Setting up a Debian box

2010 03 02

I recently bought a Linode virtual server, and in the course of setting it up I realized I have a pretty by-rote series of things I like to do to any new Linux (Debian) machine.

First, it’s important to grab any/all security updates, as specified by the Linode Getting Started guide

# apt-get upgrade
# apt-get upgrade --show-upgraded

You don’t want to really ever log in as root, so make sure your user account (created via adduser) can do superuser things via apt-get install sudo and editing /etc/sudoers.

# User privilege specification
root    ALL=(ALL) ALL
foobar  ALL=(ALL) ALL

Then, I like to tweak sshd a bit, by editing /etc/sshd/sshd_config. Most importantly, I make sure root login is disabled. Also, I try to prevent my connection from timing out while sitting idle (super annoying!).

PermitRootLogin no

ClientAliveInterval 600
ClientAliveCountMax 10

Then bounce sshd via /etc/init.d/ssh restart.

That typically does it for initial system config. I usually end up installing Squid as a general-purpose web proxy (surprisingly useful) via apt-get install squid, and in order for me to use it from the internet at large there is a bit in the config that I normally have to dig around for.

# http_access allow localnet
http_access allow all # allow all IPs to use the proxy

# And finally deny all other access to this proxy
#http_access deny all # make sure this is commented out

There’s a fun little shell script you can write to help automate the blocking of malicious IPs. Edit /etc/network/interfaces and make sure at the bottom there’s the following line:

post-up iptables-restore /etc/network/

Then, you can use this shell script:


if [ "$1" == "" ] ; then
	echo "Usage: $0 <ip-address>"

sudo iptables -I INPUT -s $1 -j DROP
sudo bash -c "iptables-save &gt; /etc/network/"

Beyond that, there are a number of packages I like to have, but installing them is an easy apt-get install X away.

sudo apt-get install g++ python2.5 git-core mercurial subversion screen nmap