June 20, 2021

Debian

hacks and tips and tricks

what it is what it does
apt-get install firmware-linux
gets rid of missing firmware errors when upgrading
dpkg-reconfigure locales
gets rid of pesky “perl: warning: Setting locale failed.” error messages
.bashrc
PS1='${debian_chroot:+($debian_chroot)}\A/$? \[\033[01;35m\][\u@\h] \[\033[01;34m\]\w
 \$ \[\033[00m\]'
PS1='\[\033[0;31m\]\[\033[0;37m\]\[\033[0;35m\]${debian_chroot:+($debian_chroot)}\[\033[0;35m\]\u@\h\[\033[0;37m\]:\[\033[0;36m\]\w >:\[\033[0;00m\] '
alias lst='ls -R | grep ":$" | sed -e '"'"'s/:$//'"'"' -e '"'"'s/[^-][^\/]*\//--
/g'"'"'-e '"'"'s/^/   /'"'"' -e '"'"'s/-/|/'"'"
ifconfig eth0 192.168.1.10 netmask 255.255.255.0 up brings interface eth0 up with ip of 192.168.1.10 and netmask of 255.255.255.0, you may still have to add a route

if you run route and you don’t see a last entry like “default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0” with 192.168.1.1

being the gateway in this example

route add default gw 192.168.1.1 eth0 you need a default route to tell your box where to send all the packets that get routed (hopefully) outside the

machine, this generates one, change your ip to suit your application

update-alternatives --config editor
updates your crontab editor

simple wired network howto

The first example uses simple DHCP, typical in home router situations and laptops:

vi /etc/network/interface
  # The loopback network interface
  auto lo
  iface lo inet loopback
  #
  # The primary network interface
  auto eth0
  iface eth0 inet dhcp
/etc/init.d/networking restart

You may have to add a default route if this doesn’t work, Debian is sometimes weird about that.

vi /etc/network/interfaces
  # The loopback network interface
  auto lo
  iface lo inet loopback
  #
  # The primary network interface
  allow-hotplug eth0
  iface eth0 inet static
	address 192.168.1.10
	netmask 255.255.255.0
	gateway 192.168.1.1

If you are using Stretch, you’ll need these commands instead:

ip addr add 192.168.50.5 dev eth1
ip addr show
  1: lo: <loopback,up,lower_up> mtu 16436 qdisc noqueue state UNKNOWN
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
  inet6 ::1/128 scope host
  valid_lft forever preferred_lft forever
  2: eth0: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
  link/ether 00:0c:29:28:fd:4c brd ff:ff:ff:ff:ff:ff
  inet 192.168.50.2/24 brd 192.168.50.255 scope global eth0
  inet6 fe80::20c:29ff:fe28:fd4c/64 scope link
  valid_lft forever preferred_lft forever
  3: eth1: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
  link/ether 00:0c:29:28:fd:56 brd ff:ff:ff:ff:ff:ff
  inet 192.168.50.5/24 scope global eth1
  inet6 fe80::20c:29ff:fe28:fd56/64 scope link
  valid_lft forever preferred_lft forever
  set up/secure Debian
ip addr del 192.168.50.5/24 dev eth1
ip link set eth1 up
ip link set eth1 down
ip route show
  10.10.20.0/24 via 192.168.50.100 dev eth0
  192.168.160.0/24 dev eth1  proto kernel  scope link  src 192.168.160.130  metric 1
  192.168.50.0/24 dev eth0  proto kernel  scope link  src 192.168.50.2
  169.254.0.0/16 dev eth0  scope link  metric 1002
  default via 192.168.50.1 dev eth0  proto static
ip route add 10.10.20.0/24 via 192.168.50.100 dev eth0
ip route del 10.10.20.0/24

add persistent route

vi /etc/network/interfaces
  auto eth0
    iface eth0 inet static
    address 192.168.50.2
    netmask 255.255.255.0
    gateway 192.168.50.100
    #########{Static Route}###########
    up ip route add 10.10.20.0/24 via 192.168.50.100 dev eth0
ip route add default via 192.168.50.100

If you just want to add a default route do:

ip r add default via 192.168.0.1

email aliases

set up a real e-mail address for you to get e-mail notifications

vi /etc/aliases
   root: youruser
   youruser: you@whatever.com
newaliases

ssh

change standard port and only allow certain users:

vi /etc/ssh/sshd_config
  Port 12345
  AllowUsers user1 user2@1.2.3.4
/etc/init.d/ssh restart

configure firewall (IPTables)

This will set up a basic firewall, nothing fancy. first save your existing firewall rules:

iptables-save > /etc/iptables.up.rules

add these before line that says COMMIT at the end:

#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
#  Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#  Allows all outbound traffic - modify to only allow certain traffic
-A OUTPUT -j ACCEPT
# allow http connections, uncomment line below
# -A INPUT -p tcp --dport 80 -j ACCEPT
#  Allows SSH connections
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
-A INPUT -p tcp -m state --state NEW --dport 12345 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT

after this, make the rules active by doing:

iptables-restore < /etc/iptables.up.rules

/etc/apt/sources.list set up

This is an example of a working /etc/apt/sources.list from a wheezy box. Comment out the cdrom line like shown, otherwise it will keep asking your server for a cd when you update/upgrade:

# deb cdrom:...
 
deb http://debian.osuosl.org/debian/ wheezy main contrib non-free
deb-src http://debian.osuosl.org/debian/ wheezy main contrib non-free
 
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free

reset Debian root password

reboot, then when you see the GRUB menu, hit ‘e’ for edit

use your arrow key to scroll down the line that says

linux /boot/vmlinuz-3.2.0-4-amd64 root=UUID=2cd65072-4467-4f39-b786-4bf9502f2731 ro quiet

(you’re UUID and vmlinuz will be different than mine, but this is the line you want. Now add init=/bin/bash to the end of that line so it looks something like this:

linux /boot/vmlinuz-3.2.0-4-amd64 root=UUID=2cd65072-4467-4f39-b786-4bf9502f2731 ro quiet init=/bin/bash

Now hit ‘F10’ (or ctrl-x in older versions) to save and boot to the prompt where you reset your password. Then enter:

mount -n -o remount,rw /
passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
reboot

Disable IPv6

IPv6 screws up some process which try to bind to an IPv6 address, but then not bind to the IPv4 address you were probably really wanting to use. To disable this do:

vi /etc/sysctl.conf
  net.ipv6.conf.all.disable_ipv6 = 1
  net.ipv6.conf.default.disable_ipv6 = 1
  net.ipv6.conf.lo.disable_ipv6 = 1
  net.ipv6.conf.eth0.disable_ipv6 = 1
sysctl -p

Now if you run netstat -plunt you shouldn’t see something like ::::80, but instead 127.0.0.1:80 (for apache non-ssl)

Java and Flash in Firefox/Iceweazel

apt-get install icedtea-7-plugin flashplugin-nonfree
update-flashplugin-nonfree --install

then reboot Firefox

run web-based java

you may have to allow access to the IP you’re downloading the java app from in Menu > Internet > Oracle Java 8 Web Start > Security > Edit Site List > Add > OK, but then download the link and do:

javaws /path/to/your.jnlp