Site map  

Customising Debian Linux

Stuff that I like. Perhaps you like some of it too.

You need to restart the various daemons for the changes to take effect.

Enable TCP or UDP listen

Lightdm

In /etc/lightdm/lightdm.conf; 

#xserver-allow-tcp=false
xserver-allow-tcp=true

Make sure to firewall port 6000.

Lpr

In /etc/default/lpd; 

#OPTIONS="-s"

Make sure to firewall port 515.

NFS

Newer systems disable UDP by default. Some systems need NFS via UDP to work;
In /etc/nfs.conf in the '[nfsd]' section put: 

udp=y

And restart nsf-kernel-server.
UDP should now show up in a netstat -a; 

netstat -a | grep nfs
tcp        0      0 0.0.0.0:nfs             0.0.0.0:*               LISTEN
tcp6       0      0 [::]:nfs                [::]:*                  LISTEN
udp        0      0 0.0.0.0:nfs             0.0.0.0:*
udp6       0      0 [::]:nfs                [::]:*

For NFS security, See: SecuringNFS

Rsyslog

In /etc/rsyslog.conf; 

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

Make sure to firewall port 514.

X11

In /etc/X11/xinit/xserverrc; 

#exec /usr/bin/X -nolisten tcp "$@"
exec /usr/bin/X "$@"

For more information on remote X, see the Remote X Apps mini-HOWTO
Make sure to firewall port 6000.

Other stuff

Bash

In ~/.bashrc;

A prompt with hostname and directory;
Prompt with hostname and directory 

PS1="\\[\\e[1;36m\\]\\h:\\[\\e[1;33m\\]\\w\\[\\e[1;36m\\]\\$\\[\\e[0m\\] "

ISO date in ls;
ISO daye ls 

alias ll='ls -als --time-style=long-iso'

Clear screen on logout; 

trap 'clear' EXIT

Cups

If you're using a network printer, you don't need to load module lp.
In /etc/modules-load.d/cups-filters.conf; 

# lp

Exim

This is for a non-server setup (For servers see: Spam filtering with Exim).
In /etc/exim4/conf.d/main/000_localmacros; 

# Enable checks; 1 = True = Enable
MAIN_TLS_ENABLE = 1
# Avoid TLS trouble
MAIN_TLS_TRY_VERIFY_HOSTS = !*
TLS_DH_MIN_BITS = 512
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !*

# Checks
CHECK_RCPT_REVERSE_DNS = 1
CHECK_DATA_VERIFY_HEADER_SYNTAX = 1

# Other options;
MAIN_QUALIFY_DOMAIN = Your_Domain
MESSAGE_SIZE_LIMIT = 10M

Generate a certificate. You can generate a self-signed cert with /usr/share/doc/exim4-base/examples/exim-gencert.
You also may need to edit /etc/exim4/update-exim4.conf.conf and /etc/mailname.

Firefox

Taming Firefox

Fonts

Install ttf-mscorefonts-installer. And the Noto packages.

Linphone

I found that removing the call log entries from an old ~/.linphonerc and using that for a newer version works best.
Also see: Import contacts to friends.db.

Lpd

An UTF-8 plain text print queue with paps: Printing UTF-8 plain text

NTP

In /etc/ntp.conf (or /etc/ntpsec/ntp.conf); 

enable mode7

Apparently one can use NTPD for amplification attacks. 

restrict Your_IPv4_Range mask Your_IPv4_Mask notrust
restrict Your_IPv6_Range mask Your_IPv6_Mask notrust

Enable local clocks in Apparmor

Below an example which enables a shared memory driver and local clocks on ttyS1 and ttyS2.
In '/etc/apparmor.d/local/usr.sbin.ntpd'; 

capability ipc_owner,
/dev/ttyS1 rw,
/dev/ttyS2 rw,

Serial mouse

I like those old three button rodents. They cut and paste really nice! I even have spare parts.
See: Serial mouse
You may need to use other symlink numbers: inputattach should start just after your display manager.
If there is no 'service' file, systemd will actually use the SysV file instead.

SSH

In /etc/ssh/sshd_config; 

PermitRootLogin no


#UseDNS no
UseDNS yes

Daily syslog rotation

Edit /etc/logrotate.d/rsyslog; 

/var/log/syslog
{
	rotate 14
	daily
	missingok
	notifempty
	delaycompress
	compress
	postrotate
		/usr/lib/rsyslog/rsyslog-rotate
	endscript
}

Syslog at tty8

In /etc/rsyslog.conf; 

# Syslog screen
*.info				/dev/tty8

TcpWrappers

This requires matching forward and reverse DNS lookups for all services with libwrap linked.
In /etc/hosts.allow; 

ALL:		localhost Your_Domain .Your_Domain 127.0.0.0/255.0.0.0 Your_IPv4_Netwerk_Range/Your_IPv4_Netmask [::1] [Your_IPv6_Netwerk_Range]/Your_IPv6_Netmask
portmap:	127.0.0.0/255.0.0.0 Your_IPv4_Netwerk_Range/Your_IPv4_Netmask [::1] [Your_IPv6_Netwerk_Range]/Your_IPv6_Netmask
identd:		KNOWN EXCEPT PARANOID

In /etc/hosts.deny; 

ALL:	ALL

Terminal colours

A pale grey on black with a large font.

Xterm

In ~/.local/share/applications/xterm.desktop 

Exec=xterm -pc -bg black -fg grey90 -fn -misc-fixed-medium-r-normal--20-200-75-75-c-100-iso10646-1 -fs 12

This will set the default font to bitmap. With a Ctrl - right mouse click monospace TTF can be selected.
Bold is dispayed as high intensity.

URxvt

Copy /usr/share/applications/rxvt-unicode.desktop to ~/.local/share/applications/. Change the 'Exec' line in ~/.local/share/applications/rxvt-unicode.desktop; 

Exec=urxvt -fn "10x20,xft:Mono,-*-fixed-medium-r-normal-*-20-200-75-75-c-100-iso10646-1,xft:Symbola:size=12"

Dark blue

One of the things does is change dark-blue to a slightly less dark colour. 

*VT100*color4: rgb:00/44/ee
URxvt*background: black
URxvt*foreground: grey90
URxvt.color4:  #0044ee
URxvt.color12: #5555ff

Do 'xrdb -merge ~/.Xresources' for the changes to take effect.
See Standard ls colors for more info.

Thunderbird

Taming Thunderbird

Vim

In /etc/vim/vimrc; 

syntax on


set mouse=

~/.vimrc 

set mouse=
set background=light
set t_Co=16
:set t_BE=

I use xterm with pale grey text on a black background. The line 'set background=light' is missing in my /root/.vimrc. This way I get brighter colours when logged in as root.
'set t_Co=16' sets 16 colours.
':set t_BE=' avoids automatically switching to insert mode, when cut and pasting with a mouse. This way I can cut and paste commands.

VLC

Install libdvdcss from Debian multimedia.
An interesting link: VLC media player is not displaying video, but audio works

W3C-Validator

When using text mode browsers, the URL gets truncated.
This is caused by 'size="50"' in HTML source and templates. Increase this to whatever value you think is suitable. For instance to 'size="100"';
In /usr/share/w3c-markup-validator/html/file-upload.html; 

           <tr><th><label for="uploaded_file">File:</label></th><td colspan="2"><input type="file" id="uploaded_file" name="uploaded_file" size="100" /></td></tr>

file-upload.html patch: 

--- file-upload.html.bak	2011-03-14 20:54:46.000000000 +0100
+++ file-upload.html	2024-08-25 08:40:16.313307854 +0200
@@ -12,7 +12,7 @@
       <fieldset><legend>Validate by File Upload</legend>
       <form method="post" enctype="multipart/form-data" action="check">
         <table>
-          <tr><th><label for="uploaded_file">File:</label></th><td colspan="2"><input type="file" id="uploaded_file" name="uploaded_file" size="50" /></td></tr>
+          <tr><th><label for="uploaded_file">File:</label></th><td colspan="2"><input type="file" id="uploaded_file" name="uploaded_file" size="100" /></td></tr>
 <!--#include virtual="detailed-form.html" -->
           <tr><td />
             <td><input type="submit" value="Validate this file" /></td>

And /usr/share/w3c-markup-validator/templates/en_US/table.tmpl; 

       <td colspan="2"><input type="text" id="uri" name="uri" value="<TMPL_VAR NAME="file_uri" ESCAPE="HTML">" size="100" /></td>

table.tmpl patch: 

--- table.tmpl.bak	2012-03-12 16:06:09.000000000 +0100
+++ table.tmpl	2024-08-25 08:41:53.314617550 +0200
@@ -57,7 +57,7 @@
 </TMPL_LOOP></textarea></td>
   <TMPL_ELSE>  
       <th><label title="Address of Page to Validate" for="uri">Address</label>:</th>
-      <td colspan="2"><input type="text" id="uri" name="uri" value="<TMPL_VAR NAME="file_uri" ESCAPE="HTML">" size="50" /></td>
+      <td colspan="2"><input type="text" id="uri" name="uri" value="<TMPL_VAR NAME="file_uri" ESCAPE="HTML">" size="100" /></td>
   </TMPL_IF>    
 </TMPL_IF>
     </tr>

You may want to change other files as well.

Enable Xconsole

This applies to systemd based systems. SysV has this enabled by default.
In /etc/systemd/system/;

  1. Remove symlink from /lib/systemd/system/rsyslog.service to syslog.service
  2. Copy /lib/systemd/system/rsyslog.service to syslog.service
  3. Edit syslog.service. Add the green lines; 
[Service]
Type=notify
# Create /dev/xconsole
ExecStartPre=-/usr/bin/mknod -m 640 /dev/xconsole p
ExecStartPre=-/usr/bin/chown root:adm /dev/xconsole
ExecStartPre=-/usr/sbin/restorecon /dev/xconsole
ExecStart=/usr/sbin/rsyslogd -n -iNONE
StandardOutput=null
Restart=on-failure

In /etc/rsyslog.conf; 

# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
# you must invoke `xconsole' with the `-file' option:
#
#    $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
#      busy site..
#
daemon.*;mail.*;\
	news.err;\
	*.=debug;*.=info;\
	*.=notice;*.=warn       |/dev/xconsole

You need to add yourself to group adm in /etc/groups.
And then re-login for the change to take effect.

In ~/.config/autostart/xconsole.desktop; 

[Desktop Entry]
Encoding=UTF-8
Version=0.9.4
Type=Application
Name=Xconsole
Comment=Xconsole
Exec=/usr/bin/xconsole -file /dev/xconsole -saveLines 32
OnlyShowIn=XFCE;
StartupNotify=false
Terminal=false
Hidden=false

Modify to suit your needs.

XFCE Artwork

From the Debian snapshot archive. Some nice desktop background images;
Debian desktop background images
A very old deb with this stuff: xfce4-artwork_0.1.1a~git+20110420-1_all.deb
Images get installed in /usr/share/xfce4/backdrops/.

XFCE Workspaces

I set these to 12:
Applications, Settings, Workspaces.

X Screen saver

Install xscreensaver. Whitout it I get automatically logged-out all the time.