Compare commits

...

10 Commits

Author SHA1 Message Date
Asif Bacchus
07a996361a updated and proofread readme 2019-01-09 04:43:27 -07:00
Asif Bacchus
3d0a53279c updated and proofread readme 2019-01-09 04:34:13 -07:00
Asif Bacchus
8fcdc8bcaf updated with ntp.org main list page and proofread 2019-01-09 04:28:52 -07:00
Asif Bacchus
0b9eb84ca1 updated and proofread 2019-01-09 04:23:23 -07:00
Asif Bacchus
9332ec97ae updated readme 2019-01-09 04:17:35 -07:00
Asif Bacchus
a19f626e2b updated /etc/ssh readme 2019-01-09 04:04:18 -07:00
Asif Bacchus
ef9ba96918 updated /etc/systemd readme 2019-01-09 03:54:47 -07:00
Asif Bacchus
a387df5147 updated /etc readme 2019-01-09 03:48:22 -07:00
Asif Bacchus
563f8f058d added /root readme 2019-01-09 03:43:08 -07:00
Asif Bacchus
991319bfde added /etc/skel readme 2019-01-09 03:40:49 -07:00
6 changed files with 200 additions and 92 deletions

122
README.md
View File

@ -6,85 +6,79 @@ something else like a webserver, git-server, cloud platform, programming
workstation, etc. Therefore, only a few core files applicable to nearly every workstation, etc. Therefore, only a few core files applicable to nearly every
conceivable installation are included here. conceivable installation are included here.
This archive and included script are meant to supplement my article on setting
up a Debian base-system found at my blog: [My
Techie-Thoughts](https://mytechiethoughts.com/<post_address>)
## Included files ## Included files
### bash template files Please refer to the `readme.md` in each subdirectory for a list and description of
each included file.
#### bash.rc ## The script file (customize.sh)
Included are *.bashrc* files for both new users (in the */etc/skel/* directory) The included script file copies all the files in this archive to the proper
and the root user. These files are the Debian default files. They are included locations on a default Debian Stretch system. It makes backups of your existing
and copied so that user profiles start out at baseline settings and pull all files in-place with the extension *.original*. This simply saves you time and
initial customizations from */etc/bash.bashrc*. Users are free to alter their possible errors copying the files manually. The structure of this archive
*.bashrc* as they see fit and those settings will override or add to the ones exactly mirrors a default Debian installation, so you can use that as a guide if
I've included in */etc/bash.bashrc* you choose not to use the script.
#### profile ### Running the script
This is the Debian default *profile* and is copied to */etc/profile* to return Please note you must either make the script executable or call it explicitly via
the system to a baseline configuration. Again, this is done to ensure that only BASH. In the latter case, you'd run the script as follows:
*/etc/bash.bashrc* is providing initial customizations to users.
#### bash.bashrc ```bash
/bin/bash ./customize.sh
```
Of the bash customization files, this is the only one that is NOT in a default If you want to make the script executable:
configuration. I have added the following customizations I find useful
especially for new users and system admins:
- colourized directory listings with built-in automatic colour settings ```bash
- changed prompt to include 24-hour clock, username, hostname and current chmod +x customize.sh
directory display ./customize.sh
- username changes to RED when working as ROOT (uid=0) ```
- added the following command aliases
alias|full command|explanation
---|---|---
ll|ls -l|default 'ls' output
l|ls -lAsh --group-directories-first|far more useful and robust file display including sizes, permissions and owners
rm|rm -i|confirmation prompt when deleting file
mv|mv -i|confirmation prompt when moving file would result in overwriting existing file
cp|cp -i|confirmation prompt when copying file would result in overwriting existing file
### nano defaults (nanorc) Due to location of the files being replaced, **you MUST run this script as ROOT**
(the script will exit if you run as a different user) or run it via sudo like
this (assuming you made it executable):
The following options have been enabled/set in nano to provide what I feel is an ```bash
easier editing experience especially for people coming from a Windows background sudo ./customize.sh
and new users/admins. ```
- 'rebind' numeric keypad to fix problems with using keypad with some SSH clients ### Passing a custom path to the script
- set 'smart home' some home key is useful
- allow opening multiple files at once
- always display line numbers
- constantly display cursor position at the bottom of the screen
- set vim lock-files
- autoindent ON, tab-size of 4 spaces
- convert tabs to spaces
- turn off hard line wrapping
- turn ON soft line wrapping for ease of readability
- closing 'brackets' (for alignment purposes) set as: "')>]}
- cut to end of line by default
- set proper bracket matching (ie. "<" matches ">", etc.)
- turned on default colours so nano doesn't look so drab
- added the following key-bindings
binding|fuction If you want to test out the script before having it update your actual system
---|--- configuration, you can supply an alternate destination path. This is referred
alt-c/alt-C|copy selected text to as a 'Base Path' by the script and it will show a warning if this option is
alt-x/alt-X|cut selected text used. Please note, your 'Base Path' MUST have the same directory structure as
alt-v/alt-V|paste text on clipboard an actual system. The expected directories must already exist or the script
will just throw errors and not actually copy files.
### time syncronization settings (timesyncd.conf) Let's assume you wanted to test the script and copy files to */testdir*. You
would do the following to prepare the directory with the expected structure:
This file configures *systemd-timesyncd.service* and allows for very simple ```bash
NTP-sync setup. Simply edit the **NTP=* to list your desired timeservers, mkdir -p /testdir/root
each separated by a single space. In the event those timeservers are not mkdir -p /testdir/etc/{skel,ssh,systemd}
available, you can configure back servers by listing them on the ```
**FallbackNTP=** line, again space delimited.
I've set the default in this file to be the worldwide NTP.org servers. This Then you could invoke the script as follows (assuming you made it executable as
should work for pretty much anyone that uses this file, but you really should described above):
customize the list to use geographically closer timeservers or the timeserver on
your LAN, etc.
### SSH server configuration (sshd_config) ```bash
./customize.sh /testdir
```
The script would then copy all files into */testdir* while mirroring the
structure of a live system beneath that. Again, this is useful only for testing
and will NOT update your actual system!
## Final thoughts
Hopefully this saves you some time and helps you standard your new system setups
with a few useful defaults. As always, if you have suggestions or want to leave
feedback for me, please do so on my [blog
post](https://mytechiethoughts.com/<post_address>) related to this script!

View File

@ -1,29 +1,58 @@
Configuration files and/or changes to default config files in /etc/ # /etc: Included files
=
- Setup timesyncd for NTP syncing (using systemd, not ntp package) Three files are updated in the */etc* folder.
- set to use global pool.ntp.org, you should change this!
- verify timesyncd is working with 'timedatectl' command
- Setup nano with helpful configurations both locally and via SSH ## BASH default profile (profile)
- rebind number lock
- constant show cursor position at bottom of screen
- constant show line numbers on the left
- added shortcuts for cut, copy, paste using alt-x,c,v respectively
- enable multi-buffer for concurrent open files
- cut to end-of-line
- bracket and quote matching
- tabs converted to spaces, tab = 4 spaces
- activate default colourization
- Colourize prompt This is the Debian Stretch default *profile* and is copied to */etc/profile* to
- red username for root user or shell accessed as root (su, sudo -s, etc.) return accounts to a baseline configuration. Again, this is done to ensure that
- green username for regular users only */etc/bash.bashrc* is providing initial customizations to users.
- display time and full path
- Setup SSH server ## Default BASH settings (bash.bashrc)
- use non-standard port 222
- use host-keys (RSA and ED25519 - you need to generate these!) Of the bash customization files, this is the only one that is NOT in a default
- display a banner on sucessful connection configuration. I have added the following customizations I find useful
- do not allow root login especially for new users and system admins:
- require keyfile authentication (disable password authentication)
- colourized directory listings with built-in automatic colour settings
- changed prompt to include 24-hour clock, username, hostname and current
directory display
- username changes to RED when working as ROOT (uid=0)
- added the following command aliases
alias|full command|explanation
---|---|---
ll|ls -l|default 'ls' output
l|ls -lAsh --group-directories-first|far more useful and robust file display including sizes, permissions and owners
rm|rm -i|confirmation prompt when deleting file
mv|mv -i|confirmation prompt when moving file would result in overwriting existing file
cp|cp -i|confirmation prompt when copying file would result in overwriting existing file
## nano defaults (nanorc)
The following options have been enabled/set in nano to provide what I feel is an
easier editing experience especially for people coming from a Windows background
and new users/admins.
- 'rebind' numeric keypad to fix problems using keypad with some SSH clients
- set 'smart home' so home key is useful
- allow opening multiple files at once
- always display line numbers
- constantly display cursor position at the bottom of the screen
- set vim lock-files
- autoindent ON
- tab-size of 4 spaces
- convert tabs to spaces
- turn off hard line wrapping
- turn ON soft line wrapping for ease of readability
- closing 'brackets' (for alignment purposes) set as: "')>]}
- cut to end of line by default
- set proper bracket matching (ie. "<" matches ">", etc.)
- turned on default colours so nano doesn't look so drab
- added the following key-bindings
binding|function
---|---
alt-c/alt-C|copy selected text
alt-x/alt-X|cut selected text
alt-v/alt-V|paste text on clipboard

10
config/etc/skel/readme.md Normal file
View File

@ -0,0 +1,10 @@
# /etc/skel: Included files
## bash.rc
This file is used to create a new user's *~/.bashrc*. The copy included here is
the Debian Stretch default file. Copying the default file resets all new users
to a baseline state and ensures they pull their initial custom settings from the
modified */etc/bash.bashrc* found in this archive. If you need to reset
existing users to a baseline configuration, have them copy this file to their
home directory.

38
config/etc/ssh/readme.md Normal file
View File

@ -0,0 +1,38 @@
# /etc/ssh: Included files
## SSH server configuration (sshd_config)
This is a pretty basic SSH server setup with a few options initially commented
out for ease of setup. You should generate SSH Host Keys and enable the
relevant lines in the configuration. In addition, you should generate ssh
key-pairs for your users and then set both *PermitRootLogin* and
*PasswordAuthentication* to **no**.
The default configuration included here will:
- listen on all configured interfaces
- **listen on non-standard port 222**
- permit root login
- permit passwords for authentication
The commented lines indicate the *recommended settings* and appear directly
before the setting currently enabled that should be changed (i.e. line removed
and replaced with the commented line above it).
Please see my post at [My Techie-Thoughts](https://mytechiethoughts.com/<post_address) for detailed
instructions on setting up a secure SSH server.
## Banner file (banner)
This is a sample file that can be displayed upon successful authentication to
your server via SSH. It is included only as an example and does not need to be
used. You can delete/change/replace it freely. It is referenced in the
*sshd_config* on the line that reads:
```ini
#Banner /etc/ssh/banner
```
If you want to use the banner file, edit it as desired then uncomment this line
in your *sshd_config*. If you do not want a banner displayed, simply leave this
line commented (as-is) in your configuration.

View File

@ -0,0 +1,31 @@
# /etc/systemd: Included files
## Time synchronization settings (timesyncd.conf)
This file configures the *systemd-timesyncd.service* and allows for a very
simple NTP-sync setup. Edit the **NTP=** line with a space-delimited list of
your desired timeservers. In the event those timeservers are not available, you
can configure backup servers by listing them on the **FallbackNTP=** line, again
space delimited.
I've set the defaults in this file to be the worldwide NTP.org servers. This
should work for pretty much anyone that uses this file, but you *really should*
customize the list to use geographically closer timeservers (check out the list
[here](http://support.ntp.org/bin/view/Servers/NTPPoolServers)) or the
timeserver on your LAN, etc.
When you're done editing this file, make sure you restart the *timesyncd
service* and check it's status to verify it is now using one of your defined NTP
servers.
```bash
systemctl restart systemd-timesyncd.service && systemctl status systemd-timesyncd.service
```
Finally, you can confirm things are working properly by running timedatectl.
```bash
timedatectl
```
You should see the correct time listed and *NTP synchronized: yes*.

View File

@ -1,3 +1,9 @@
Changes/additions in the /root folder. # /root: Included files
=
- default .bashrc (for reference or to return to default state) ## bash.rc
The copy included here is the Debian Stretch default file for the **ROOT user**.
Copying the default file resets the root user's profile to a baseline state and
ensures they pull their initial custom settings from the modified
*/etc/bash.bashrc* found in this archive. If you ever need to reset your root
user's profile, simply copy this file.