Logicalwebhost Cheatsheet

Linux & Open Source Cheatsheets & Howto's

Skip to: Content | Sidebar | Footer

Debian HowTo’s

hacks and tips and tricks

what it is what it does
apt-get install firmware-linux
gets rid of missing firmware errors when upgrading
dpkg-reconfigure locales
gets rid of pesky “perl: warning: Setting locale failed.” error messages
.bashrc
PS1='${debian_chroot:+($debian_chroot)}\A/$? \[\033[01;35m\][\u@\h] \[\033[01;34m\]\w \$ \[\033[00m\]'

 

PS1='\[\033[0;31m\]\[\033[0;37m\]\[\033[0;35m\]${debian_chroot:+($debian_chroot)}\[\033[0;35m\]\u@\h\[\033[0;37m\]:\[\033[0;36m\]\w >:\[\033[0;00m\] '
alias lst='ls -R | grep ":$" | sed -e '"'"'s/:$//'"'"' -e '"'"'s/[^-][^\/]*\//--/g'"'"' -e '"'"'s/^/   /'"'"' -e '"'"'s/-/|/'"'"
ifconfig eth0 192.168.1.10 netmask 255.255.255.0 up brings interface eth0 up with ip of 192.168.1.10 and netmask of 255.255.255.0, you may still have to add a route if you run route and you don’t see a last entry like “default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0” with 192.168.1.1 being the gateway in this example
route add default gw 192.168.1.1 eth0 you need a default route to tell your box where to send all the packets that get routed (hopefully) outside the machine, this generates one, change your ip to suit your application
update-alternatives --config editor
updates your crontab editor

simple wired network howto

The first example uses simple DHCP, typical in home router situations and laptops:

vi /etc/network/interface
  # The loopback network interface
  auto lo
  iface lo inet loopback
  #
  # The primary network interface
  auto eth0
  iface eth0 inet dhcp
/etc/init.d/networking restart

You may have to add a default route if this doesn’t work, Debian is sometimes weird about that.

vi /etc/network/interfaces
  # The loopback network interface
  auto lo
  iface lo inet loopback
  #
  # The primary network interface
  allow-hotplug eth0
  iface eth0 inet static
	address 192.168.1.10
	netmask 255.255.255.0
	gateway 192.168.1.1

set up/secure Debian

email aliases

set up a real e-mail address for you to get e-mail notifications

vi /etc/aliases
   root: youruser
   youruser: you@whatever.com
newaliases

ssh

change standard port and only allow certain users:

vi /etc/ssh/sshd_config
  Port 12345
  AllowUsers user1 user2@1.2.3.4
/etc/init.d/ssh restart

configure firewall (IPTables)

This will set up a basic firewall, nothing fancy. first save your existing firewall rules:

iptables-save > /etc/iptables.up.rules

add these before line that says COMMIT at the end:

#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
#  Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#  Allows all outbound traffic - modify to only allow certain traffic
-A OUTPUT -j ACCEPT
# allow http connections, uncomment line below
# -A INPUT -p tcp --dport 80 -j ACCEPT
#  Allows SSH connections
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
-A INPUT -p tcp -m state --state NEW --dport 12345 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT

after this, make the rules active by doing:

iptables-restore < /etc/iptables.up.rules

/etc/apt/sources.list set up

This is an example of a working /etc/apt/sources.list from a wheezy box. Comment out the cdrom line like shown, otherwise it will keep asking your server for a cd when you update/upgrade:

# deb cdrom:...
 
deb http://debian.osuosl.org/debian/ wheezy main contrib non-free
deb-src http://debian.osuosl.org/debian/ wheezy main contrib non-free
 
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free

reset Debian root password

reboot, then when you see the GRUB menu, hit ‘e’ for edit

use your arrow key to scroll down the line that says

linux /boot/vmlinuz-3.2.0-4-amd64 root=UUID=2cd65072-4467-4f39-b786-4bf9502f2731 ro quiet

(you’re UUID and vmlinuz will be different than mine, but this is the line you want. Now add init=/bin/bash to the end of that line so it looks something like this:

linux /boot/vmlinuz-3.2.0-4-amd64 root=UUID=2cd65072-4467-4f39-b786-4bf9502f2731 ro quiet init=/bin/bash

Now hit ‘F10’ (or ctrl-x in older versions) to save and boot to the prompt where you reset your password. Then enter:

mount -n -o remount,rw /
passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
reboot

Disable IPv6

IPv6 screws up some process which try to bind to an IPv6 address, but then not bind to the IPv4 address you were probably really wanting to use. To disable this do:

vi /etc/sysctl.conf
  net.ipv6.conf.all.disable_ipv6 = 1
  net.ipv6.conf.default.disable_ipv6 = 1
  net.ipv6.conf.lo.disable_ipv6 = 1
  net.ipv6.conf.eth0.disable_ipv6 = 1
sysctl -p

Now if you run netstat -plunt you shouldn’t see something like ::::80, but instead 127.0.0.1:80 (for apache non-ssl)

Java and Flash in Firefox/Iceweazel

apt-get install icedtea-7-plugin flashplugin-nonfree
update-flashplugin-nonfree --install

then reboot Firefox

run web-based java

you may have to allow access to the IP you’re downloading the java app from in Menu > Internet > Oracle Java 8 Web Start > Security > Edit Site List > Add > OK, but then download the link and do:

javaws /path/to/your.jnlp

Write a comment

You need to login to post comments!