Compare commits

...

10 Commits

Author SHA1 Message Date
Asif Bacchus
07a996361a updated and proofread readme 2019-01-09 04:43:27 -07:00
Asif Bacchus
3d0a53279c updated and proofread readme 2019-01-09 04:34:13 -07:00
Asif Bacchus
8fcdc8bcaf updated with ntp.org main list page and proofread 2019-01-09 04:28:52 -07:00
Asif Bacchus
0b9eb84ca1 updated and proofread 2019-01-09 04:23:23 -07:00
Asif Bacchus
9332ec97ae updated readme 2019-01-09 04:17:35 -07:00
Asif Bacchus
a19f626e2b updated /etc/ssh readme 2019-01-09 04:04:18 -07:00
Asif Bacchus
ef9ba96918 updated /etc/systemd readme 2019-01-09 03:54:47 -07:00
Asif Bacchus
a387df5147 updated /etc readme 2019-01-09 03:48:22 -07:00
Asif Bacchus
563f8f058d added /root readme 2019-01-09 03:43:08 -07:00
Asif Bacchus
991319bfde added /etc/skel readme 2019-01-09 03:40:49 -07:00
6 changed files with 200 additions and 92 deletions

120
README.md
View File

@ -6,85 +6,79 @@ something else like a webserver, git-server, cloud platform, programming
workstation, etc. Therefore, only a few core files applicable to nearly every
conceivable installation are included here.
This archive and included script are meant to supplement my article on setting
up a Debian base-system found at my blog: [My
Techie-Thoughts](https://mytechiethoughts.com/<post_address>)
## Included files
### bash template files
Please refer to the `readme.md` in each subdirectory for a list and description of
each included file.
#### bash.rc
## The script file (customize.sh)
Included are *.bashrc* files for both new users (in the */etc/skel/* directory)
and the root user. These files are the Debian default files. They are included
and copied so that user profiles start out at baseline settings and pull all
initial customizations from */etc/bash.bashrc*. Users are free to alter their
*.bashrc* as they see fit and those settings will override or add to the ones
I've included in */etc/bash.bashrc*
The included script file copies all the files in this archive to the proper
locations on a default Debian Stretch system. It makes backups of your existing
files in-place with the extension *.original*. This simply saves you time and
possible errors copying the files manually. The structure of this archive
exactly mirrors a default Debian installation, so you can use that as a guide if
you choose not to use the script.
#### profile
### Running the script
This is the Debian default *profile* and is copied to */etc/profile* to return
the system to a baseline configuration. Again, this is done to ensure that only
*/etc/bash.bashrc* is providing initial customizations to users.
Please note you must either make the script executable or call it explicitly via
BASH. In the latter case, you'd run the script as follows:
#### bash.bashrc
```bash
/bin/bash ./customize.sh
```
Of the bash customization files, this is the only one that is NOT in a default
configuration. I have added the following customizations I find useful
especially for new users and system admins:
If you want to make the script executable:
- colourized directory listings with built-in automatic colour settings
- changed prompt to include 24-hour clock, username, hostname and current
directory display
- username changes to RED when working as ROOT (uid=0)
- added the following command aliases
```bash
chmod +x customize.sh
./customize.sh
```
alias|full command|explanation
---|---|---
ll|ls -l|default 'ls' output
l|ls -lAsh --group-directories-first|far more useful and robust file display including sizes, permissions and owners
rm|rm -i|confirmation prompt when deleting file
mv|mv -i|confirmation prompt when moving file would result in overwriting existing file
cp|cp -i|confirmation prompt when copying file would result in overwriting existing file
Due to location of the files being replaced, **you MUST run this script as ROOT**
(the script will exit if you run as a different user) or run it via sudo like
this (assuming you made it executable):
### nano defaults (nanorc)
```bash
sudo ./customize.sh
```
The following options have been enabled/set in nano to provide what I feel is an
easier editing experience especially for people coming from a Windows background
and new users/admins.
### Passing a custom path to the script
- 'rebind' numeric keypad to fix problems with using keypad with some SSH clients
- set 'smart home' some home key is useful
- allow opening multiple files at once
- always display line numbers
- constantly display cursor position at the bottom of the screen
- set vim lock-files
- autoindent ON, tab-size of 4 spaces
- convert tabs to spaces
- turn off hard line wrapping
- turn ON soft line wrapping for ease of readability
- closing 'brackets' (for alignment purposes) set as: "')>]}
- cut to end of line by default
- set proper bracket matching (ie. "<" matches ">", etc.)
- turned on default colours so nano doesn't look so drab
- added the following key-bindings
If you want to test out the script before having it update your actual system
configuration, you can supply an alternate destination path. This is referred
to as a 'Base Path' by the script and it will show a warning if this option is
used. Please note, your 'Base Path' MUST have the same directory structure as
an actual system. The expected directories must already exist or the script
will just throw errors and not actually copy files.
binding|fuction
---|---
alt-c/alt-C|copy selected text
alt-x/alt-X|cut selected text
alt-v/alt-V|paste text on clipboard
Let's assume you wanted to test the script and copy files to */testdir*. You
would do the following to prepare the directory with the expected structure:
### time syncronization settings (timesyncd.conf)
```bash
mkdir -p /testdir/root
mkdir -p /testdir/etc/{skel,ssh,systemd}
```
This file configures *systemd-timesyncd.service* and allows for very simple
NTP-sync setup. Simply edit the **NTP=* to list your desired timeservers,
each separated by a single space. In the event those timeservers are not
available, you can configure back servers by listing them on the
**FallbackNTP=** line, again space delimited.
Then you could invoke the script as follows (assuming you made it executable as
described above):
I've set the default in this file to be the worldwide NTP.org servers. This
should work for pretty much anyone that uses this file, but you really should
customize the list to use geographically closer timeservers or the timeserver on
your LAN, etc.
```bash
./customize.sh /testdir
```
### SSH server configuration (sshd_config)
The script would then copy all files into */testdir* while mirroring the
structure of a live system beneath that. Again, this is useful only for testing
and will NOT update your actual system!
## Final thoughts
Hopefully this saves you some time and helps you standard your new system setups
with a few useful defaults. As always, if you have suggestions or want to leave
feedback for me, please do so on my [blog
post](https://mytechiethoughts.com/<post_address>) related to this script!

View File

@ -1,29 +1,58 @@
Configuration files and/or changes to default config files in /etc/
=
# /etc: Included files
- Setup timesyncd for NTP syncing (using systemd, not ntp package)
- set to use global pool.ntp.org, you should change this!
- verify timesyncd is working with 'timedatectl' command
Three files are updated in the */etc* folder.
- Setup nano with helpful configurations both locally and via SSH
- rebind number lock
- constant show cursor position at bottom of screen
- constant show line numbers on the left
- added shortcuts for cut, copy, paste using alt-x,c,v respectively
- enable multi-buffer for concurrent open files
- cut to end-of-line
- bracket and quote matching
- tabs converted to spaces, tab = 4 spaces
- activate default colourization
## BASH default profile (profile)
- Colourize prompt
- red username for root user or shell accessed as root (su, sudo -s, etc.)
- green username for regular users
- display time and full path
This is the Debian Stretch default *profile* and is copied to */etc/profile* to
return accounts to a baseline configuration. Again, this is done to ensure that
only */etc/bash.bashrc* is providing initial customizations to users.
- Setup SSH server
- use non-standard port 222
- use host-keys (RSA and ED25519 - you need to generate these!)
- display a banner on sucessful connection
- do not allow root login
- require keyfile authentication (disable password authentication)
## Default BASH settings (bash.bashrc)
Of the bash customization files, this is the only one that is NOT in a default
configuration. I have added the following customizations I find useful
especially for new users and system admins:
- colourized directory listings with built-in automatic colour settings
- changed prompt to include 24-hour clock, username, hostname and current
directory display
- username changes to RED when working as ROOT (uid=0)
- added the following command aliases
alias|full command|explanation
---|---|---
ll|ls -l|default 'ls' output
l|ls -lAsh --group-directories-first|far more useful and robust file display including sizes, permissions and owners
rm|rm -i|confirmation prompt when deleting file
mv|mv -i|confirmation prompt when moving file would result in overwriting existing file
cp|cp -i|confirmation prompt when copying file would result in overwriting existing file
## nano defaults (nanorc)
The following options have been enabled/set in nano to provide what I feel is an
easier editing experience especially for people coming from a Windows background
and new users/admins.
- 'rebind' numeric keypad to fix problems using keypad with some SSH clients
- set 'smart home' so home key is useful
- allow opening multiple files at once
- always display line numbers
- constantly display cursor position at the bottom of the screen
- set vim lock-files
- autoindent ON
- tab-size of 4 spaces
- convert tabs to spaces
- turn off hard line wrapping
- turn ON soft line wrapping for ease of readability
- closing 'brackets' (for alignment purposes) set as: "')>]}
- cut to end of line by default
- set proper bracket matching (ie. "<" matches ">", etc.)
- turned on default colours so nano doesn't look so drab
- added the following key-bindings
binding|function
---|---
alt-c/alt-C|copy selected text
alt-x/alt-X|cut selected text
alt-v/alt-V|paste text on clipboard

10
config/etc/skel/readme.md Normal file
View File

@ -0,0 +1,10 @@
# /etc/skel: Included files
## bash.rc
This file is used to create a new user's *~/.bashrc*. The copy included here is
the Debian Stretch default file. Copying the default file resets all new users
to a baseline state and ensures they pull their initial custom settings from the
modified */etc/bash.bashrc* found in this archive. If you need to reset
existing users to a baseline configuration, have them copy this file to their
home directory.

38
config/etc/ssh/readme.md Normal file
View File

@ -0,0 +1,38 @@
# /etc/ssh: Included files
## SSH server configuration (sshd_config)
This is a pretty basic SSH server setup with a few options initially commented
out for ease of setup. You should generate SSH Host Keys and enable the
relevant lines in the configuration. In addition, you should generate ssh
key-pairs for your users and then set both *PermitRootLogin* and
*PasswordAuthentication* to **no**.
The default configuration included here will:
- listen on all configured interfaces
- **listen on non-standard port 222**
- permit root login
- permit passwords for authentication
The commented lines indicate the *recommended settings* and appear directly
before the setting currently enabled that should be changed (i.e. line removed
and replaced with the commented line above it).
Please see my post at [My Techie-Thoughts](https://mytechiethoughts.com/<post_address) for detailed
instructions on setting up a secure SSH server.
## Banner file (banner)
This is a sample file that can be displayed upon successful authentication to
your server via SSH. It is included only as an example and does not need to be
used. You can delete/change/replace it freely. It is referenced in the
*sshd_config* on the line that reads:
```ini
#Banner /etc/ssh/banner
```
If you want to use the banner file, edit it as desired then uncomment this line
in your *sshd_config*. If you do not want a banner displayed, simply leave this
line commented (as-is) in your configuration.

View File

@ -0,0 +1,31 @@
# /etc/systemd: Included files
## Time synchronization settings (timesyncd.conf)
This file configures the *systemd-timesyncd.service* and allows for a very
simple NTP-sync setup. Edit the **NTP=** line with a space-delimited list of
your desired timeservers. In the event those timeservers are not available, you
can configure backup servers by listing them on the **FallbackNTP=** line, again
space delimited.
I've set the defaults in this file to be the worldwide NTP.org servers. This
should work for pretty much anyone that uses this file, but you *really should*
customize the list to use geographically closer timeservers (check out the list
[here](http://support.ntp.org/bin/view/Servers/NTPPoolServers)) or the
timeserver on your LAN, etc.
When you're done editing this file, make sure you restart the *timesyncd
service* and check it's status to verify it is now using one of your defined NTP
servers.
```bash
systemctl restart systemd-timesyncd.service && systemctl status systemd-timesyncd.service
```
Finally, you can confirm things are working properly by running timedatectl.
```bash
timedatectl
```
You should see the correct time listed and *NTP synchronized: yes*.

View File

@ -1,3 +1,9 @@
Changes/additions in the /root folder.
=
- default .bashrc (for reference or to return to default state)
# /root: Included files
## bash.rc
The copy included here is the Debian Stretch default file for the **ROOT user**.
Copying the default file resets the root user's profile to a baseline state and
ensures they pull their initial custom settings from the modified
*/etc/bash.bashrc* found in this archive. If you ever need to reset your root
user's profile, simply copy this file.