Last active
August 18, 2023 18:23
-
-
Save jult/6c993bf5ff5c5a41b3b44fd61cea41a8 to your computer and use it in GitHub Desktop.
debian 12 bookworm minimal install base with webmin csf ( was: handy linux server admin stuff )
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt install rsyslog curl wget mc gpg htop multitail chrony nginx php-fpm rsync php-sqlite3 dnsutils unzip libio-socket-ssl-perl libcrypt-ssleay-perl git perl iptables libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl ipset libwww-perl lsb-release bash debhelper apt-transport-https rsync ssh openssh-server git autoconf automake libtool build-essential flex bison software-properties-common dirmngr sudo | |
| curl -sSL https://install.pi-hole.net | bash | |
| apt install unbound | |
| wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints | |
| ss -lnptu | grep 53 | |
| systemctl disable systemd-resolved --now | |
| systemctl restart chrony | |
| # chronyc sources | |
| # chronyc tracking | |
| # chronyc sourcestats | |
| # chronyc makestep | |
| echo 'deb http://download.opensuse.org/repositories/home:/stelas/Debian_11/ /' | sudo tee /etc/apt/sources.list.d/home:stelas.list | |
| curl -fsSL https://download.opensuse.org/repositories/home:stelas/Debian_11/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stelas.gpg > /dev/null | |
| apt install gclog | |
| journalctl -t gclog | |
| I got gclog starting at boot using a homemade systemd service calling a shell script | |
| (this is handy info for all of us wanting to boot an old init.d script or any other standalone executable that needs to run separate from systemd using its own startup routines) ; | |
| https://github.com/stelas/GCLog/issues/5#issuecomment-1670332493 | |
| systemctl status unbound | |
| pihole restartdns | |
| pihole -t | |
| openssl dhparam -dsaparam -out /etc/ssl/dh4096.pem 4096 | |
| nginx -t | |
| nginx -s reload | |
| update-grub | |
| /etc/init.d/gclogd start | |
| dmesg | |
| lsmod | |
| lsusb | |
| wget -qO - http://www.webmin.com/jcameron-key.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/jcameron-key.gpg | |
| sh -c 'echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list' | |
| apt update -y && apt upgrade -y && apt autoclean -y && apt autoremove -y | |
| apt install webmin | |
| wget http://download.configserver.com/csf.tgz | |
| tar -xvzf csf.tgz | |
| cd csf | |
| bash install.sh | |
| ./csftest.pl | |
| csf -e | |
| csf -ra | |
| rm -f /etc/apparmor.d/force-complain/usr.sbin.unbound | |
| apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.unbound | |
| - Move out Bluetooth and other unused crap: | |
| touch /etc/modprobe.d/blacklist.conf | |
| lspci -v | |
| update-initramfs -u | |
| apt purge apparmor | |
| - traceroute on linux; | |
| allow outgoing UDP ports 33434:33523 | |
| - stuff to run at startup, replacing rc.local with the systemd can of worms; | |
| # touch /lib/systemd/system/startup.service | |
| content: | |
| [Unit] | |
| Description=Startup Script | |
| [Service] | |
| ExecStart=/path_to_your/startup.sh | |
| [Install] | |
| WantedBy=multi-user.target | |
| # systemctl enable startup.service --now | |
| - the times cronjobs were failing in my 30 years managing linux are so numerous, I don't get why they still use syslog by default, so uncomment; | |
| cron.* /var/log/cron.log | |
| in /etc/rsyslog.conf ! | |
| and then in /etc/default/cron do: | |
| EXTRA_OPTS="-L 0" | |
| and then # systemctl restart rsyslog cron |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment