Sign in Subscribe
By Craighton Miller in How To

How To - Debian - Getting Started & Simple Security

How To - Debian - Getting Started & Simple Security

Setting your hostname

echo "hostname" > /etc/hostname
hostname -F /etc/hostname

Update /etc/hosts

127.0.0.1 localhost.localdomain localhost
11.22.33.44 hostname.domain.com hostname

Setting the timezone

dpkg-reconfigure tzdata

Editing /etc/apt/sources.list
Use this tool to generate the right sources.list file for you.

Install software updates

apt-get update
apt-get upgrade

alternately if it says packages have been held back you can do apt-get dist-upgrade.

To add a new user

adduser example

Add that user as an admin

usermod -a -G sudo example

Changing SSH port and prevent root login
nano /etc/ssh/sshd_config

Port 2200

PermitRootLogin no

Adding firewall rules
sudo nano /etc/iptables.firewall.rules

*filter

# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

# Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

# Allow HTTP connections from anywhere (the normal ports for websites).
-A INPUT -p tcp --dport 80 -j ACCEPT

# Allow SSH connections
#
# The -dport number should be the same port number you set in sshd_config
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

# Allow ping
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

sudo iptables-restore < /etc/iptables.firewall.rules

Setting the firewall to set on restart
sudo nano /etc/network/if-pre-up.d/firewall
---

#!/bin/sh
/sbin.iptables-restore < /etc/iptables.firewall.rules
---

sudo chmod +x /etc/network/if-pre-up.d/firewall

Installing Fail2Ban
sudo apt-get install fail2ban

Conclusion

This is one of many parts that will be produced. If you have a specific question or topic let us know in the comment section!

Previous

Leaptrade (Buying and Selling Used Video Games)

 Next

Review - Manfrotto 502HD Pro Video Head

You might also like...