|
|
@@ -75,6 +75,7 @@ Debian 10 Buster
|
|
|
- Run `mount -a` to validate fstab.
|
|
|
- Restart the system for it to take effect.
|
|
|
1. Setup SSHd:
|
|
|
+ - File: `/etc/ssh/sshd_config`
|
|
|
- `PermitRootLogin no`
|
|
|
- `PasswordAuthentication no`
|
|
|
- `AllowTcpForwarding no`
|
|
|
@@ -108,31 +109,35 @@ Debian 10 Buster
|
|
|
|
|
|
### Networking
|
|
|
|
|
|
-1. (Alternative 1) Setup ifupdown (default):
|
|
|
- - **TODO** ifupdown2?
|
|
|
+1. (Alternative 1) (Recommended) Setup networkd network manager:
|
|
|
+ - Add a simple network config:
|
|
|
+ - Alternatively, add a complicated set of configs.
|
|
|
+ - Create `/etc/systemd/network/lan.network` based on [lan.network]({{ site.github.repository_url }}/blob/master/config/linux-server/files/networkd/lan.network).
|
|
|
+ - Disable/remove the ifupdown config: `mv /etc/network/interfaces /etc/network/interfaces.old`
|
|
|
+ - Enable and start systemd-networkd: `systemctl enable systemd-networkd`
|
|
|
+ - Restart it it already running.
|
|
|
+ - Purge `ifupdown` and `ifupdown2`.
|
|
|
+ - Check the status: `networkctl [status [-a]]`
|
|
|
+ - Restart the system (now or later) and check if still working.
|
|
|
+1. (Alternative 2) (Default) Setup ifupdown network manager:
|
|
|
+ - Install `ifupdown2`.
|
|
|
+ - This may take the network down, so do it locally.
|
|
|
+ - Restart `networking.service` afterward.
|
|
|
- For VLAN support, install `vlan`.
|
|
|
- For bond support, install `ifenslave`.
|
|
|
- - **TODO**: DHCPv4, IPv6 (static, SLAAC, DHCPv6)
|
|
|
-1. (Alternative 2) Setup networkd:
|
|
|
- - Make the new networkd configs.
|
|
|
- - Special network device configs: `/etc/systemd/network/*.netdev`
|
|
|
- - Network configs: `/etc/systemd/network/*.network`
|
|
|
- - Check `...` for the networkd version of the current network configuration. Copy them ... 123
|
|
|
- - Disable/remove the ifupdown config: `mv /etc/network/interfaces /etc/network/interfaces.disabled`
|
|
|
- - Enable systemd-networkd: `systemctl enable systemd-networkd`
|
|
|
- - Check the status: `networkctl [status [-a]]`
|
|
|
+ - **TODO**: DHCPv4, IPv6 (static, SLAAC, DHCPv6).
|
|
|
1. Setup DNS:
|
|
|
- - Enable `systemd-resolved.service`, the systemd resolver.
|
|
|
+ - Enable and start `systemd-resolved.service`, the systemd resolver.
|
|
|
- Point `/etc/resolv.conf` to the one generated by systemd: `ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf`
|
|
|
1. Setup NTP:
|
|
|
- - Check the timezone: `timedatectl`
|
|
|
- - If wrong: `timedatectl set-timezone Europe/Oslo`
|
|
|
+ - Set the timezone: `timedatectl set-timezone Europe/Oslo`
|
|
|
- Enable network time: `timedatectl set-ntp true`
|
|
|
- - In `/etc/systemd/timesyncd.conf`, set `ntp.justervesenet.no`.
|
|
|
+ - In `/etc/systemd/timesyncd.conf`, set `NTP=ntp.justervesenet.no`.
|
|
|
- Restart `systemd-timesyncd`.
|
|
|
- - Check **TODO**.
|
|
|
+ - Check that NTP works: `timedatectl timesync-status`
|
|
|
1. Setup firewall:
|
|
|
- Install: `iptables iptables-persistent netfilter-persistent`
|
|
|
+ - Don't save the current rules.
|
|
|
- Add basic rules (it defaults to accepting everything).
|
|
|
1. Reboot and make sure it still works.
|
|
|
|
Håvard O. Nordstrand