Linux Systems Setup

General (Debian)

# As root
 
sudo apt update && sudo apt upgrade -y
 
sudo apt install unattended-upgrades # configure auto-updates for long-term sys
sudo dpkg-reconfigure --priority=low unattended-upgrades
 
sudo apt install openssh-server # if cannot ssh into system
sudo apt install sudo vim bat curl ripgrep htop nmap # choose based on needs
 
sudo adduser USER
sudo usermod -aG sudo USER
 
logout
 
# From remote:
ssh-copy-id -i ~/.ssh/id_rsa USER@SERVER
ssh USER@SERVER # Confirm no password asked
 
grep ". ~/.bash_aliases" .bashrc # If present, proceed, else edit .bashrc
cat >> ~/.bash_aliases
###
alias ls='ls -F --color'
alias ll='ls -l'
alias l='ls -lh'
alias la='ls -A'
alias lla='ls -lA'
 
alias rm='rm -d'
alias bat="batcat"
alias cat='bat -p --paging=never'
alias less='bat -p --paging=always'
 
alias cpp="rsync -ah --progress"
cdd() { cd "$1" && echo "[[ $PWD ]]" && l | tail +2; }
mvv() { mv "$1" "$2" && cdd "$2"; }
mkk() { mkdir "$1" && cdd "$1"; }
 
alias gst='git status'
alias gll='git log --graph'
alias gcam='git add -A && git commit -vm'
 
alias sudo='sudo ' # trick for aliases to work with sudo
###
 
cat >> .inputrc
###
"\e[A": history-search-backward
"\e[B": history-search-forward
"\C-v": "\C-w\C-y\C-y"
###
 
# Additional security
 
sudo passwd -l root # disable root login / su
 
ssh-keygen -t ed25519 # Create identity if needed
 
sudo vim /etc/ssh/sshd_config # Strengthen SSH (once key-login confirmed!)
###
PasswordAuthentication no # edit
ChallengeResponseAuthentication no # add
###
sudo systemctl restart ssh

Security

For further security for systems exposed to the world, consider setting up UFW and fail2ban.

UFW

Note: not compatible with Docker.

sudo apt install ufw
sudo ufw default deny incoming && sudo ufw default allow outgoing
sudo ufw allow ssh # && sudo ufw allow 51820/udp etc
sudo ufw enable && sudo ufw status

vim setup

For systems where files are edited often.

mkdir -p ~/.vim/{swap,backups,undo}
mv ~/.viminfo ~/.vim/
cat > ~/.vimrc

set mouse=a             " Enable mouse support in all modes
 
set ssop-=options	    " Don't save options and mappings in sessions
set ssop-=folds		    " Don't save folds in sessions
 
set ignorecase          " Case-insensitive search
set smartcase 		    " Use \C for force case-sensitivness when searching all lower-case
 
set tabstop=4           " Tab key width
set shiftwidth=4        " Indentation width
set softtabstop=4       " Backspace deletes X spaces
set autoindent          " Copy indentation from previous line
 
set incsearch           " Show search matches while typing
set hlsearch            " Highlight search matches
 
set scrolloff=4         " Keep 4 lines visible above/below cursor
 
set undofile            " Enable persistent undo
set undolevels=1000		" Maximum undo changes
set undoreload=10000	" Maximum lines for undo on reload
 
set switchbuf=useopen   " Reuse existing windows when switching to a buffer
 
set viminfo+=n~/.vim/viminfo
set directory=~/.vim/swap//
set backupdir=~/.vim/backups//
set undodir=~/.vim/undo//
 
set number relativenumber
set colorcolumn=101
highlight LineNr ctermfg=darkgrey
highlight ColorColumn ctermbg=black guibg=black
 
filetype on
syntax on
 
let mapleader = " "     " Set spacebar as the leader key for custom mappings
 
" Shift-Tab unindents in insert mode
inoremap <S-Tab> <C-D>
 
" NERDtree like setup for netrw
let g:netrw_banner = 0
let g:netrw_liststyle = 3
let g:netrw_browse_split = 4
let g:netrw_altv = 1
let g:netrw_winsize = 25

Network Interfaces Setup

Below are instructions to configure a manual network interface. But in most cases, simply reserving a static DHCP lease on the DHCP server should be enough.

Traditional Debian-style

ip a or ifconfig to see existing interface names.

Add/edit an interface in /etc/network/interfaces:

allow-hotplug INTERFACE
iface INTERFACE inet dhcp

Or static:

allow-hotplug INTERFACE
iface INTERFACE inet static
	address 192.168.137.13
	netmask 255.255.255.0
	gateway 192.168.137.1

where INTERFACE is something like enp6s18, eth0, etc.

And check that /etc/resolv.conf contains for example one of:

nameserver 192.168.137.1
nameserver 192.168.137.10

Network Manager

To create static connections:

sudo nmcli connection show

# Create a new static connection on ETH0
sudo nmcli con add type ethernet con-name "Static Ethernet" ifname eth0 ip4 192.168.1.102/24 gw4 192.168.1.1 ipv4.dns "192.168.1.98, 192.168.1.101"

# Make new connection the default for ETH0
sudo nmcli connection modify "Old Connection Name" connection.autoconnect no
sudo nmcli connection modify "Static Ethernet" connection.autoconnect yes

sudo reboot # or, but will loose SSH connection:
nmcli connection down "Old Connection Name"
nmcli connection up "Static Ethernet"