Debian10.13 : Initialization

Contents

1. Install and configure vim editor
2. Network Settings
3. Set server time synchronization
- 3.1 Configuration of timesyncd service
- 3.2 Reflection of timesyncd service settings
4. Restrict users who can su
- 4.1 Adding users to the wheel group
- 4.2 Edit configuration file for su command
5. Debian Repository Mirror Settings Edit
6. Make the locate command available
7. Locale Settings
- 7.1 Check current locale
- 7.2 Changed to Japanese locale
8. Time zone settings.
- 8.1 Display of current time zone
- 8.2 Change time zone to Japan
9. Update system packages

1. Install and configure vim editor

Debian has "nano" as the default editor. nano is somewhat difficult to use, and there are few environments where it is used, so we will show you how to change the editor to "vim".

1.1 Check vim package

Debian has vim installed by default, but the package is called "vim-tiny", which is a less-featured version. To check the installed vim packages, use the "dpkg" command. The "-l" option will display a list of packages.
Since the "dpkg" command as is will show all packages installed on the system, we will use the "grep" command to extract only those packages that contain the string "vim". Execute as follows

# dpkg -l | grep vim
ii vim-common 2:8.2.2434-3+deb11u1 all Vi IMproved - Common files
ii vim-tiny 2:8.2.2434-3+deb11u1 amd64 Vi IMproved - enhanced vi editor - compact version

You can see that only the "vim-tiny" package is installed as shown above.

1.2 Installing the vim package

The "-y" option to the apt install command is an option that automatically confirms the installation.

# apt install -y vim

After installation, check the vim package again with the dpkg command

# dpkg -l | grep vim 
ii vim 2:8.1.0875-5+deb10u4 amd64 Vi IMproved - enhanced vi editor 
ii vim-common 2:8.1.0875-5+deb10u4 all Vi IMproved - Common files 
ii vim-runtime 2:8.1.0875-5+deb10u4 all Vi IMproved - Runtime files 
ii vim-tiny 2:8.1.0875-5+deb10u4 amd64 Vi IMproved - enhanced vi editor - compact version

Vim is installed as above

1.3 Change the editor used by default

Change the default editor to "vim" installed from nano.To change the default editor, run the command "update-alternatives --set editor".

# update-alternatives --set editor /usr/bin/vim.basic 
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/editor (editor) in manual mode

If the output looks like the above, the editor has been modified.

1.4 Change vim settings

To allow all users, create a ".vimrc" file in "/root/".
To create a vim environment for each user, create a ".vimrc" file in the user's home directory.
This time, we will create a ".vimrc" file in the root user's home directory "/root/".

# vi ~/.vimrc

"Enables pasting and copying of text
set clipboard+=autoselect
" Use vim's own extensions (not compatible with vi)
set nocompatible
" Specify character code
set encoding=utf-8
" Specify file encoding
set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp
" Specify the line feed code to be automatically recognized
set fileformats=unix,dos
" Obtain a backup
set backup
" Specify the directory from which to obtain backups
set backupdir=~/backup
" Number of generations to keep search history
set history=50
" Do not distinguish between upper and lower case letters when searching
set ignorecase
"Mixing capital letters in search terms makes the search case sensitive
set smartcase
" Highlight words matching your search term
set hlsearch
" Use incremental search
set incsearch
" Display line numbers
set number
" Visualize line breaks ( $ ) and tabs ( ^I )
set list
" Highlight corresponding parentheses when entering parentheses
set showmatch
"No newlines at the end of files
set binary noeol
" Enable automatic indentation
set autoindent
" Color-coded display by syntax
syntax on
"change color of comment text in case of [ syntax on]
highlight Comment ctermfg=LightCyan
"Wrap lines by window width
set wrap

Comment out any unnecessary items above.

1.5 Activation of vim configuration changes

Please log out of the system for the settings to take effect. When you log in to the system again, the above information will be reflected.

2. Network Settings

2.1 Host Name Settings

This section describes how to change the hostname of a host that has been set during Debian installation for some reason.
To set the hostname, use the command "hostnamectl set-hostname". Execute the command as follows In this example, the hostname is set to "Lepard".

# hostnamectl set-hostname Lepard

The result of the configuration can be checked by referring to the "/etc/hostname" file.
Refer to the "/etc/hostname" file with the "cat" command, and if the "Lepard" configuration value is displayed as shown below, the host name check is complete.

# cat /etc/hostname
Lepard

2.2 Set IP address to network interface

The IP address is set to DHCP (dynamic IP address) when Debian 10 is installed, so set a fixed IP address.
Modify the "/etc/network/interfaces" file to set the IP address, and then restart the network interface (ens33 in this case).
The network interface name will vary depending on the environment in which the setup was performed, so check the interface name first.
The command to check network information is "ip addr". Running this command will display the network interface name and IP address information.

# ip addr

1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:f3:3d:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.11.25/24 brd 192.168.11.255 scope global dynamic ens33
valid_lft 157298sec preferred_lft 157298sec
inet6 fe80::20c:29ff:fef3:3dd3/64 scope link
valid_lft forever preferred_lft forever

In the above case, "ens33" is the network interface name.

2.3 Setting up a static IP address

We proceed assuming the following information necessary for the network configuration and the parameters to be configured this time.

・IP address　　　　 192.168.11.83
・subnet mask　　　　255.255.255.0（24bit）
・default gateway　 192.168.11.1
・DNS server　　　　 192.168.11.1

IP addresses are set by modifying the "/etc/network/interfaces" file.

# vi /etc/network/interfaces

The default values are as follows
#This file describes the network interfaces available on your system
#and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

#The loopback network interface
auto lo
iface lo inet loopback

#The primary network interface
allow-hotplug ens33
iface ens33 inet dhcp

Change as follows
#The primary network interface
allow-hotplug ens33
#iface ens33 inet dhcp　　←comment-out
#network interface settings
iface ens33 inet static　　　←add
address 192.168.11.83　　←add
netmask 255.255.255.0　　←add
gateway 192.168.11.1　　　←add
dns-nameservers 192.168.11.1　←add

2.4 Enable static IP address

# systemctl restart networking ifup@ens33

3. Set server time synchronization

In this section, we will configure "timesyncd," a service that automatically adjusts the server time.

3.1 Configuration of timesyncd service

The timesyncd service is configured in the file "/etc/systemd/timesyncd.conf". Before changing the file, make a backup copy of the original file.

# cp -p /etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf.org

Edit the configuration file.

# vi /etc/systemd/timesyncd.conf

The default values are as follows
[Time]
#NTP=
#FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.o rg 3.debian.pool.ntp.org
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048

Change this to a time server in Japan as follows
NTP=ntp.jst.mfeed.ad.jp
FallbackNTP=ntp.nict.jp
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048

3.2 Reflection of timesyncd service settings

# systemctl restart systemd-timesyncd

If no error is output, the service has restarted. Check the time synchronization. The "timedatectl status" command is used to check the time synchronization. Execute as follows

# timedatectl status
               Local time: Fri 2023-02-10 15:31:57 JST
           Universal time: Fri 2023-02-10 06:31:57 UTC
                 RTC time: Fri 2023-02-10 06:31:57
                Time zone: Asia/Tokyo (JST, +0900)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

If "System clock synchronized: yes" is displayed, the time is synchronized.

4. Restrict users who can su

In Debian, any user can be changed to the root user with the "su" command in the default configuration.
If multiple users are created on the server, limit the number of users who can execute the su command as much as possible, because if the login information of any one of the users is known, the root user privilege can be taken away with the su command after unauthorized access.
Allow only users belonging to the wheel group to be authorized to execute su.

4.1 Adding users to the wheel group

First, create a wheel group with the following command

# groupadd wheel

Run the usermod command to add a user to the wheel group. As an example, let us assume that the user to be added is "lan".

# usermod -g wheel lan

Confirm that the wheel group is added to the wheel group using the id command.

# id lan
uid=1000(lan) gid=1001(wheel) groups=1001(wheel)

4.2 Edit configuration file for su command

The configuration file for the su command is /etc/pam.d/su. (around line 15)

# vi /etc/pam.d/su

# Uncomment this to force users to be a member of group wheel
# before they can use `su'. You can also add "group=foo"
# to the end of this line if you want to use a group other
# than the default "wheel" (but this may have side effect of
# denying "root" user, unless she's a member of "foo" or explicitly
# permitted earlier by e.g. "sufficient pam_rootok.so").
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
auth required pam_wheel.so　　←　Uncomment

The lan user can now transition to root privileges using the "su -" command.

5. Debian Repository Mirror Settings Edit

The repository mirror configuration file is /etc/apt/sources.list, make a copy and edit it.

# cd /etc/apt/
# cp sources.list sources.list_back
# vi /etc/apt/sources.list

The file contents are

#

# deb cdrom:[Debian GNU/Linux 10.13.0 _Buster_ - Official amd64 NETINST 2022    0910-18:03]/ buster main

#deb cdrom:[Debian GNU/Linux 10.13.0 _Buster_ - Official amd64 NETINST 20220    910-18:03]/ buster main

deb http://ftp.jp.debian.org/debian/ buster main
deb-src http://ftp.jp.debian.org/debian/ buster main

deb http://security.debian.org/debian-security buster/updates main
deb-src http://security.debian.org/debian-security buster/updates main

# buster-updates, previously known as 'volatile'
deb http://ftp.jp.debian.org/debian/ buster-updates main
deb-src http://ftp.jp.debian.org/debian/ buster-updates main

# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.

The top one is the media used during installation. It is not used anymore, so it is commented out.
If you use it in Japan, it should be a mirror with jp.

6. Make the locate command available

To search for a specific file on the entire Linux system, use the find command, but find's options are somewhat confusing.
The locate command can extract all files with a given filename.
Although a database of file and folder names must be created in advance, it has the advantage of being fast and easy to use. The "locate" command can be used here.

6.1Installing the locate package

# apt install -y locate
# dpkg -l | grep locate
ii  locate                        4.6.0+git+20190209-2         amd64        maintain and query an index of a directory tree

If the locate package name appears in the execution result as shown above, the installation has been verified.

6.2 Create database

# updatedb

6.3 Executing the locate command

As an example, search for all files named "sshd".

# locate sshd
/etc/pam.d/sshd
/etc/ssh/sshd_config
/etc/systemd/system/sshd.service
/run/sshd
/run/sshd.pid
/usr/sbin/sshd
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sshd.8.gz
/usr/share/openssh/sshd_config
/usr/share/openssh/sshd_config.md5sum
/usr/share/vim/vim81/syntax/sshdconfig.vim
/var/lib/systemd/deb-systemd-helper-enabled/sshd.service
/var/lib/ucf/cache/:etc:ssh:sshd_config

A list of filenames containing sshd is now displayed.

7. Locale Settings

This is the language setting of the Linux system; if you selected Japanese as the locale when you installed Debian, you do not need to change it since the environment is originally Japanese.
If your environment is "English locale" and you prefer to use Japanese locale, please do so.

7.1 Check current locale

Check the locale set in the system. Use the "localectl status" command to check the locale.

# localectl status
System Locale: LANG=C.UTF-8
VC Keymap: n/a
X11 Layout: jp
X11 Model: pc105

In the above case, "C.UTF-8" is the locale, which means C locale (POSIX locale).

7.2 Changed to Japanese locale

In Debian, a list of locales can be found with the command "localectl list-locales". Run it to see which locales are available on your system.

# localectl list-locales
C.UTF-8
ja_JP.UTF-8

Two locales are displayed. Since "ja_JP.UTF-8" is the locale for Japanese, we will set the "ja_JP.UTF-8" locale.
To set the locale, use the "localectl set-locale" command. Execute as follows

# localectl set-locale LANG=ja_JP.UTF-8
Confirmation
# localectl status
System Locale: LANG=ja_JP.UTF-8
VC Keymap: n/a
X11 Layout: jp
X11 Model: pc105

We have confirmed that the "ja_JP.UTF-8" locale is set as shown above.

8. Time zone settings.

In most cases, the time zone for Debian 10 is set during installation, but if the Japanese time zone "JST" is not specified, it can be changed with the "timedatectl" command.

8.1 Display of current time zone

To check the time zone set on the server, run the "timedatectl status" command

# timedatectl status
               Local time: Fri 2023-02-10 15:52:04 JST
           Universal time: Fri 2023-02-10 06:52:04 UTC
                 RTC time: Fri 2023-02-10 06:52:04
                Time zone: Asia/Tokyo (JST, +0900)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

The time zone is set to "Asia/Tokyo (JST)" as shown above.

8.2 Change time zone to Japan

If it is not "Asia/Tokyo (JST)", you can change the time zone with the "timedatectl set-timezone" command.

# timedatectl set-timezone Asia/Tokyo

9. Update system packages

Debian systems installed from the media may contain outdated packages. Debian also uses "apt" to update all packages.
To see only the list of packages to be updated without updating the package, run the "apt update" command. Run the command as follows

# apt update
Hit:1 http://ftp.jp.debian.org/debian buster InRelease
Hit:2 http://security.debian.org/debian-security buster/updates InRelease
Get:3 http://ftp.jp.debian.org/debian buster-updates InRelease [56.6 kB]
Fetched 56.6 kB in 0s (155 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.

To update a package, run the "apt upgrade" command.

# apt upgrade -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Go to top