You are not logged in.
Pages: 1
After installing Devuan, the first thing I configure is sudo.
# visudo
Put this line at the bottom of the file:
<your_user_name> ALL=NOPASSWD:ALL
save/exit/reboot
If you use nano,
# nano /etc/sudoers
ditto as above.
Next, aliases make my life easier,
$ nano .bash_aliases
Paste this:
alias adu="sudo apt-get update && sudo apt-get dist-upgrade"
alias agi="sudo apt-get install"
alias as="apt-cache search"
alias ash="apt-cache show"
logout/login and test it as USER:
$ adu
Go to .nanorc and type this:
set const
set smooth
set mouse
UFW (Uncomplicated Firewall)
# apt-get install ufw
# ufw enable
# ufw status
# reboot
After coming back do another 'ufw status' to find out if the firewall
is working.
To avoid pinging: go to:
# nano /etc/ufw/before.rules
And leave this section looking like this:
# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
Next, go to www.grc.com and click on ShieldsUp, next screen scroll down to Hot
Spots, and click on ShieldsUp again, next screen click on Proceed, next screen
click on All Service Ports and let it check the ports, gives an ok result, the
ports are neon green, and gives you this veredict:
"Your system has achieved a perfect "TruStealth" rating. Not a single packet —
solicited or otherwise — was received from your system as a result of our
security probing tests. Your system ignored and refused to reply to repeated
Pings (ICMP Echo Requests). From the standpoint of the passing probes of any
hacker, this machine does not exist on the Internet. Some questionable personal
security systems expose their users by attempting to "counter-probe the prober",
thus revealing themselves. But your system wisely remained silent in every way.
Very nice."
Startup
To start your apps and window manager: go to .xinitrc as USER,
$ nano .xinitrc
Put this:
#!/bin/sh
setxkbmap -option terminate:ctrl_alt_bksp
xsetroot -solid black
unclutter -idle 2 &
numlockx &
exec <window manager>
I think this is about it, thanks for your patience.
Happy trails,
macondo
Reference: https://help.ubuntu.com/community/UFW
# updatedb
So later I can use 'locate'
Last edited by macondo (2017-10-08 15:11:11)
Desktop Dual Core 8 GB RAM - Devuan Ceres - Slackware Current - Grub - JWM
“Just because you're paranoid doesn't mean they aren't after you.” ― Joseph Heller, Catch-22
Offline
Sudo? Really? Ah now maybe I understand. Perhaps you're used to Ubuntu's bad habits . . .
Offline
Really. Perhaps you don't know me, I have never used Ubuntu.
Desktop Dual Core 8 GB RAM - Devuan Ceres - Slackware Current - Grub - JWM
“Just because you're paranoid doesn't mean they aren't after you.” ― Joseph Heller, Catch-22
Offline
Fair 'nuf. A short stint with Ubuntu years ago cured me of the sudo disease. But let's not sidetrack your howto with THAT discussion.
Offline
A short stint with Ubuntu years ago cured me of the sudo disease.
You and me both.
Never understood the use of sudo, on a list of "worst ideas ever for linux" it ranks right up there with dconf and systemd IMO.
https://sourceforge.net/projects/vuu-do/ New 1.09 isos uploaded 11/27/2024
Vuu-do GNU/Linux, minimal Devuan-based openbox systems to build on, maximal versions if you prefer your linux fully-loaded.
New Devuan-mate-mini isos too!
Please donate to support Devuan and init freedom! https://devuan.org/os/donate
Online
I don't know what I did here, but after clicking on the picture, I was taken to a "Roblox" site at some point. I'm not sure how it happened though.
I have been Devuanated, and my practice in the art of Devuanism shall continue until my Devuanization is complete. Until then, I will strive to continue in my understanding of Devuanchology, Devuanprocity, and Devuanivity.
Veni, vidi, vici vdevuaned. I came, I saw, I Devuaned.
Offline
UFW (Uncomplicated Firewall)
Does Devuan Jessie have any default firewall ? I did not install any and I got this result in test:
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet.
Offline
There is no default firewall front-end installed in debian or devuan. There is iptables, but no rules are in place. If you install some services that listen for connections, then you will have open ports. (examples: openssh-server, mysql-server, apache2, samba)
If you're behind a router, the router is being scanned, and unless you set up port-forwarding in the router, the outside world can't see the open ports on your computer.
Offline
sudo - so what do you use for root priviledges??
(I used sudo before I used ubuntu)
I'm in the sudoers file but still have to do the password from time to time
[with the ALL settings in sudoers!}
Offline
With this:
<your_user_name> ALL=NOPASSWD:ALL
you need NO passwd...
Desktop Dual Core 8 GB RAM - Devuan Ceres - Slackware Current - Grub - JWM
“Just because you're paranoid doesn't mean they aren't after you.” ― Joseph Heller, Catch-22
Offline
thanks @macondo
I didn't have the NOPASSWD in the sudoers file,
(fwiw - I had to 'sudo visude' to modify the file !)
Offline
np
Desktop Dual Core 8 GB RAM - Devuan Ceres - Slackware Current - Grub - JWM
“Just because you're paranoid doesn't mean they aren't after you.” ― Joseph Heller, Catch-22
Offline
@greenjeans wrote:
Never understood the use of sudo, on a list of "worst ideas ever for linux" it ranks right up there with dconf and systemd IMO.
'
well - as I understand it - Linux is a multi-user system - so someone has to be the boss/admin
Now it is true that most linux downloads are most likely for single user/desktops - so root/sudo becomes a grey area.: IMO
Not sure what the answer is - there is a lot of debate about it
'
I am not taking a stand on it
garyz
Offline
thanks @fsmithred
Offline
sudo history is a bit older than linux not to mention ubuntu. sudo development is/was maintained by OBSD (although OBSD uses mainly doas rather than sudo nowdays) however system is as secure as one make it.
Offline
hola Macondo
After installing Devuan, the first thing I configure is sudo.
...ditto as above.
Next, aliases make my life easier,
...UFW (Uncomplicated Firewall)
...Startup
To start your apps and window manager: go to .xinitrc as USER,
...# updatedb
So later I can use 'locate'
everything is useful indeed, thanks
satellite mestizo
Offline
Entirely aside from philisophical issues with sudo,
NEVER EDIT THE SUDOERS FILE DIRECTLY.
instead, read the man page before trying 'EDITOR=/bin/nano visudo` instead. There are ways to set the order of preferred editors. Read the man page because if visudo suspects anything wrong when nano exits, it does not give you choices or reminders, but instead expects you know which keys to press.
Offline
UFW (Uncomplicated Firewall)
If you have rules you're happy with, there's also netfilter-persistent and iptables-persistent.
sudo disease
I don't think sudo in itself is a disease. But that "ALL=ALL NOPASSWD"-thing definitely is.
Offline
i'd say it is better to use sudoedit after running update-alternatives --set editor /usr/bin/vim (or nvim), also editing the sudoers file and being able to use sudo without password is a hell no!
as for other controversial post installation configurations there exist my scripts https://github.com/eylles/devuan-scripts and there are a couple more that will still be added...
Offline
For single user system, you guys recommend using only "su" ? or doas ?
Offline
I'm running a single user system, and I use both su and sudo. sudo for small commands, su for more elaborate system management.
I never login as root; that's highly not recommended because of the amount of code that runs when you login, esp. on a graphical desktop; all of that would be running with root privileges, which is very dangerous.
Offline
Pages: 1