HOWTO: Post-Installation Configurations

macondo · 2017-10-06 18:56:21

After installing Devuan, the first thing I configure is sudo.

# visudo

Put this line at the bottom of the file:

<your_user_name>  ALL=NOPASSWD:ALL

save/exit/reboot

If you use nano,

# nano /etc/sudoers

ditto as above.

Next, aliases make my life easier,

$ nano .bash_aliases

Paste this:

alias adu="sudo apt-get update && sudo apt-get dist-upgrade"
alias agi="sudo apt-get install"
alias as="apt-cache search"
alias ash="apt-cache show"

logout/login and test it as USER:

$ adu

Go to .nanorc and type this:

set const
set smooth
set mouse

UFW (Uncomplicated Firewall)

# apt-get install ufw
# ufw enable
# ufw status
# reboot

After coming back do another 'ufw status' to find out if the firewall
is working.

To avoid pinging: go to:

# nano  /etc/ufw/before.rules

And leave this section looking like this:

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

Next, go to www.grc.com and click on ShieldsUp, next screen scroll down to Hot
Spots, and click on ShieldsUp again, next screen click on Proceed, next screen
click on All Service Ports and let it check the ports, gives an ok result, the
ports are neon green, and gives you this veredict:

"Your system has achieved a perfect "TruStealth" rating. Not a single packet â€”
solicited or otherwise â€” was received from your system as a result of our
security probing tests. Your system ignored and refused to reply to repeated
Pings (ICMP Echo Requests). From the standpoint of the passing probes of any
hacker, this machine does not exist on the Internet. Some questionable personal
security systems expose their users by attempting to "counter-probe the prober",
thus revealing themselves. But your system wisely remained silent in every way.
Very nice."

Startup
To start your apps and window manager: go to .xinitrc as USER,

$ nano .xinitrc

Put this:

#!/bin/sh

setxkbmap -option terminate:ctrl_alt_bksp
xsetroot -solid black
unclutter -idle 2 &
numlockx &

exec <window manager>

I think this is about it, thanks for your patience.

Happy trails,
macondo

Reference: https://help.ubuntu.com/community/UFW

# updatedb

So later I can use 'locate'

Last edited by macondo (2017-10-08 15:11:11)

golinux · 2017-10-06 19:43:46

Sudo? Really? Ah now maybe I understand. Perhaps you're used to Ubuntu's bad habits . . .

macondo · 2017-10-06 20:32:53

Really. Perhaps you don't know me, I have never used Ubuntu.

golinux · 2017-10-06 20:46:01

Fair 'nuf. A short stint with Ubuntu years ago cured me of the sudo disease. But let's not sidetrack your howto with THAT discussion.

greenjeans · 2017-10-06 20:57:33

golinux wrote:

A short stint with Ubuntu years ago cured me of the sudo disease.

You and me both.

Never understood the use of sudo, on a list of "worst ideas ever for linux" it ranks right up there with dconf and systemd IMO.

MiyoLinux · 2017-10-06 21:23:24

I don't know what I did here, but after clicking on the picture, I was taken to a "Roblox" site at some point. I'm not sure how it happened though.

boycottsystemd · 2017-10-07 09:52:06

UFW (Uncomplicated Firewall)

Does Devuan Jessie have any default firewall ? I did not install any and I got this result in test:

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet.

fsmithred · 2017-10-07 19:04:36

There is no default firewall front-end installed in debian or devuan. There is iptables, but no rules are in place. If you install some services that listen for connections, then you will have open ports. (examples: openssh-server, mysql-server, apache2, samba)

If you're behind a router, the router is being scanned, and unless you set up port-forwarding in the router, the outside world can't see the open ports on your computer.

garyz.dev1 · 2017-10-07 23:43:14

sudo - so what do you use for root priviledges??
(I used sudo before I used ubuntu)
I'm in the sudoers file but still have to do the password from time to time
[with the ALL settings in sudoers!}

macondo · 2017-10-07 23:49:09

With this:
<your_user_name> ALL=NOPASSWD:ALL

you need NO passwd...

garyz.dev1 · 2017-10-07 23:54:21

thanks @macondo
I didn't have the NOPASSWD in the sudoers file,
(fwiw - I had to 'sudo visude' to modify the file !)

macondo · 2017-10-07 23:58:13

np

garyz.dev1 · 2017-10-08 00:00:04

@greenjeans wrote:

Never understood the use of sudo, on a list of "worst ideas ever for linux" it ranks right up there with dconf and systemd IMO.

'
well - as I understand it - Linux is a multi-user system - so someone has to be the boss/admin
Now it is true that most linux downloads are most likely for single user/desktops - so root/sudo becomes a grey area.: IMO
Not sure what the answer is - there is a lot of debate about it
'
I am not taking a stand on it

garyz

boycottsystemd · 2017-10-08 16:14:38

thanks @fsmithred

fog · 2017-10-10 18:50:12

sudo history is a bit older than linux not to mention ubuntu. sudo development is/was maintained by OBSD (although OBSD uses mainly doas rather than sudo nowdays) however system is as secure as one make it.

vlax · 2020-07-08 17:09:45

hola Macondo

macondo wrote:

After installing Devuan, the first thing I configure is sudo.
...
ditto as above.
Next, aliases make my life easier,
...
UFW (Uncomplicated Firewall)
...
Startup
To start your apps and window manager: go to .xinitrc as USER,
...
# updatedb
So later I can use 'locate'

everything is useful indeed, thanks

peterrooney · 2024-06-21 20:51:35

Entirely aside from philisophical issues with sudo,
NEVER EDIT THE SUDOERS FILE DIRECTLY.
instead, read the man page before trying 'EDITOR=/bin/nano visudo` instead. There are ways to set the order of preferred editors. Read the man page because if visudo suspects anything wrong when nano exits, it does not give you choices or reminders, but instead expects you know which keys to press.

nahkhiirmees · 2024-06-22 13:32:55

UFW (Uncomplicated Firewall)

If you have rules you're happy with, there's also netfilter-persistent and iptables-persistent.

sudo disease

I don't think sudo in itself is a disease. But that "ALL=ALL NOPASSWD"-thing definitely is.

EDX-0 · 2024-07-15 07:46:51

i'd say it is better to use sudoedit after running update-alternatives --set editor /usr/bin/vim (or nvim), also editing the sudoers file and being able to use sudo without password is a hell no!

as for other controversial post installation configurations there exist my scripts https://github.com/eylles/devuan-scripts and there are a couple more that will still be added...

unixuser · 2024-09-13 21:36:05

For single user system, you guys recommend using only "su" ? or doas ?

quickfur · 2024-09-13 23:14:26

I'm running a single user system, and I use both su and sudo. sudo for small commands, su for more elaborate system management.

I never login as root; that's highly not recommended because of the amount of code that runs when you login, esp. on a graphical desktop; all of that would be running with root privileges, which is very dangerous.

The officially official Devuan Forum!

#1 2017-10-06 18:56:21

HOWTO: Post-Installation Configurations

#2 2017-10-06 19:43:46

Re: HOWTO: Post-Installation Configurations

#3 2017-10-06 20:32:53

Re: HOWTO: Post-Installation Configurations

#4 2017-10-06 20:46:01

Re: HOWTO: Post-Installation Configurations

#5 2017-10-06 20:57:33

Re: HOWTO: Post-Installation Configurations

#6 2017-10-06 21:23:24

Re: HOWTO: Post-Installation Configurations

#7 2017-10-07 09:52:06

Re: HOWTO: Post-Installation Configurations

#8 2017-10-07 19:04:36

Re: HOWTO: Post-Installation Configurations

#9 2017-10-07 23:43:14

Re: HOWTO: Post-Installation Configurations

#10 2017-10-07 23:49:09

Re: HOWTO: Post-Installation Configurations

#11 2017-10-07 23:54:21

Re: HOWTO: Post-Installation Configurations

#12 2017-10-07 23:58:13

Re: HOWTO: Post-Installation Configurations

#13 2017-10-08 00:00:04

Re: HOWTO: Post-Installation Configurations

#14 2017-10-08 16:14:38

Re: HOWTO: Post-Installation Configurations

#15 2017-10-10 18:50:12

Re: HOWTO: Post-Installation Configurations

#16 2020-07-08 17:09:45

Re: HOWTO: Post-Installation Configurations

#17 2024-06-21 20:51:35

Re: HOWTO: Post-Installation Configurations

#18 2024-06-22 13:32:55

Re: HOWTO: Post-Installation Configurations

#19 2024-07-15 07:46:51

Re: HOWTO: Post-Installation Configurations

#20 2024-09-13 21:36:05

Re: HOWTO: Post-Installation Configurations

#21 2024-09-13 23:14:26

Re: HOWTO: Post-Installation Configurations

Board footer