Site map  

Customising Debian Linux

Stuff that I like. Perhaps you like some of it too.

You need to restart the various daemons for the changes to take effect.

Enable TCP or UDP listen

Lightdm

In /etc/lightdm/lightdm.conf;

#xserver-allow-tcp=false
xserver-allow-tcp=true

Make sure to firewall port 6000.

Lpr

In /etc/default/lpd;

#OPTIONS="-s"

Make sure to firewall port 515.

NFS

Newer systems disable UDP by default. Some systems need NFS via UDP to work;
In /etc/nfs.conf in the '[nfsd]' section put:

udp=y

And restart nsf-kernel-server.
UDP should now show up in a netstat -a;

netstat -a | grep nfs
tcp        0      0 0.0.0.0:nfs             0.0.0.0:*               LISTEN
tcp6       0      0 [::]:nfs                [::]:*                  LISTEN
udp        0      0 0.0.0.0:nfs             0.0.0.0:*
udp6       0      0 [::]:nfs                [::]:*

For NFS security, See: SecuringNFS

Rsyslog

In /etc/rsyslog.conf;

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

Make sure to firewall port 514.

X11

In /etc/X11/xinit/xserverrc;

#exec /usr/bin/X -nolisten tcp "$@"
exec /usr/bin/X "$@"

For more information on remote X, see the Remote X Apps mini-HOWTO
Make sure to firewall port 6000.

Other stuff

Bash

In ~/.bashrc;

A prompt with hostname and directory;
Prompt with hostname and directory

PS1="\\[\\e[1;36m\\]\\h:\\[\\e[1;33m\\]\\w\\[\\e[1;36m\\]\\$\\[\\e[0m\\] "

ISO date in ls;
ISO daye ls

alias ll='ls -als --time-style=long-iso'

Clear screen on logout;

trap 'clear' EXIT

Cups

If you're using a network printer, you don't need to load module lp.
In /etc/modules-load.d/cups-filters.conf;

# lp

Exim

This is for a non-server setup (For servers see: Spam filtering with Exim).
In /etc/exim4/conf.d/main/000_localmacros;

# Enable checks; 1 = True = Enable
MAIN_TLS_ENABLE = 1
# Avoid TLS trouble
MAIN_TLS_TRY_VERIFY_HOSTS = !*
TLS_DH_MIN_BITS = 512
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !*

# Checks
CHECK_RCPT_REVERSE_DNS = 1
CHECK_DATA_VERIFY_HEADER_SYNTAX = 1

# Other options;
MAIN_QUALIFY_DOMAIN = Your_Domain
MESSAGE_SIZE_LIMIT = 10M

Generate a certificate. You can generate a self-signed cert with /usr/share/doc/exim4-base/examples/exim-gencert.
You also may need to edit /etc/exim4/update-exim4.conf.conf and /etc/mailname.

Firefox

Taming Firefox

Fonts

Install ttf-mscorefonts-installer. And the Noto packages.

Linphone

I found that removing the call log entries from an old ~/.linphonerc and using that for a newer version works best.
Also see: Import contacts to friends.db.

Lpd

An UTF-8 plain text print queue with paps: Printing UTF-8 plain text

NTP

In /etc/ntp.conf (or /etc/ntpsec/ntp.conf);

enable mode7

Apparently one can use NTPD for amplification attacks.

restrict Your_IPv4_Range mask Your_IPv4_Mask notrust
restrict Your_IPv6_Range mask Your_IPv6_Mask notrust

Enable local clocks in Apparmor

Below an example which enables a shared memory driver and local clocks on ttyS1 and ttyS2.
In '/etc/apparmor.d/local/usr.sbin.ntpd';

capability ipc_owner,
/dev/ttyS1 rw,
/dev/ttyS2 rw,

Serial mouse

I like those old three button rodents. They cut and paste really nice! I even have spare parts.
See: Serial mouse
You may need to use other symlink numbers: inputattach should start just after your display manager.
If there is no 'service' file, systemd will actually use the SysV file instead.

SSH

In /etc/ssh/sshd_config;

PermitRootLogin no

#UseDNS no
UseDNS yes

Daily syslog rotation

Edit /etc/logrotate.d/rsyslog;

/var/log/syslog
{
	rotate 14
	daily
	missingok
	notifempty
	delaycompress
	compress
	postrotate
		/usr/lib/rsyslog/rsyslog-rotate
	endscript
}

Syslog at tty8

In /etc/rsyslog.conf;

# Syslog screen
*.info				/dev/tty8

TcpWrappers

This requires matching forward and reverse DNS lookups for all services with libwrap linked.
In /etc/hosts.allow;

ALL:		localhost Your_Domain .Your_Domain 127.0.0.0/255.0.0.0 Your_IPv4_Netwerk_Range/Your_IPv4_Netmask [::1] [Your_IPv6_Netwerk_Range]/Your_IPv6_Netmask
portmap:	127.0.0.0/255.0.0.0 Your_IPv4_Netwerk_Range/Your_IPv4_Netmask [::1] [Your_IPv6_Netwerk_Range]/Your_IPv6_Netmask
identd:		KNOWN EXCEPT PARANOID

In /etc/hosts.deny;

ALL:	ALL

Terminal colours

A pale grey on black with a large font.

Xterm

In ~/.local/share/applications/xterm.desktop

Exec=xterm -pc -bg black -fg grey90 -fn -misc-fixed-medium-r-normal--20-200-75-75-c-100-iso10646-1 -fs 12

This will set the default font to bitmap. With a Ctrl - right mouse click monospace TTF can be selected.
Bold is dispayed as high intensity.

URxvt

Copy /usr/share/applications/rxvt-unicode.desktop to ~/.local/share/applications/. Change the 'Exec' line in ~/.local/share/applications/rxvt-unicode.desktop;

Exec=urxvt -fn "10x20,xft:Mono,-*-fixed-medium-r-normal-*-20-200-75-75-c-100-iso10646-1,xft:Symbola:size=12"

Terminal colours

One of the things does is change dark-blue to a slightly less dark colour.

*VT100*color4: rgb:00/44/ee
URxvt*background: black
URxvt*foreground: grey90
URxvt.color4:  #0044ee
URxvt.color12: #5555ff

Do 'xrdb -merge ~/.Xresources' for the changes to take effect.
See Standard ls colors for more info.

Thunderbird

Taming Thunderbird

Vim

In /etc/vim/vimrc;

syntax on

set mouse=

~/.vimrc

set mouse=
set background=light
set t_Co=16
:set t_BE=

I use xterm with pale grey text on a black background. The line 'set background=light' is missing in my /root/.vimrc. This way I get brighter colours when logged in as root.
'set t_Co=16' sets 16 colours.
':set t_BE=' avoids automatically switching to insert mode, when cut and pasting with a mouse. This way I can cut and paste commands.

VLC

Install libdvdcss from Debian multimedia.
An interesting link: VLC media player is not displaying video, but audio works

Enable Xconsole

This applies to systemd based systems. SysV has this enabled by default.
In /etc/systemd/system/;

  1. Remove symlink from /lib/systemd/system/rsyslog.service to syslog.service
  2. Copy /lib/systemd/system/rsyslog.service to syslog.service
  3. Edit syslog.service. Add the green lines;
[Service]
Type=notify
# Create /dev/xconsole
ExecStartPre=-/usr/bin/mknod -m 640 /dev/xconsole p
ExecStartPre=-/usr/bin/chown root:adm /dev/xconsole
ExecStartPre=-/usr/sbin/restorecon /dev/xconsole
ExecStart=/usr/sbin/rsyslogd -n -iNONE
StandardOutput=null
Restart=on-failure

In /etc/rsyslog.conf;

# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
# you must invoke `xconsole' with the `-file' option:
#
#    $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
#      busy site..
#
daemon.*;mail.*;\
	news.err;\
	*.=debug;*.=info;\
	*.=notice;*.=warn       |/dev/xconsole

You need to add yourself to group adm in /etc/groups.
And then re-login for the change to take effect.

In ~/.config/autostart/xconsole.desktop;

[Desktop Entry]
Encoding=UTF-8
Version=0.9.4
Type=Application
Name=Xconsole
Comment=Xconsole
Exec=/usr/bin/xconsole -file /dev/xconsole
OnlyShowIn=XFCE;
StartupNotify=false
Terminal=false
Hidden=false

Modify to suit your needs.

XFCE Artwork

From the Debian snapshot archive. Some nice desktop background images;
Debian desktop background images
A very old deb with this stuff: xfce4-artwork_0.1.1a~git+20110420-1_all.deb
Images get installed in /usr/share/xfce4/backdrops/.

XFCE Workspaces

I set these to 12:
Applications, Settings, Workspaces.

X Screen saver

Install xscreensaver. Whitout it I get automatically logged-out all the time.