Debian Linux Installation and Hardening (3.1r0a)

In this tutorial I'll tell you the very basic steps on how to install a Debian Linux Distribution on your computer. Although this tutorial should help majority of the users install Debian but my main focus will be on hardening the Debian installation after the installation process. Also, I am assuming that you want to install Debian as a server not as a game or workstation PC. If you are looking for more detailed information on Debian installation then refer to the Debian manual and come back to this tutorial after installation. You can find the manual in your language and for your platform http://www.debian.org/releases/stable/installmanual.

If the Debian Computer is going to be a part of a network then you need to have the following available.

In case of non-DHCP environment (Debian should be able to find out where the DHCP server is) you need the following.

  • IP Address of the computer
  • DNS Address
  • Netmask
  • Hostname for the computer

If you have a good Internet conection then the recommended way to install is by using the minimal install CD. This tutorial is foucsed on installation from a minimal install CD.

Fire up you browser and go to http://www.debian.org/CD/netinst/#netinst-stable. Once you see this page, choose the hardware platform where you want to install Debian. Click on the link specific to your hardware platform and download the .iso image file. After downloading, burn the file on a blank CD. Remember, it is an image file so you have to burn it using special settings. You cannot just add the file in the file list and then burn it. That will just copy the .iso file on the CD. In SONIC DigitalMedia Plus v7 choose "Burn Image" under "Copy" and then browse to the downloaded .iso file and select it. Click on the big red button at the bottom right to burn the image file on the CD. After the completion of the burn process now you have a bootable Debian CD ready to be installed.

Label this CD with the correct version number of Debian and insert it in the CDROM of the computer where you want to install it. Reboot the computer where you want to install Debian and setup your BIOS so that it boots from the CD. Save your BIOS settings and exit. Now, after some type when BIOS checks are done you should see Debian's introductory messages.

You'll see prompt boot: If you want to give any initialization arguments you can mention them here. In order to give arguments you must write "linux" once, after the boot prompt. This selects the default kernel named "linux". Some of the arguments that I use mostly are as follows.

debconf/priority=low

This should be used if you are an Advanced user and want to control the Debian installation yourself. Dont use it if you dont know what this means. Debian will assume default settings for most options.

netcfg/dhcp_disabled=true

If you are not using DHCP then you can use this argument to stop Debian look for a DHCP server. Dont use it if you dont know what this means.

hw-detect/start_pcmcia=false

If you don't have PCMCIA devices installed on your computer then you should use this option. Dont use it if you dont know what this means.

If you are using the options debconf/priority=low and hw-detect/start_pcmcia=false then you have to enter commands after the boot prompt like below (on one line).

boot: linux debconf/priority=low hw-detect/start_pcmcia=false

Press Enter to enter the installation process. Choose options that suit you. After completion of the install process remove CD from the computer and reboot your computer.

You should see messages passing by on your screen. These are Debian's initialization checks and process loading messages.

After all this is done you'll be prompted for your username and password in order to login. Enter the username that you had entered (should be root) during installation and then enter the password for root. You should see a prompt like below.

[your hostname]#

If you see this it means your Debian is properly installed and you can login and logout of it. Now, we need to do some basic hardening work.

Basic Hardening of Debian:

Please follow the steps below to harden your Debian. If you need any o them later on then you can easily install it by using the command apt-get install . Make sure you read man pages before you remove any of them.

  1. If you are not running DHCP then remove dhcp-client package first.

    apt-get -y remove dhcp-client

  2. If you do not want to read Debian docs on the system then you could also remove doc-Debian package.

    apt-get -y remove doc-debian

  3. You can also remove Linux HOWTOs.

    apt-get -y remove doc-linux-text

  4. You can also remove mtools (see man mtools).

    apt-get -y remove mtools

  5. If you are not using a dialup modem then you don’t need ppp package as well.

    apt-get -y remove ppp

    The above command also removes a few related packages.

  6. We have better revision control systems so don’t need rcs.

    apt-get -y remove rcs
    apt-get -y remove whiptail
    apt-get -y remove gnu-efi
    apt-get -y remove python
    apt-get -y remove sharutils
    apt-get -y remove slang1
    apt-get -y remove telnet
    apt-get -y remove ftp

  7. If you are not using IPv6 then remove all entries for IPv6 from /etc/hosts.
  8. Change the file /etc/motd to change post-login message.
  9. Change the file /etc/issue to change pre-login message.
  10. Change /etc/securetty to let root user enter through only a specific terminal lets say 5 so leave the entry tty5 and erase all other entries. Now, after reboot you have to go to terminal 5 by pressing Alt-F5 and enter your username and password there.
  11. Now run the following as root

    apt-get update

  12. Now change the OS information in /etc/issue.net.
  13. You also don't need the following users and groups. www-data is used for Apache Web Server, so if you have plans to install Apache from Debian's packages then dont run the command userdel www-data below.
  14. groupdel audio

    groupdel video
    userdel irc
    userdel uucp
    userdel news
    groupdel news
    userdel games
    userdel www-data
    userdel list
    rmdir /usr/local/games

This is not an exclusive list of all steps required to secure (harden) your distribution. There can be more advanced steps needed but I just pointed the very basic ones that I mostly use.

Did this tutorial help a little? How about buy me a cup of coffee?

Buy me a coffee at ko-fi.com

Please feel free to use the comments form below if you have any questions or need more explanation on anything. I recommend thoroughy testing on a production-like test system first before moving to production.

tags cloud icon tags cloud

linux

popular searches icon popular searches