Base install
Install using iso image and follow instructions to install only bare OS no tools.
After first boot
#log in as root
apt update
apt upgrade -y
apt autoremove -y
#install basic apps - one of which is sudo
apt install -y wget curl sudo ufw
#since we installed sudo above, we need to add the standard user created during install to sudoers group.
usermod -a -G sudo [username] #note -G needs to be capital.
#configure static network (debian)
ip address
nano /etc/network/interfaces
#comment out the "iface [interface] inet dhcp" line
#add the following:
auto [interface]
iface [interface] inet static
address [ip address]
netmask [netmask]
gateway [gateway]
dns-domain [domain suffix]
dns-nameservers [nameservers separated by space]
systemctl restart networking.service
ip address
#turn on firewall, enable outgoing connections, deny incoming connections except ssh.
ufw default deny incoming
ufw default allow outgoing
ufw allow proto tcp from 10.0.0.0/8 to any port 22
ufw allow proto tcp from 192.168.0.0/16 to any port 22
ufw enable && ufw reload
Bash history
nano .bashrc
sudo nano /root/.bashrc
sudo nano /etc/skel/.bashrc
Adjust the setting below in the above files.
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=-1
HISTFILESIZE=-1
nginx - fix signing key
cat /etc/apt/sources.list.d/nginx.list #get current signing key location
ls -al /etc/apt/keyrings #view contents of original signing keyring
#get latest keyring and store into new keyring location
curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /usr/share/keyrings/nginx-keyring.gpg
nano /etc/apt/sources.list.d/nginx.list #update signing key location
# modify the signed-by file name.
Other
journalctl -xeu [service name]