Welcome to our detailed guide on what to do after installing Debian 12 server. If you've just set up a new Debian server, you're probably wondering what steps to take next. This guide will teach you essential post installation steps for a minimal Debian 12 server installation, ensuring your server is secure, up-to-date, and ready for use.
From configuring software repositories to hardening SSH and setting up firewalls, we'll cover everything you need to get your Debian 12 server running smoothly.
Table of Contents
1. Configure Software Repositories
If this is a new minimal Debian installation, you should configure the software repositories.
Edit the /etc/apt/sources.list
file:
nano /etc/apt/sources.list
Replace the contents with the following (or ensure they are present):
deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
Save and close the file.
Update the package list to ensure you have the latest information about available packages.
apt update
2. Upgrade Existing Packages
Upgrade the existing packages to their latest versions.
apt upgrade -y apt full-upgrade -y
3. Install sudo
sudo is not installed in the minimal Debian installation. Since you don't have sudo
access, you'll need to install it as the root user.
apt install sudo -y
4. Create a New User and Add to sudo
Group
Create a new user and add them to the sudo
group.
adduser ostechnix usermod -aG sudo ostechnix
Replace ostechnix
with your actual username.
Once a new user is created, switch to the new user account.
su - ostechnix
Again, replace the username with your own.
Test that the new user has sudo
access by running a command with sudo
.
sudo -v
For more details, check the following guide:
5. Set Up SSH Keys (Optional)
If you want to use SSH keys for authentication, follow these steps.
On your local machine, generate an SSH key pair:
ssh-keygen
Copy the public key to your Debian server:
ssh-copy-id newusername@server_ip
Replace the username and IP address with actual values in the above command.
6. Secure SSH
Edit the SSH configuration to enhance security.
sudo nano /etc/ssh/sshd_config
Make the following changes:
- Set
PermitRootLogin
tono
- Set
PasswordAuthentication
tono
(if you plan to use SSH keys) - Set
AllowUsers
to specify allowed users - Set
Port
to a non-default port (optional but recommended)
PermitRootLogin no PasswordAuthentication no AllowUsers newusername Port 2222 # Example non-default port
Replace the username and port number with your own. Save and close the file.
Restart the SSH service:
sudo systemctl restart ssh
7. Install Essential Packages
Install some essential packages for system management and monitoring. I intend to keep a minimal Debian setup for myself, so I installed the following:
sudo apt install -y vim htop net-tools curl wget git
8. Configure Time Synchronization
Set up time synchronization using systemd-timesyncd
or ntp
.
8.1. Using systemd-timesyncd
:
sudo apt install systemd-timesyncd sudo timedatectl set-ntp true
Verify if the time synchronization is setup correctly by running timedatectl
command:
$ timedatectl
Local time: Tue 2024-08-27 18:54:21 IST
Universal time: Tue 2024-08-27 13:24:21 UTC
RTC time: Tue 2024-08-27 13:24:21
Time zone: Asia/Kolkata (IST, +0530)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
8.2. Using ntp
:
You can also configure time synchronization using ntp
. To do so, run the following commands:
sudo apt install ntp -y sudo systemctl enable ntp sudo systemctl start ntp
9. Set Up a Firewall
This step is highly recommended if you connect your server to Internet. You should configure a firewall to restrict incoming and outgoing traffic.
9.1. Using ufw
(Uncomplicated Firewall):
UFW is a command line front-end to manage iptables. It provides a framework for managing and manipulating netfilter firewall.
Run the following commands one by one to quickly setup ufw firewall, deny all incoming connections and allow only ssh connection.
sudo apt install ufw -y sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow ssh sudo ufw enable
For detailed usage about ufw, I recommend you to refer the following guide:
10. Enable Automatic Security Updates
Enable automatic security updates to keep your system secure.
sudo apt install -y unattended-upgrades sudo dpkg-reconfigure -plow unattended-upgrades
For more details, check the following guide:
11. Set Up Fail2Ban (Optional)
Install and configure monitoring like Fail2ban to prevent your servers from SSH Brute-force attacks.
sudo apt install -y fail2ban sudo systemctl enable fail2ban sudo systemctl start fail2ban
This is just enough for basic monitoring. For more detailed configuration, check our Fail2ban guide:
NOTE:
It is usually not necessary to use Fail2Ban with sshd if only public key authentication is enabled. If you have already configured SSH key-based authentication, fail2ban is not required.
12. Additional Configuration
You should have set these during the installation. If you want to set up different values, you can do so.
- Network Configuration: Review and configure network settings if necessary.
- Hostname: Set a meaningful hostname.
- DNS: Configure DNS settings in
/etc/resolv.conf
.
13. Reboot the System
Finally, reboot your system to apply all changes.
sudo reboot
By following these steps, you will have configured your software repositories, installed sudo
, created a new user with sudo
access, and set up your system with essential security and management tools.
Did I miss any steps in Debian 12 server post installation? Please share your inputs via the comment section below. I will test them and update the guide accordingly.
Related Read: