Debian Standard Packages to install afterwards

From Edgar BV Wiki
Revision as of 07:34, 27 November 2025 by Red (talk | contribs) (fail2ban)
Jump to navigation Jump to search

standard extra packages

After a standard install of debian, these packages still need installing. 

apt-get install vim mc iproute2 sysstat systune snmpd ncftp fail2ban nscd needrestart ntpdate ntp plocate mutt postfix

maybe need installing

often a good idea to install

postfix openssh-server zip unzip bzip2 arj ncftp rsync sshfs

getting email working

possible to need to do 

dpkg-reconfigure postfix

Make sure it is set as a satellite host (because ziggo blocks port 25, but allows port 587 traffic) for mail.edgarbv.com.

Then on the mail.edgarbv.com server add the domain name to 

  /etc/postfix/sender_whitelist

and 

  postmap sender_whitelist
  postfix reload

/etc/postfix/main.cf on the satellite server should have the following line in it 

relayhost = mail.edgarbv.com:587

inet_protocols = ipv4

DNS

Notes: Choose between nscd or pdnsd for DNS caching. nscd can be buggy, pdnsd needs resolvconf

vim-tiny is installed by debian by default. This is horrible, and which is why we install vim first!

/etc/default/sysstat: turn ENABLED="true"

/etc/default/snmpd: get rid of 127.0.0.1 from SNMPDOPTS

vi /etc/snmp/snmpd.conf: change the community names

nscd is only usefull for servers not running bind themselves

fail2ban

Troubleshooting: https://github.com/fail2ban/fail2ban/wiki/Troubleshooting

vi /etc/fail2ban/jail.d/defaults-debian.conf 

[sshd]
enabled = true

vi /etc/fail2ban/fail2ban.conf

allowipv6 = auto

vi /etc/fail2ban/jail.local (this is where user edits go AND where the jails you set up are specified.

The default values for all jails are set up top if they differ from the jail.conf and can be overridden per jail.) 

[DEFAULT]

ignoreip = 127.0.0.1/8 91.154.222.134 37.252.124.72/24
bantime  = 3d
bantime.increment = true
bantime.multipliers = 1 2 4 8 16 32 64

# Jail for more extended banning of persistent abusers
# !!! WARNINGS !!!
# 1. Make sure that your loglevel specified in fail2ban.conf/.local
#    is not at DEBUG level -- which might then cause fail2ban to fall into
#    an infinite loop constantly feeding itself with non-informative lines
# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
#    to maintain entries for failed logins for sufficient amount of time
[recidive]
enabled = true

[sshd-ddos]
enabled = yes

[proftpd]
enabled  = true

NB don't edit jail.conf - this contains the default definitions for the services which you can override in jail.d/jail.local

you can find options in 

  man jail.conf

The jail definitions can be found in /etc/fail2ban/filter.d/

The log files being used can be found in paths-debian.conf and paths-common.conf

The following commands will show you the current running status 

fail2ban-client -t  

fail2ban-client restart

  fail2ban-client status

  fail2ban-client status postfix-sasl

To see the status of all the jails in 1 go vi ~/fail2ban-allstatus.sh 

#!/bin/bash

# Print status for all fail2ban jails.
  JAILS=($(fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'))
  for JAIL in ${JAILS[@]}
  do
    echo "--------------- 👀  JAIL STATUS: $JAIL ... ---------------"
    fail2ban-client status $JAIL
    echo "--------------- ... ---------------"
  done


The following will tell you what the variables are for a specific jail 

  fail2ban-client get postfix-sasl bantime

  fail2ban-client get postfix-sasl findtime

  fail2ban-client get postfix-sasl maxretry


The following will show you how the detection is going for a specific jail

fail2ban-regex /var/log/mail/mail.log postfix-sasl

maybe destemail too NB don't edit jail.conf

logging in /var/log/fail2ban.log

Manually banning a range 

  fail2ban-client set postfix-sasl banip 81.30.107.0/24

https://www.howtoforge.com/using-fail2ban-on-debian-12/

monitoring swapfile

crontab entry 

  5 * * * *       /home/adm_usr/swapfileuse.sh

/home/adm_usr/swapfileuse.sh 

#!/bin/sh
#Script to find out what was using swap at what time

LOGFILE=/var/log/swapuse.log
echo "--------------------------------------------------------------------------------" >> $LOGFILE
echo `date` >> $LOGFILE
echo "Total swapfile use (mB)" >> $LOGFILE
free -m | grep Swap | awk '{ print $3 }' >> $LOGFILE
echo " " >> $LOGFILE

for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | grep -v "0 kB" | grep kB >> $LOGFILE


might need apt-get install resolvconf but I don't like it much

obsolete

vi /etc/denyhosts.com

set PURGE_DENY = 1w and ADMIN_EMAIL = red@email.com and SMTP_FROM = Denyhosts $machinename <nobody@localhost>

Also, if a host keeps getting denied, you can stop it from going in the /etc/hosts.deny file by putting the IP address into a line in /var/lib/denyhosts/allowed-hosts

packages: hal atsar iproute

Retrieved from "http://wiki.edgarbv.com/index.php?title=Debian_Standard_Packages_to_install_afterwards&oldid=38121"