====== Debian Server Install ======

\\

**basic server packages:**

  apt-get install rsyslog ipset iptables mc tmux screen htop bash-completion rsync iptraf ifstat sysstat \
  munin-node apt-show-versions apt-file apt-utils apt-transport-https dselect aptitude iproute2 \
  tcpdump rcconf tzdata traceroute tar less lftp locales ntpdate fail2ban logrotate \
  etckeeper rsync bzip2 gzip zip unzip p7zip-full zutils iputils-ping whois strace nmap \
  nload vnstat wget curl telnet dnsutils keychain colortail cpufrequtils curl lftp \
  bridge-utils btrfs-progs bzip2 ncdu openssh-server p7zip-full xz-utils \
  whois procps psmisc sshfs rkhunter chkrootkit smartmontools 
  tinc lsyncd \
  monit ssmtp

Remove exim (logwatch pulls it in):

  apt remove --purge exim4-base exim4-config exim4-daemon-light  

**basic WEBserver packages - jessie - nginx, php-fpm, mariadb:**

  apt-get install imagemagick-common mariadb-server nginx-common nginx-extras ntpdate openssh-server openssh-sftp-server php5 
  php5-apcu php5-curl php5-fpm php5-gd php5-imagick php5-imap php5-json php5-intl php5-mcrypt php5-memcache php5-memcached 
  php5-mysqlnd php5-pspell php5-readline php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl rdiff-backup tcpdump 
  xtrabackup webalizer ssmtp

**basic MAILserver packages - jessie - courier, courier-mlm, spamassi:**

  apt-get install clamassassin ca-certificates clamav clamav-freshclam courier-authdaemon courier-authlib 
  courier-authlib-userdb courier-base courier-imap courier-imap-ssl courier-maildrop courier-mlm courier-mta courier-mta-ssl 
  courier-pop courier-pop-ssl courier-pythonfilter courier-ssl courier-webadmin spamc spamassassin 


\\
**setup tasks:**

  * networking
  * firewall
  * /etc/sshd_config
  * authorized_keys
  * rsync etc from somewhere (at least new packages)
  * rsync data
  * munin
  * monit
  * fail2ban
  * **install new kernel from backports - jessie is tooo old!**  (3.16)


====== Upgrades ======

This is a good manual for upgrading debian: https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.de.html


===== Wheezy -> Jessie Upgrade =====

**udev (t)errors**
udev makes a lot of noise, if the kernel is not upgraded before the udev upgrade. the new kernel cannot be installed at that point to. the only way to fix it, is:

  touch /etc/udev/kernel-upgrade

After that, udev upgrade works and a fresh kernel can be installed (e.g. apt-get install linux-image-3.16.0-4-686-pae). Upgrade the kernel before reboot


===== Jessie -> Stretch Upgrade =====

TODO


===== Stretch -> Buster Upgrade =====


==== monit missing ====


Add **Backports-Repo**:
  printf "%s\n" "deb http://ftp.de.debian.org/debian buster-backports main contrib non-free" | \
  tee /etc/apt/sources.list.d/buster-backports.list

Install monit:

  apt update
  apt install -t buster-backports monit



==== ssmtp missing ====

TODO replace by msmtp


==== fail2ban Config Changes ====

TODO



====== Remove systemd ======

http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation

  apt-get install sysvinit-core sysvinit-utils
  apt-get remove --purge --auto-remove systemd
  echo -e 'Package: systemd\nPin: release *\nPin-Priority: -1' > /etc/apt/preferences.d/systemd
  echo -e '\n\nPackage: *systemd*\nPin: release *\nPin-Priority: -1' >> /etc/apt/preferences.d/systemd