December 5, 2022

Debian HowTo’s

hacks and tips and tricks

what it is what it does
apt-get install firmware-linux
gets rid of missing firmware errors when upgrading
dpkg-reconfigure locales
gets rid of pesky “perl: warning: Setting locale failed.” error messages
PS1='${debian_chroot:+($debian_chroot)}\A/$? \[\033[01;35m\][\u@\h] \[\033[01;34m\]\w \$ \[\033[00m\]'


PS1='\[\033[0;31m\]\[\033[0;37m\]\[\033[0;35m\]${debian_chroot:+($debian_chroot)}\[\033[0;35m\]\u@\h\[\033[0;37m\]:\[\033[0;36m\]\w >:\[\033[0;00m\] '
alias lst='ls -R | grep ":$" | sed -e '"'"'s/:$//'"'"' -e '"'"'s/[^-][^\/]*\//--/g'"'"' -e '"'"'s/^/   /'"'"' -e '"'"'s/-/|/'"'"
ifconfig eth0 netmask up brings interface eth0 up with ip of and netmask of, you may still have to add a route if you run route and you don’t see a last entry like “default UG 0 0 0 eth0” with being the gateway in this example
route add default gw eth0 you need a default route to tell your box where to send all the packets that get routed (hopefully) outside the machine, this generates one, change your ip to suit your application
update-alternatives --config editor
updates your crontab editor

simple wired network howto

The first example uses simple DHCP, typical in home router situations and laptops:

vi /etc/network/interface
  # The loopback network interface
  auto lo
  iface lo inet loopback
  # The primary network interface
  auto eth0
  iface eth0 inet dhcp
/etc/init.d/networking restart

You may have to add a default route if this doesn’t work, Debian is sometimes weird about that.

vi /etc/network/interfaces
  # The loopback network interface
  auto lo
  iface lo inet loopback
  # The primary network interface
  allow-hotplug eth0
  iface eth0 inet static

If you are using Stretch, you’ll need these commands instead:

ip addr add dev eth1
ip addr show
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet scope host lo
  inet6 ::1/128 scope host
  valid_lft forever preferred_lft forever
  2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
  link/ether 00:0c:29:28:fd:4c brd ff:ff:ff:ff:ff:ff
  inet brd scope global eth0
  inet6 fe80::20c:29ff:fe28:fd4c/64 scope link
  valid_lft forever preferred_lft forever
  3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
  link/ether 00:0c:29:28:fd:56 brd ff:ff:ff:ff:ff:ff
  inet scope global eth1
  inet6 fe80::20c:29ff:fe28:fd56/64 scope link
  valid_lft forever preferred_lft forever
  set up/secure Debian
ip addr del dev eth1
ip link set eth1 up
ip link set eth1 down
ip route show via dev eth0 dev eth1  proto kernel  scope link  src  metric 1 dev eth0  proto kernel  scope link  src dev eth0  scope link  metric 1002
  default via dev eth0  proto static
ip route add via dev eth0
ip route del

add persistent route

vi /etc/network/interfaces
  auto eth0
    iface eth0 inet static
    #########{Static Route}###########
    up ip route add via dev eth0
ip route add default via

email aliases

set up a real e-mail address for you to get e-mail notifications

vi /etc/aliases
   root: youruser


change standard port and only allow certain users:

vi /etc/ssh/sshd_config
  Port 12345
  AllowUsers user1 user2@
/etc/init.d/ssh restart

configure firewall (IPTables)

This will set up a basic firewall, nothing fancy. first save your existing firewall rules:

iptables-save > /etc/iptables.up.rules

add these before line that says COMMIT at the end:

#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d -j REJECT
#  Accepts all established inbound connections
#  Allows all outbound traffic - modify to only allow certain traffic
# allow http connections, uncomment line below
# -A INPUT -p tcp --dport 80 -j ACCEPT
#  Allows SSH connections
-A INPUT -p tcp -m state --state NEW --dport 12345 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy

after this, make the rules active by doing:

iptables-restore < /etc/iptables.up.rules

/etc/apt/sources.list set up

This is an example of a working /etc/apt/sources.list from a wheezy box. Comment out the cdrom line like shown, otherwise it will keep asking your server for a cd when you update/upgrade:

# deb cdrom:...
deb wheezy main contrib non-free
deb-src wheezy main contrib non-free
deb wheezy/updates main contrib non-free
deb-src wheezy/updates main contrib non-free

reset Debian root password

reboot, then when you see the GRUB menu, hit ‘e’ for edit

use your arrow key to scroll down the line that says

linux /boot/vmlinuz-3.2.0-4-amd64 root=UUID=2cd65072-4467-4f39-b786-4bf9502f2731 ro quiet

(you’re UUID and vmlinuz will be different than mine, but this is the line you want. Now add init=/bin/bash to the end of that line so it looks something like this:

linux /boot/vmlinuz-3.2.0-4-amd64 root=UUID=2cd65072-4467-4f39-b786-4bf9502f2731 ro quiet init=/bin/bash

Now hit ‘F10’ (or ctrl-x in older versions) to save and boot to the prompt where you reset your password. Then enter:

mount -n -o remount,rw /
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Disable IPv6

IPv6 screws up some process which try to bind to an IPv6 address, but then not bind to the IPv4 address you were probably really wanting to use. To disable this do:

vi /etc/sysctl.conf
  net.ipv6.conf.all.disable_ipv6 = 1
  net.ipv6.conf.default.disable_ipv6 = 1
  net.ipv6.conf.lo.disable_ipv6 = 1
  net.ipv6.conf.eth0.disable_ipv6 = 1
sysctl -p

Now if you run netstat -plunt you shouldn’t see something like ::::80, but instead (for apache non-ssl)

Java and Flash in Firefox/Iceweazel

apt-get install icedtea-7-plugin flashplugin-nonfree
update-flashplugin-nonfree --install

then reboot Firefox

run web-based java

you may have to allow access to the IP you’re downloading the java app from in Menu > Internet > Oracle Java 8 Web Start > Security > Edit Site List > Add > OK, but then download the link and do:

javaws /path/to/your.jnlp