A list of the first commands I run on a new Debian LXC to homogenize and secure my new environment.
Utilities
1
| apt update && apt upgrade -y
|
1
| apt install curl nano openssl rsync fail2ban unattended-upgrades apt-listchanges sudo -y
|
Don’t use root
It is critical that you don’t use root for SSH or for typical CLI tasks. I always create a new user for that reason.
1
2
3
| useradd -m -g users -G sudo patrick
chsh -s /bin/bash patrick
passwd patrick
|
Make the CLI more fun
Add the following lines to add color to bash:
1
2
3
| export LS_OPTIONS='--color=auto'
eval "`dircolors`"
alias ls='ls $LS_OPTIONS'
|
SSH Configuration
I always disallow login for root over SSH and allow password logins for other users. To do this, edit /etc/ssh/sshd_config
. You’re looking to uncomment and modify the following lines:
1
| nano /etc/ssh/sshd_config
|
1
2
3
4
5
6
7
8
9
10
11
12
| # Authentication:
LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 6
MaxSessions 2
-----
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
|
Once you’ve made the changes, you can restart the LXC and use SSH with your new user.
Unattended Upgrades Configuration
Edit the following file.
1
| sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
|
Uncomment the following line
1
2
3
4
5
6
7
8
9
10
11
| "origin=*";
<--->
Unattended-Upgrade::InstallOnShutdown "false";
<--->
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
|