Home Debian Debian 12 Server Setup: Essential Post-Installation Steps

Debian 12 Server Setup: Essential Post-Installation Steps

Post-Installation Checklist for Debian Server

By sk
Published: Updated: 2.1K views

Welcome to our detailed guide on what to do after installing Debian 12 server. If you've just set up a new Debian server, you're probably wondering what steps to take next. This guide will teach you essential post installation steps for a minimal Debian 12 server installation, ensuring your server is secure, up-to-date, and ready for use.

From configuring software repositories to hardening SSH and setting up firewalls, we'll cover everything you need to get your Debian 12 server running smoothly.

1. Configure Software Repositories

If this is a new minimal Debian installation, you should configure the software repositories.

Edit the /etc/apt/sources.list file:

nano /etc/apt/sources.list

Replace the contents with the following (or ensure they are present):

deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware

deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware

deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware

Save and close the file.

Update the package list to ensure you have the latest information about available packages.

apt update

2. Upgrade Existing Packages

Upgrade the existing packages to their latest versions.

apt upgrade -y
apt full-upgrade -y

3. Install sudo

sudo is not installed in the minimal Debian installation. Since you don't have sudo access, you'll need to install it as the root user.

apt install sudo -y

4. Create a New User and Add to sudo Group

Create a new user and add them to the sudo group.

adduser ostechnix
usermod -aG sudo ostechnix

Replace ostechnix with your actual username.

Once a new user is created, switch to the new user account.

su - ostechnix

Again, replace the username with your own.

Test that the new user has sudo access by running a command with sudo.

sudo -v

For more details, check the following guide:

5. Set Up SSH Keys (Optional)

If you want to use SSH keys for authentication, follow these steps.

On your local machine, generate an SSH key pair:

ssh-keygen

Copy the public key to your Debian server:

ssh-copy-id newusername@server_ip

Replace the username and IP address with actual values in the above command.

6. Secure SSH

Edit the SSH configuration to enhance security.

sudo nano /etc/ssh/sshd_config

Make the following changes:

  • Set PermitRootLogin to no
  • Set PasswordAuthentication to no (if you plan to use SSH keys)
  • Set AllowUsers to specify allowed users
  • Set Port to a non-default port (optional but recommended)
PermitRootLogin no
PasswordAuthentication no
AllowUsers newusername
Port 2222  # Example non-default port

Replace the username and port number with your own. Save and close the file.

Restart the SSH service:

sudo systemctl restart ssh

7. Install Essential Packages

Install some essential packages for system management and monitoring. I intend to keep a minimal Debian setup for myself, so I installed the following:

sudo apt install -y vim htop net-tools curl wget git

8. Configure Time Synchronization

Set up time synchronization using systemd-timesyncd or ntp.

8.1. Using systemd-timesyncd:

sudo apt install systemd-timesyncd
sudo timedatectl set-ntp true

Verify if the time synchronization is setup correctly by running timedatectl command:

$ timedatectl 
Local time: Tue 2024-08-27 18:54:21 IST
Universal time: Tue 2024-08-27 13:24:21 UTC
RTC time: Tue 2024-08-27 13:24:21
Time zone: Asia/Kolkata (IST, +0530)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no

8.2. Using ntp:

You can also configure time synchronization using ntp. To do so, run the following commands:

sudo apt install ntp -y
sudo systemctl enable ntp
sudo systemctl start ntp

9. Set Up a Firewall

This step is highly recommended if you connect your server to Internet. You should configure a firewall to restrict incoming and outgoing traffic.

9.1. Using ufw (Uncomplicated Firewall):

UFW is a command line front-end to manage iptables. It provides a framework for managing and manipulating netfilter firewall.

Run the following commands one by one to quickly setup ufw firewall, deny all incoming connections and allow only ssh connection.

sudo apt install ufw -y
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable

For detailed usage about ufw, I recommend you to refer the following guide:

10. Enable Automatic Security Updates

Enable automatic security updates to keep your system secure.

sudo apt install -y unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

For more details, check the following guide:

11. Set Up Fail2Ban (Optional)

Install and configure monitoring like Fail2ban to prevent your servers from SSH Brute-force attacks.

sudo apt install -y fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

This is just enough for basic monitoring. For more detailed configuration, check our Fail2ban guide:

NOTE:
It is usually not necessary to use Fail2Ban with sshd if only public key authentication is enabled. If you have already configured SSH key-based authentication, fail2ban is not required.

12. Additional Configuration

You should have set these during the installation. If you want to set up different values, you can do so.

13. Reboot the System

Finally, reboot your system to apply all changes.

sudo reboot

By following these steps, you will have configured your software repositories, installed sudo, created a new user with sudo access, and set up your system with essential security and management tools.

Did I miss any steps in Debian 12 server post installation? Please share your inputs via the comment section below. I will test them and update the guide accordingly.

Related Read:

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More