt when moving file would result in overwriting existing file
|
|
||||||
cp|cp -i|confirmation prompt when copying file would result in overwriting existing file
|
|
||||||
|
|
||||||
### nano defaults (nanorc)
|
Due to location of the files being replaced, **you MUST run this script as ROOT**
|
||||||
|
(the script will exit if you run as a different user) or run it via sudo like
|
||||||
|
this (assuming you made it executable):
|
||||||
|
|
||||||
The following options have been enabled/set in nano to provide what I feel is an
|
```bash
|
||||||
easier editing experience especially for people coming from a Windows background
|
sudo ./customize.sh
|
||||||
and new users/admins.
|
```
|
||||||
|
|
||||||
- 'rebind' numeric keypad to fix problems with using keypad with some SSH clients
|
### Passing a custom path to the script
|
||||||
- set 'smart home' some home key is useful
|
|
||||||
- allow opening multiple files at once
|
|
||||||
- always display line numbers
|
|
||||||
- constantly display cursor position at the bottom of the screen
|
|
||||||
- set vim lock-files
|
|
||||||
- autoindent ON, tab-size of 4 spaces
|
|
||||||
- convert tabs to spaces
|
|
||||||
- turn off hard line wrapping
|
|
||||||
- turn ON soft line wrapping for ease of readability
|
|
||||||
- closing 'brackets' (for alignment purposes) set as: "')>]}
|
|
||||||
- cut to end of line by default
|
|
||||||
- set proper bracket matching (ie. "<" matches ">", etc.)
|
|
||||||
- turned on default colours so nano doesn't look so drab
|
|
||||||
- added the following key-bindings
|
|
||||||
|
|
||||||
binding|fuction
|
If you want to test out the script before having it update your actual system
|
||||||
---|---
|
configuration, you can supply an alternate destination path. This is referred
|
||||||
alt-c/alt-C|copy selected text
|
to as a 'Base Path' by the script and it will show a warning if this option is
|
||||||
alt-x/alt-X|cut selected text
|
used. Please note, your 'Base Path' MUST have the same directory structure as
|
||||||
alt-v/alt-V|paste text on clipboard
|
an actual system. The expected directories must already exist or the script
|
||||||
|
will just throw errors and not actually copy files.
|
||||||
|
|
||||||
### time syncronization settings (timesyncd.conf)
|
Let's assume you wanted to test the script and copy files to */testdir*. You
|
||||||
|
would do the following to prepare the directory with the expected structure:
|
||||||
|
|
||||||
This file configures *systemd-timesyncd.service* and allows for very simple
|
```bash
|
||||||
NTP-sync setup. Simply edit the **NTP=* to list your desired timeservers,
|
mkdir -p /testdir/root
|
||||||
each separated by a single space. In the event those timeservers are not
|
mkdir -p /testdir/etc/{skel,ssh,systemd}
|
||||||
available, you can configure back servers by listing them on the
|
```
|
||||||
**FallbackNTP=** line, again space delimited.
|
|
||||||
|
|
||||||
I've set the default in this file to be the worldwide NTP.org servers. This
|
Then you could invoke the script as follows (assuming you made it executable as
|
||||||
should work for pretty much anyone that uses this file, but you really should
|
described above):
|
||||||
customize the list to use geographically closer timeservers or the timeserver on
|
|
||||||
your LAN, etc.
|
|
||||||
|
|
||||||
### SSH server configuration (sshd_config)
|
```bash
|
||||||
|
./customize.sh /testdir
|
||||||
|
```
|
||||||
|
|
||||||
|
The script would then copy all files into */testdir* while mirroring the
|
||||||
|
structure of a live system beneath that. Again, this is useful only for testing
|
||||||
|
and will NOT update your actual system!
|
||||||
|
|
||||||
|
## Final thoughts
|
||||||
|
|
||||||
|
Hopefully this saves you some time and helps you standard your new system setups
|
||||||
|
with a few useful defaults. As always, if you have suggestions or want to leave
|
||||||
|
feedback for me, please do so on my [blog
|
||||||
|
post](https://mytechiethoughts.com/<post_address>) related to this script!
|
@ -1,29 +1,58 @@
|
|||||||
Configuration files and/or changes to default config files in /etc/
|
# /etc: Included files
|
||||||
=
|
|
||||||
|
|
||||||
- Setup timesyncd for NTP syncing (using systemd, not ntp package)
|
Three files are updated in the */etc* folder.
|
||||||
- set to use global pool.ntp.org, you should change this!
|
|
||||||
- verify timesyncd is working with 'timedatectl' command
|
|
||||||
|
|
||||||
- Setup nano with helpful configurations both locally and via SSH
|
## BASH default profile (profile)
|
||||||
- rebind number lock
|
|
||||||
- constant show cursor position at bottom of screen
|
|
||||||
- constant show line numbers on the left
|
|
||||||
- added shortcuts for cut, copy, paste using alt-x,c,v respectively
|
|
||||||
- enable multi-buffer for concurrent open files
|
|
||||||
- cut to end-of-line
|
|
||||||
- bracket and quote matching
|
|
||||||
- tabs converted to spaces, tab = 4 spaces
|
|
||||||
- activate default colourization
|
|
||||||
|
|
||||||
- Colourize prompt
|
This is the Debian Stretch default *profile* and is copied to */etc/profile* to
|
||||||
- red username for root user or shell accessed as root (su, sudo -s, etc.)
|
return accounts to a baseline configuration. Again, this is done to ensure that
|
||||||
- green username for regular users
|
only */etc/bash.bashrc* is providing initial customizations to users.
|
||||||
- display time and full path
|
|
||||||
|
|
||||||
- Setup SSH server
|
## Default BASH settings (bash.bashrc)
|
||||||
- use non-standard port 222
|
|
||||||
- use host-keys (RSA and ED25519 - you need to generate these!)
|
Of the bash customization files, this is the only one that is NOT in a default
|
||||||
- display a banner on sucessful connection
|
configuration. I have added the following customizations I find useful
|
||||||
- do not allow root login
|
especially for new users and system admins:
|
||||||
- require keyfile authentication (disable password authentication)
|
|
||||||
|
- colourized directory listings with built-in automatic colour settings
|
||||||
|
- changed prompt to include 24-hour clock, username, hostname and current
|
||||||
|
directory display
|
||||||
|
- username changes to RED when working as ROOT (uid=0)
|
||||||
|
- added the following command aliases
|
||||||
|
|
||||||
|
alias|full command|explanation
|
||||||
|
---|---|---
|
||||||
|
ll|ls -l|default 'ls' output
|
||||||
|
l|ls -lAsh --group-directories-first|far more useful and robust file display including sizes, permissions and owners
|
||||||
|
rm|rm -i|confirmation prompt when deleting file
|
||||||
|
mv|mv -i|confirmation prompt when moving file would result in overwriting existing file
|
||||||
|
cp|cp -i|confirmation prompt when copying file would result in overwriting existing file
|
||||||
|
|
||||||
|
## nano defaults (nanorc)
|
||||||
|
|
||||||
|
The following options have been enabled/set in nano to provide what I feel is an
|
||||||
|
easier editing experience especially for people coming from a Windows background
|
||||||
|
and new users/admins.
|
||||||
|
|
||||||
|
- 'rebind' numeric keypad to fix problems using keypad with some SSH clients
|
||||||
|
- set 'smart home' so home key is useful
|
||||||
|
- allow opening multiple files at once
|
||||||
|
- always display line numbers
|
||||||
|
- constantly display cursor position at the bottom of the screen
|
||||||
|
- set vim lock-files
|
||||||
|
- autoindent ON
|
||||||
|
- tab-size of 4 spaces
|
||||||
|
- convert tabs to spaces
|
||||||
|
- turn off hard line wrapping
|
||||||
|
- turn ON soft line wrapping for ease of readability
|
||||||
|
- closing 'brackets' (for alignment purposes) set as: "')>]}
|
||||||
|
- cut to end of line by default
|
||||||
|
- set proper bracket matching (ie. "<" matches ">", etc.)
|
||||||
|
- turned on default colours so nano doesn't look so drab
|
||||||
|
- added the following key-bindings
|
||||||
|
|
||||||
|
binding|function
|
||||||
|
---|---
|
||||||
|
alt-c/alt-C|copy selected text
|
||||||
|
alt-x/alt-X|cut selected text
|
||||||
|
alt-v/alt-V|paste text on clipboard
|
||||||
|
10
config/etc/skel/readme.md
Normal file
10
config/etc/skel/readme.md
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# /etc/skel: Included files
|
||||||
|
|
||||||
|
## bash.rc
|
||||||
|
|
||||||
|
This file is used to create a new user's *~/.bashrc*. The copy included here is
|
||||||
|
the Debian Stretch default file. Copying the default file resets all new users
|
||||||
|
to a baseline state and ensures they pull their initial custom settings from the
|
||||||
|
modified */etc/bash.bashrc* found in this archive. If you need to reset
|
||||||
|
existing users to a baseline configuration, have them copy this file to their
|
||||||
|
home directory.
|
38
config/etc/ssh/readme.md
Normal file
38
config/etc/ssh/readme.md
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
# /etc/ssh: Included files
|
||||||
|
|
||||||
|
## SSH server configuration (sshd_config)
|
||||||
|
|
||||||
|
This is a pretty basic SSH server setup with a few options initially commented
|
||||||
|
out for ease of setup. You should generate SSH Host Keys and enable the
|
||||||
|
relevant lines in the configuration. In addition, you should generate ssh
|
||||||
|
key-pairs for your users and then set both *PermitRootLogin* and
|
||||||
|
*PasswordAuthentication* to **no**.
|
||||||
|
|
||||||
|
The default configuration included here will:
|
||||||
|
|
||||||
|
- listen on all configured interfaces
|
||||||
|
- **listen on non-standard port 222**
|
||||||
|
- permit root login
|
||||||
|
- permit passwords for authentication
|
||||||
|
|
||||||
|
The commented lines indicate the *recommended settings* and appear directly
|
||||||
|
before the setting currently enabled that should be changed (i.e. line removed
|
||||||
|
and replaced with the commented line above it).
|
||||||
|
|
||||||
|
Please see my post at [My Techie-Thoughts](https://mytechiethoughts.com/<post_address) for detailed
|
||||||
|
instructions on setting up a secure SSH server.
|
||||||
|
|
||||||
|
## Banner file (banner)
|
||||||
|
|
||||||
|
This is a sample file that can be displayed upon successful authentication to
|
||||||
|
your server via SSH. It is included only as an example and does not need to be
|
||||||
|
used. You can delete/change/replace it freely. It is referenced in the
|
||||||
|
*sshd_config* on the line that reads:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
#Banner /etc/ssh/banner
|
||||||
|
```
|
||||||
|
|
||||||
|
If you want to use the banner file, edit it as desired then uncomment this line
|
||||||
|
in your *sshd_config*. If you do not want a banner displayed, simply leave this
|
||||||
|
line commented (as-is) in your configuration.
|
31
config/etc/systemd/readme.md
Normal file
31
config/etc/systemd/readme.md
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
# /etc/systemd: Included files
|
||||||
|
|
||||||
|
## Time synchronization settings (timesyncd.conf)
|
||||||
|
|
||||||
|
This file configures the *systemd-timesyncd.service* and allows for a very
|
||||||
|
simple NTP-sync setup. Edit the **NTP=** line with a space-delimited list of
|
||||||
|
your desired timeservers. In the event those timeservers are not available, you
|
||||||
|
can configure backup servers by listing them on the **FallbackNTP=** line, again
|
||||||
|
space delimited.
|
||||||
|
|
||||||
|
I've set the defaults in this file to be the worldwide NTP.org servers. This
|
||||||
|
should work for pretty much anyone that uses this file, but you *really should*
|
||||||
|
customize the list to use geographically closer timeservers (check out the list
|
||||||
|
[here](http://support.ntp.org/bin/view/Servers/NTPPoolServers)) or the
|
||||||
|
timeserver on your LAN, etc.
|
||||||
|
|
||||||
|
When you're done editing this file, make sure you restart the *timesyncd
|
||||||
|
service* and check it's status to verify it is now using one of your defined NTP
|
||||||
|
servers.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
systemctl restart systemd-timesyncd.service && systemctl status systemd-timesyncd.service
|
||||||
|
```
|
||||||
|
|
||||||
|
Finally, you can confirm things are working properly by running timedatectl.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
timedatectl
|
||||||
|
```
|
||||||
|
|
||||||
|
You should see the correct time listed and *NTP synchronized: yes*.
|
@ -1,3 +1,9 @@
|
|||||||
Changes/additions in the /root folder.
|
# /root: Included files
|
||||||
=
|
|
||||||
- default .bashrc (for reference or to return to default state)
|
## bash.rc
|
||||||
|
|
||||||
|
The copy included here is the Debian Stretch default file for the **ROOT user**.
|
||||||
|
Copying the default file resets the root user's profile to a baseline state and
|
||||||
|
ensures they pull their initial custom settings from the modified
|
||||||
|
*/etc/bash.bashrc* found in this archive. If you ever need to reset your root
|
||||||
|
user's profile, simply copy this file.
|
Loading…
Reference in New Issue
Block a user