basic server packages:
apt-get install rsyslog ipset iptables mc tmux screen htop bash-completion rsync iptraf ifstat sysstat \ munin-node apt-show-versions apt-file apt-utils apt-transport-https dselect aptitude iproute2 \ tcpdump rcconf tzdata traceroute tar less lftp locales ntpdate fail2ban logrotate \ etckeeper rsync bzip2 gzip zip unzip p7zip-full zutils iputils-ping whois strace nmap \ nload vnstat wget curl telnet dnsutils keychain colortail cpufrequtils curl lftp \ bridge-utils btrfs-progs bzip2 ncdu openssh-server p7zip-full xz-utils \ whois procps psmisc sshfs rkhunter chkrootkit smartmontools tinc lsyncd \ monit ssmtp
Remove exim (logwatch pulls it in):
apt remove --purge exim4-base exim4-config exim4-daemon-light
basic WEBserver packages - jessie - nginx, php-fpm, mariadb:
apt-get install imagemagick-common mariadb-server nginx-common nginx-extras ntpdate openssh-server openssh-sftp-server php5 php5-apcu php5-curl php5-fpm php5-gd php5-imagick php5-imap php5-json php5-intl php5-mcrypt php5-memcache php5-memcached php5-mysqlnd php5-pspell php5-readline php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl rdiff-backup tcpdump xtrabackup webalizer ssmtp
basic MAILserver packages - jessie - courier, courier-mlm, spamassi:
apt-get install clamassassin ca-certificates clamav clamav-freshclam courier-authdaemon courier-authlib courier-authlib-userdb courier-base courier-imap courier-imap-ssl courier-maildrop courier-mlm courier-mta courier-mta-ssl courier-pop courier-pop-ssl courier-pythonfilter courier-ssl courier-webadmin spamc spamassassin
setup tasks:
This is a good manual for upgrading debian: https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.de.html
udev (t)errors udev makes a lot of noise, if the kernel is not upgraded before the udev upgrade. the new kernel cannot be installed at that point to. the only way to fix it, is:
touch /etc/udev/kernel-upgrade
After that, udev upgrade works and a fresh kernel can be installed (e.g. apt-get install linux-image-3.16.0-4-686-pae). Upgrade the kernel before reboot
TODO
Add Backports-Repo:
printf "%s\n" "deb http://ftp.de.debian.org/debian buster-backports main contrib non-free" | \ tee /etc/apt/sources.list.d/buster-backports.list
Install monit:
apt update apt install -t buster-backports monit
TODO replace by msmtp
TODO
apt-get install sysvinit-core sysvinit-utils apt-get remove --purge --auto-remove systemd echo -e 'Package: systemd\nPin: release *\nPin-Priority: -1' > /etc/apt/preferences.d/systemd echo -e '\n\nPackage: *systemd*\nPin: release *\nPin-Priority: -1' >> /etc/apt/preferences.d/systemd