User Tools

Site Tools




Debian Server Install

basic server packages:

apt-get install rsyslog ipset iptables mc tmux screen htop bash-completion rsync iptraf ifstat sysstat \
munin-node apt-show-versions apt-file apt-utils apt-transport-https dselect aptitude iproute2 \
tcpdump rcconf tzdata traceroute tar less lftp locales ntpdate fail2ban logrotate \
etckeeper rsync bzip2 gzip zip unzip p7zip-full zutils iputils-ping whois strace nmap \
nload vnstat wget curl telnet dnsutils keychain colortail cpufrequtils curl lftp \
bridge-utils btrfs-progs bzip2 ncdu openssh-server p7zip-full xz-utils \
whois procps psmisc sshfs rkhunter chkrootkit smartmontools 
tinc lsyncd \
monit ssmtp

Remove exim (logwatch pulls it in):

apt remove --purge exim4-base exim4-config exim4-daemon-light  

basic WEBserver packages - jessie - nginx, php-fpm, mariadb:

apt-get install imagemagick-common mariadb-server nginx-common nginx-extras ntpdate openssh-server openssh-sftp-server php5 
php5-apcu php5-curl php5-fpm php5-gd php5-imagick php5-imap php5-json php5-intl php5-mcrypt php5-memcache php5-memcached 
php5-mysqlnd php5-pspell php5-readline php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl rdiff-backup tcpdump 
xtrabackup webalizer ssmtp

basic MAILserver packages - jessie - courier, courier-mlm, spamassi:

apt-get install clamassassin ca-certificates clamav clamav-freshclam courier-authdaemon courier-authlib 
courier-authlib-userdb courier-base courier-imap courier-imap-ssl courier-maildrop courier-mlm courier-mta courier-mta-ssl 
courier-pop courier-pop-ssl courier-pythonfilter courier-ssl courier-webadmin spamc spamassassin 

setup tasks:

  • networking
  • firewall
  • /etc/sshd_config
  • authorized_keys
  • rsync etc from somewhere (at least new packages)
  • rsync data
  • munin
  • monit
  • fail2ban
  • install new kernel from backports - jessie is tooo old! (3.16)


Wheezy -> Jessie Upgrade

udev (t)errors udev makes a lot of noise, if the kernel is not upgraded before the udev upgrade. the new kernel cannot be installed at that point to. the only way to fix it, is:

touch /etc/udev/kernel-upgrade

After that, udev upgrade works and a fresh kernel can be installed (e.g. apt-get install linux-image-3.16.0-4-686-pae). Upgrade the kernel before reboot

Jessie -> Stretch Upgrade


Stretch -> Buster Upgrade

monit missing

Add Backports-Repo:

printf "%s\n" "deb buster-backports main contrib non-free" | \
tee /etc/apt/sources.list.d/buster-backports.list

Install monit:

apt update
apt install -t buster-backports monit

ssmtp missing

TODO replace by msmtp

fail2ban Config Changes


Remove systemd

apt-get install sysvinit-core sysvinit-utils
apt-get remove --purge --auto-remove systemd
echo -e 'Package: systemd\nPin: release *\nPin-Priority: -1' > /etc/apt/preferences.d/systemd
echo -e '\n\nPackage: *systemd*\nPin: release *\nPin-Priority: -1' >> /etc/apt/preferences.d/systemd
linux/debian_install.txt · Last modified: 2020/06/09 23:07 by tkilla