debian install base handy linux server admin stuff

handy.txt

# restart all php-fpm services
systemctl list-units --type=service --all | grep php.*-fpm | awk '{print $1}' | xargs sudo systemctl restart

# reload all php-fpm services
systemctl list-units --type=service --all | grep php.*-fpm | awk '{print $1}' | xargs sudo systemctl reload

# status all php-fpm services
systemctl list-units --type=service --all | grep php.*-fpm | awk '{print $1}' | xargs sudo systemctl status



apt install rsyslog curl wget mc gpg htop multitail chrony nginx php-fpm rsync php-sqlite3 dnsutils unzip libio-socket-ssl-perl libcrypt-ssleay-perl git perl iptables libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl ipset libwww-perl lsb-release  bash debhelper apt-transport-https rsync ssh openssh-server git autoconf automake libtool build-essential flex bison software-properties-common dirmngr sudo

curl -sSL https://install.pi-hole.net | bash

apt install unbound

wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints

ss -lnptu | grep 53

systemctl disable systemd-resolved --now

systemctl restart chrony
# chronyc sources
# chronyc tracking
# chronyc sourcestats
# chronyc makestep


echo 'deb http://download.opensuse.org/repositories/home:/stelas/Debian_11/ /' | sudo tee /etc/apt/sources.list.d/home:stelas.list
curl -fsSL https://download.opensuse.org/repositories/home:stelas/Debian_11/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stelas.gpg > /dev/null
apt install gclog
journalctl -t gclog

I got gclog starting at boot using a homemade systemd service calling a shell script
(this is handy info for all of us wanting to boot an old init.d script or any other standalone executable that needs to run separate from systemd using its own startup routines) ;
https://github.com/stelas/GCLog/issues/5#issuecomment-1670332493

systemctl status unbound

pihole restartdns
pihole -t

openssl dhparam -dsaparam -out /etc/ssl/dh4096.pem 4096

nginx -t
nginx -s reload

update-grub

/etc/init.d/gclogd start

dmesg
lsmod
lsusb

wget -qO - http://www.webmin.com/jcameron-key.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/jcameron-key.gpg
sh -c 'echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list'

apt update -y && apt upgrade -y && apt autoclean -y && apt autoremove -y

apt install webmin

wget http://download.configserver.com/csf.tgz
tar -xvzf csf.tgz
cd csf
bash install.sh

./csftest.pl
csf -e
csf -ra

rm -f /etc/apparmor.d/force-complain/usr.sbin.unbound
apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.unbound

- Move out Bluetooth and other unused crap:


touch /etc/modprobe.d/blacklist.conf
lspci -v
update-initramfs -u

apt purge apparmor






- traceroute on linux;
allow outgoing UDP ports 33434:33523

- stuff to run at startup, replacing rc.local with the systemd can of worms;

# touch /lib/systemd/system/startup.service

content:

[Unit]
Description=Startup Script

[Service]
ExecStart=/path_to_your/startup.sh

[Install]
WantedBy=multi-user.target

# systemctl enable startup.service --now


- the times cronjobs were failing in my 30 years managing linux are so numerous, I don't get why they still use syslog by default, so uncomment;

cron.*                          /var/log/cron.log

in /etc/rsyslog.conf !

and then in /etc/default/cron do:

EXTRA_OPTS="-L 0"

and then # systemctl restart rsyslog cron