The officially official Devuan Forum!

You are not logged in.

#1 2017-10-06 18:56:21

macondo
Member
From: Central America
Registered: 2017-06-11
Posts: 52  

HOWTO: Post-Installation Configurations

After installing Devuan, the first thing I configure is sudo.

# visudo

Put this line at the bottom of the file:

<your_user_name>  ALL=NOPASSWD:ALL

save/exit/reboot

If you use nano,

# nano /etc/sudoers

ditto as above.

Next, aliases make my life easier,

$ nano .bash_aliases

Paste this:

alias adu="sudo apt-get update && sudo apt-get dist-upgrade"
alias agi="sudo apt-get install"
alias as="apt-cache search"
alias ash="apt-cache show"

logout/login and test it as USER:

$ adu  

Go to .nanorc and type this:

set const
set smooth
set mouse

UFW (Uncomplicated Firewall)

# apt-get install ufw
# ufw enable
# ufw status
# reboot

After coming back do another 'ufw status' to find out if the firewall
is working.

To avoid pinging: go to:

# nano  /etc/ufw/before.rules

And leave this section looking like this:

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

Next, go to www.grc.com and click on ShieldsUp, next screen scroll down to Hot
Spots, and click on ShieldsUp again, next screen click on Proceed, next screen
click on All Service Ports and let it check the ports, gives an ok result, the
ports are neon green, and gives you this veredict:

"Your system has achieved a perfect "TruStealth" rating. Not a single packet —
solicited or otherwise — was received from your system as a result of our
security probing tests. Your system ignored and refused to reply to repeated
Pings (ICMP Echo Requests). From the standpoint of the passing probes of any
hacker, this machine does not exist on the Internet. Some questionable personal
security systems expose their users by attempting to "counter-probe the prober",
thus revealing themselves. But your system wisely remained silent in every way.
Very nice."

Startup
To start your apps and window manager: go to .xinitrc as USER,

$ nano .xinitrc

Put this:

#!/bin/sh

setxkbmap -option terminate:ctrl_alt_bksp
xsetroot -solid black
unclutter -idle 2 &
numlockx &

exec <window manager>

I think this is about it, thanks for your patience.

Happy trails,
macondo

Reference: https://help.ubuntu.com/community/UFW

28c15c619859053.jpg
e47bff621643413.jpg

# updatedb

So later I can use 'locate'

Last edited by macondo (2017-10-08 15:11:11)


Desktop Dual Core 8 GB RAM - Devuan Ceres - Slackware Current - Grub - JWM
“Just because you're paranoid doesn't mean they aren't after you.” ― Joseph Heller, Catch-22

Offline

#2 2017-10-06 19:43:46

golinux
Administrator
Registered: 2016-11-25
Posts: 3,333  

Re: HOWTO: Post-Installation Configurations

Sudo? Really?  Ah now maybe I understand.  Perhaps you're used to Ubuntu's bad habits . . .

Online

#3 2017-10-06 20:32:53

macondo
Member
From: Central America
Registered: 2017-06-11
Posts: 52  

Re: HOWTO: Post-Installation Configurations

Really. Perhaps you don't know me, I have never used Ubuntu.


Desktop Dual Core 8 GB RAM - Devuan Ceres - Slackware Current - Grub - JWM
“Just because you're paranoid doesn't mean they aren't after you.” ― Joseph Heller, Catch-22

Offline

#4 2017-10-06 20:46:01

golinux
Administrator
Registered: 2016-11-25
Posts: 3,333  

Re: HOWTO: Post-Installation Configurations

Fair 'nuf.  A short stint with Ubuntu years ago cured me of the sudo disease.  But let's not sidetrack your howto with THAT discussion.

Online

#5 2017-10-06 20:57:33

greenjeans
Member
Registered: 2017-04-07
Posts: 576  
Website

Re: HOWTO: Post-Installation Configurations

golinux wrote:

A short stint with Ubuntu years ago cured me of the sudo disease.

You and me both.

Never understood the use of sudo, on a list of "worst ideas ever for linux" it ranks right up there with dconf and systemd IMO.


https://sourceforge.net/projects/vuu-do/ New 1.09 isos uploaded 11/27/2024
Vuu-do GNU/Linux, minimal Devuan-based openbox systems to build on, maximal versions if you prefer your linux fully-loaded.
New Devuan-mate-mini isos too!
Please donate to support Devuan and init freedom! https://devuan.org/os/donate

Offline

#6 2017-10-06 21:23:24

MiyoLinux
Member
Registered: 2016-12-05
Posts: 1,323  

Re: HOWTO: Post-Installation Configurations

I don't know what I did here, but after clicking on the picture, I was taken to a "Roblox" site at some point. I'm not sure how it happened though.


I have been Devuanated, and my practice in the art of Devuanism shall continue until my Devuanization is complete. Until then, I will strive to continue in my understanding of Devuanchology, Devuanprocity, and Devuanivity.

Veni, vidi, vici vdevuaned. I came, I saw, I Devuaned. wink

Offline

#7 2017-10-07 09:52:06

boycottsystemd
Member
Registered: 2017-09-25
Posts: 101  

Re: HOWTO: Post-Installation Configurations

UFW (Uncomplicated Firewall)

Does Devuan Jessie have any default firewall ? I did not install any and I got this result in test:

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet.

Offline

#8 2017-10-07 19:04:36

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,492  

Re: HOWTO: Post-Installation Configurations

There is no default firewall front-end installed in debian or devuan. There is iptables, but no rules are in place.  If you install some services that listen for connections, then you will have open ports. (examples: openssh-server, mysql-server, apache2, samba)

If you're behind a router, the router is being scanned, and unless you set up port-forwarding in the router, the outside world can't see the open ports on your computer.

Offline

#9 2017-10-07 23:43:14

garyz.dev1
Member
From: U.S.-South Carolina
Registered: 2017-06-15
Posts: 89  

Re: HOWTO: Post-Installation Configurations

sudo   - so what do you use for root priviledges??
(I used sudo before I used ubuntu)
I'm in the sudoers file but still have to do the password from time to time
[with the ALL settings in sudoers!}

Offline

#10 2017-10-07 23:49:09

macondo
Member
From: Central America
Registered: 2017-06-11
Posts: 52  

Re: HOWTO: Post-Installation Configurations

With this:
<your_user_name>  ALL=NOPASSWD:ALL

you need NO passwd...


Desktop Dual Core 8 GB RAM - Devuan Ceres - Slackware Current - Grub - JWM
“Just because you're paranoid doesn't mean they aren't after you.” ― Joseph Heller, Catch-22

Offline

#11 2017-10-07 23:54:21

garyz.dev1
Member
From: U.S.-South Carolina
Registered: 2017-06-15
Posts: 89  

Re: HOWTO: Post-Installation Configurations

thanks @macondo
I didn't have the NOPASSWD in the sudoers file,
(fwiw - I had to 'sudo visude' to modify the file !)

Offline

#12 2017-10-07 23:58:13

macondo
Member
From: Central America
Registered: 2017-06-11
Posts: 52  

Re: HOWTO: Post-Installation Configurations

np


Desktop Dual Core 8 GB RAM - Devuan Ceres - Slackware Current - Grub - JWM
“Just because you're paranoid doesn't mean they aren't after you.” ― Joseph Heller, Catch-22

Offline

#13 2017-10-08 00:00:04

garyz.dev1
Member
From: U.S.-South Carolina
Registered: 2017-06-15
Posts: 89  

Re: HOWTO: Post-Installation Configurations

@greenjeans wrote:

Never understood the use of sudo, on a list of "worst ideas ever for linux" it ranks right up there with dconf and systemd IMO.

'
well - as I understand it - Linux is a multi-user system - so someone has to be the boss/admin
Now it is true that most linux downloads are most likely for single user/desktops - so root/sudo becomes a grey area.: IMO
Not sure what the answer is - there is a lot of debate about it
'
I am not taking a stand on it

garyz

Offline

#14 2017-10-08 16:14:38

boycottsystemd
Member
Registered: 2017-09-25
Posts: 101  

Re: HOWTO: Post-Installation Configurations

thanks @fsmithred

Offline

#15 2017-10-10 18:50:12

fog
Member
Registered: 2017-10-09
Posts: 28  

Re: HOWTO: Post-Installation Configurations

sudo history is a bit older than linux not to mention ubuntu. sudo development is/was maintained by OBSD (although OBSD uses mainly doas rather than sudo nowdays) however system is as secure as one make it.

Offline

#16 2020-07-08 17:09:45

vlax
Member
From: hipsterland
Registered: 2020-06-14
Posts: 42  
Website

Re: HOWTO: Post-Installation Configurations

hola Macondo

macondo wrote:

After installing Devuan, the first thing I configure is sudo.
...

ditto as above.

Next, aliases make my life easier,
...

UFW (Uncomplicated Firewall)
...

Startup
To start your apps and window manager: go to .xinitrc as USER,
...

# updatedb

So later I can use 'locate'

everything is useful indeed, thanks smile


satellite mestizo

Offline

#17 2024-06-21 20:51:35

peterrooney
Member
From: PNW
Registered: 2021-09-25
Posts: 5  

Re: HOWTO: Post-Installation Configurations

Entirely aside from philisophical issues with sudo,
NEVER EDIT THE SUDOERS FILE DIRECTLY.
instead, read the man page before trying 'EDITOR=/bin/nano visudo` instead. There are ways to set the order of preferred editors. Read the man page because if visudo suspects anything wrong when nano exits, it does not give you choices or reminders, but instead expects you know which keys to press.

Offline

#18 2024-06-22 13:32:55

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: HOWTO: Post-Installation Configurations

UFW (Uncomplicated Firewall)

If you have rules you're happy with, there's also netfilter-persistent and iptables-persistent.

sudo disease

I don't think sudo in itself is a disease. But that "ALL=ALL NOPASSWD"-thing definitely is.

Offline

#19 2024-07-15 07:46:51

EDX-0
Member
Registered: 2020-12-12
Posts: 83  

Re: HOWTO: Post-Installation Configurations

i'd say it is better to use sudoedit after running update-alternatives  --set editor /usr/bin/vim (or nvim), also editing the sudoers file and being able to use sudo without password is a hell no!

as for other controversial post installation configurations there exist my scripts https://github.com/eylles/devuan-scripts and there are a couple more that will still be added...

Offline

#20 2024-09-13 21:36:05

unixuser
Member
Registered: 2024-09-13
Posts: 3  

Re: HOWTO: Post-Installation Configurations

For single user system, you guys recommend using only "su" ? or doas ?

Offline

#21 2024-09-13 23:14:26

quickfur
Member
Registered: 2023-12-14
Posts: 431  

Re: HOWTO: Post-Installation Configurations

I'm running a single user system, and I use both su and sudo. sudo for small commands, su for more elaborate system management.

I never login as root; that's highly not recommended because of the amount of code that runs when you login, esp. on a graphical desktop; all of that would be running with root privileges, which is very dangerous.

Offline

Board footer