- Welcome to Geeksww.com
Debian Linux Installation and Hardening (3.1r0a)
If the Debian Computer is going to be a part of a network then you need to have the following available.
In case of non-DHCP environment (Debian should be able to find out where the DHCP server is) you need the following.
- IP Address of the computer
- DNS Address
- Netmask
- Hostname for the computer
If you have a good Internet conection then the recommended way to install is by using the minimal install CD. This tutorial is foucsed on installation from a minimal install CD.
Fire up you browser and go to http://www.debian.org/CD/netinst/#netinst-stable. Once you see this page, choose the hardware platform where you want to install Debian. Click on the link specific to your hardware platform and download the .iso image file. After downloading, burn the file on a blank CD. Remember, it is an image file so you have to burn it using special settings. You cannot just add the file in the file list and then burn it. That will just copy the .iso file on the CD. In SONIC DigitalMedia Plus v7 choose "Burn Image" under "Copy" and then browse to the downloaded .iso file and select it. Click on the big red button at the bottom right to burn the image file on the CD. After the completion of the burn process now you have a bootable Debian CD ready to be installed.
Label this CD with the correct version number of Debian and insert it in the CDROM of the computer where you want to install it. Reboot the computer where you want to install Debian and setup your BIOS so that it boots from the CD. Save your BIOS settings and exit. Now, after some type when BIOS checks are done you should see Debian's introductory messages.You'll see prompt boot: If you want to give any initialization arguments you can mention them here. In order to give arguments you must write "linux" once, after the boot prompt. This selects the default kernel named "linux". Some of the arguments that I use mostly are as follows.
debconf/priority=low
This should be used if you are an Advanced user and want to control the Debian installation yourself. Dont use it if you dont know what this means. Debian will assume default settings for most options.
netcfg/dhcp_disabled=true
If you are not using DHCP then you can use this argument to stop Debian look for a DHCP server. Dont use it if you dont know what this means.
hw-detect/start_pcmcia=false
If you don't have PCMCIA devices installed on your computer then you should use this option. Dont use it if you dont know what this means.
If you are using the options debconf/priority=low and hw-detect/start_pcmcia=false then you have to enter commands after the boot prompt like below (on one line).
boot: linux debconf/priority=low hw-detect/start_pcmcia=false
Press Enter to enter the installation process. Choose options that suit you. After completion of the install process remove CD from the computer and reboot your computer.
You should see messages passing by on your screen. These are Debian's initialization checks and process loading messages. After all this is done you'll be prompted for your username and password in order to login. Enter the username that you had entered (should be root) during installation and then enter the password for root. You should see a prompt like below. [your hostname]# If you see this it means your Debian is properly installed and you can login and logout of it. Now, we need to do some basic hardening work. Basic Hardening of Debian:Please follow the steps below to harden your Debian. If you need any o them later on then you can easily install it by using the command apt-get install . Make sure you read man pages before you remove any of them. |
- If you are not running DHCP then remove dhcp-client package first.
apt-get -y remove dhcp-client
- If you do not want to read Debian docs on the system then you could also remove doc-Debian package.
apt-get -y remove doc-debian
- You can also remove Linux HOWTOs.
apt-get -y remove doc-linux-text
- You can also remove mtools (see man mtools).
apt-get -y remove mtools
- If you are not using a dialup modem then you don’t need ppp package as well.
apt-get -y remove ppp
The above command also removes a few related packages.
- We have better revision control systems so don’t need rcs.
apt-get -y remove rcs
apt-get -y remove whiptail
apt-get -y remove gnu-efi
apt-get -y remove python
apt-get -y remove sharutils
apt-get -y remove slang1
apt-get -y remove telnet
apt-get -y remove ftp - If you are not using IPv6 then remove all entries for IPv6 from /etc/hosts.
- Change the file /etc/motd to change post-login message.
- Change the file /etc/issue to change pre-login message.
- Change /etc/securetty to let root user enter through only a specific terminal lets say 5 so leave the entry tty5 and erase all other entries. Now, after reboot you have to go to terminal 5 by pressing Alt-F5 and enter your username and password there.
- Now run the following as root
apt-get update
- Now change the OS information in /etc/issue.net.
- You also don't need the following users and groups. www-data is used for Apache Web Server, so if you have plans to install Apache from Debian's packages then dont run the command userdel www-data below.
- groupdel audio
groupdel video
userdel irc
userdel uucp
userdel news
groupdel news
userdel games
userdel www-data
userdel list
rmdir /usr/local/games
This is not an exclusive list of all steps required to secure (harden) your distribution. There can be more advanced steps needed but I just pointed the very basic ones that I mostly use.
Did this tutorial help a little? How about buy me a cup of coffee?
Please feel free to use the comments form below if you have any questions or need more explanation on anything. I do not guarantee a response.
IMPORTANT: You must thoroughy test any instructions on a production-like test environment first before trying anything on production systems. And, make sure it is tested for security, privacy, and safety. See our terms here.
tags cloud
popular searches
free download for mysql database server 5.1.5, bison, gearman, source code, php, install cairo, laptop, mysql, java, linux, install mysql, mysql initialization, mysql mysql, tools, ubuntu
Similar Tutorials:
- How to download, compile, and install Python on Ubuntu/Debian/ CentOS Linux
- Turning the system beep off (for BASH)
- Script to transfer files to remote server with verification
- Installing Gearman application framework on Debian Linux
- Installing OpenSSL on Ubuntu Linux
Tutorials in 'Operating Systems > Linux' (more):
- Bash script to compare remote directory's files using file size
- Script to transfer files to remote server with verification
- setfacl: command not found
- How to download, compile, and install CMake on Linux
- How to download, compile, and install GNU ncurses on Debian/Ubuntu Linux?
Comments (write a comment):
0 comments so far. Be the first one to leave a comment on this article.
leave a comment