Linux Settings

Firewall

apt install ufw gufw(No need if it is a server)

ufw app list

ufw default deny incoming

ufw default allow outgoing

ufw allow ssh (No need if not a server)

ufw enable

ufw status

SELinux

apt install selinux-basics selinux-policy-default auditd

selinux-activate

reboot

check-selinux-installation

check all denials

audit2allow -w -a

audit2allow -a

allow

audit2allow -a -M servicename

status

getenforce

Change permissive to enforcing

nano /etc/selinux/config

change permissive to enforcing

SELINUX=enforcing

add enforcing =1 to grub

nano /etc/default/grub

GRUB_CMDLINE_LINUX=" security=selinux enforcing=1"

update-grub

reboot

check the status

sestatus

Fail2Ban

apt install fail2ban

service fail2ban start

Install ClamAV Anti Virus

apt install clamav clamav-daemon

clamconf

dpkg-reconfigure clamav-freshclam

service clamav-freshclam start

freshclam

clamscan -r --bell -i /home/user/Downloads

RKHunter

apt-get install rkhunter

rkhunter --propupd

rkhunter --check --rwo

SSH

nano /etc/ssh/sshd_config

Change entries below

PermitRootLogin no

AllowUsers username

Protocol 2

ClientAliveInterval 180

restart

systemctl restart sshd

Running Services & Network Ports

list active services

systemctl list-units | grep service

disable services that you do not need

systemctl mask servicename

netstat -tulpn

or

/sbin/chkconfig --list |grep '3:on'

Disable Services

chkconfig servicename off

Turn Off IPv6

nano /etc/sysctl.conf

add line below

net.ipv6.conf.all.disable_ipv6 = 1

Check System Logs

nano /var/log/message (Where whole system logs or current activity logs are available)

nano /var/log/auth.log (Authentication logs)

nano /var/log/kern.log (Kernel logs)

nano /var/log/cron.log (Crond logs (cron job))

nano /var/log/boot.log (System boot log)

nano /var/log/secure (Authentication log)

nano /var/log/utmp or /var/log/wtmp (Login records file)

apt install localepurge && localepurge

apt autoclean

apt autoremove

Fonts

apt install fonts-liberation ttf-mscorefonts-installer

Gstreamer Codecs

apt install gstreamer1.2-plugins-*

or

apt install gstreamer1.0-plugins-*

Codecs Extra

apt install ffmpeg faac flac wavpack x264 x265 heif-gdk-pixbuf

apt install conky

Conky Settings

Create ".conky" folder to your Home folder then create "conkyrc" text file and copy/paste below; or download it from here

#========================================================================

# Conky-Serdar

#----------------------------------------------------------------------

#sudo apt-get install conky

#extract the zip file and move files to .conky in your home folder

#----------------------------------------------------------------------

#Run(Terminal): 

# conky -c ~/.conky/conkyrc

#----------------------------------------------------------------------

#Autostart(Openbox):

# sudo leafpad .config/openbox/autostart

#add these lines below for autostart (without first #)

# # System Info

# conky -c ~/.conky/conkyrc &

#----------------------------------------------------------------------

#Autostart(Ubuntu/Gnome): create conky-startup.sh paste below (without first #)

# #!/bin/bash

# conky -c ~/.conky/conkyrc ;

#alt+F2 type gnome-session-properties add line below to your startup section

# .conky/conky-startup.sh

#

# Gnome 14 and later

#

# cp ~/.conky/conky.desktop /usr/share/gnome/autostart/

#

# or

#

# gedit /usr/share/gnome/autostart/conky.desktop

# addlines below;

#

## #conky.desktop

## [Desktop Entry]

## Type=Application

## Name=Conky

## Comment=Start conky script

## Exec=.conky/conky-startup.sh

## OnlyShowIn=GNOME;

## X-GNOME-Autostart-Phase=Application

#----------------------------------------------------------------------

#Autostart(LXDE)

# sudo leafpad  /etc/xdg/lxsession/LXDE/autostart

#add (without first #)

# @conky -c ~/.conky/conkyrc

#----------------------------------------------------------------------

# Disable a section, add "#" beginning of the line

#----------------------------------------------------------------------

# For quad/dual core processors add/remove "#" beginning of the core2,3,4

#

# CPU Info: cat /proc/cpuinfo

#----------------------------------------------------------------------

# Battery Info: ls /proc/acpi/battery > cat /proc/acpi/battery/****/info

# For battery info add/remove "#" beginning of the battery line

#----------------------------------------------------------------------

# alignment b=bottom t=top l=left r=right

#----------------------------------------------------------------------

# Nvidia gpu temp: apt-get install nvidia-settings

#

#========================================================================

background yes

update_interval 1

total_run_times 0

cpu_avg_samples 2

net_avg_samples 2

temperature_unit celsius

double_buffer yes

no_buffers yes

text_buffer_size 2048

gap_x 05

gap_y 40

minimum_size 190 325

maximum_width 325

own_window yes

own_window_type normal

own_window_transparent yes

own_window_hints undecorated,sticky,skip_taskbar,skip_pager,below

own_window_argb_visual yes

own_window_argb_value 255

border_inner_margin 0

border_outer_margin 0

alignment tr

draw_shades yes

draw_outline yes

draw_borders no

draw_graph_borders yes

override_utf8_locale yes

use_xft yes

xftfont caviar dreams:size=8

xftalpha 0.5

uppercase no

default_color DeepSkyBlue

color1 Orange

color2 Green

color3 Red

color4 Yellow

color5 DDDDDD

color6 AAAAAA

color7 888888

color8 666666

TEXT

${color1}${font :Bold:size=14} $alignc ${time %H}:${time %M}

${color}${font :Bold:size=14} $alignc ${time %h} ${time %e} - ${time %Y}${font :Bold:size=08} 

$alignc(${time %A})

${color8}$alignc Uptime: $uptime

${color8}${hr 2} 

${color8}$alignc ${pre_exec lsb_release -d | cut -f 2| tr "[:upper:]" "[:lower:]"}${color8}$alignc $sysname $kernel

${color8}$alignc ${execi 1000 cat /proc/cpuinfo | grep 'model name' | sed -e 's/model name.*: //'| uniq}

${color8}${hr 2}

${color4}CPU $alignr${color6}CPU: ${color1}${hwmon 0 temp 1}°C ${color6}GPU: ${color1}${execi 60 nvidia-settings -t -q GPUCoreTemp}°C 

${color}${cpubar 8,325}:${color5}$cpu%

${color7}Core1: ${color}${cpubar cpu1 7,80} ${color7}${cpu cpu1}% $alignr${color7}${cpu cpu2}%${color}${cpubar cpu2 7,80}${color7} :Core2

${color7}Core3: ${color}${cpubar cpu3 7,80} ${color7}${cpu cpu3}% $alignr${color7}${cpu cpu4}%${color}${cpubar cpu4 7,80}${color7} :Core4

${color}${cpugraph 15,}

${color5}Process Name ${color5}$alignr CPU% MEM%

${color6}${top name 1}$alignr${top cpu 1}   ${top mem 1}

${color7}${top name 2}$alignr${top cpu 2}   ${top mem 2}

${color8}${top name 3}$alignr${top cpu 3}   ${top mem 3}

${color8}${top name 4}$alignr${top cpu 4}   ${top mem 4}

${color4}Memory

${color6}RAM : ${color5}($memmax)${alignr}${color6}$mem${color}${membar 8,75}

${color6}SWAP: ${color5}($swapmax)${alignr}${color6}$swap${color}${swapbar 8,75}

${color8}${hr 4}

${color4}HDD

${color5}Linux:${color1}(${fs_type})${alignr}${color7}${fs_used /}  <  >  ${color7}${fs_free /}

${color8}Total: ${fs_size /}${alignr}${color}${fs_bar 8,150}

${color5}Windows:${color1}(${fs_type /run/media/Windows})${alignr}${color7}${fs_used /run/media/Windows}  <  >  ${color7}${fs_free /run/media/Windows}

${color8}Total: ${fs_size /run/media/Windows}${alignr}${color}${fs_bar 8,150 /run/media/Windows}

${color5}Extra:${color1}(${fs_type /run/media/Extra})${alignr}${color7}${fs_used /run/media/Extra}  <  >  ${color7}${fs_free /run/media/Extra}

${color8}Total: ${fs_size /run/media/Extra}${alignr}${color}${fs_bar 8,150 /run/media/Extra}

${color7}HDD Read-> ${alignc}${color2}${diskio_read}/s ${alignr}${color3}${diskio_write}/s ${color7}<-HDD Write

${color2}${diskiograph_read 8,150} ${alignr}${color3}${diskiograph_write 8,150}${color}

${color8}${hr 4}

${color4}Lan${color} ${alignr}${color7}IP: ${addr eth0}

${color7}Download: ${color2}${downspeed eth0} k/s ${alignr} $alignr${color7}Upload: ${color3} ${upspeed eth0} k/s

${color2}${downspeedgraph eth0 8,150} ${alignr}${color3}${upspeedgraph eth0 8,150}

${color7}Total:${color2}${totaldown eth0} ${alignr}${color7}Total:${color3}${totalup eth0}

${color4}Wifi${alignr}${color7}IP: ${addr wlan0}

${color7}ESSID:${color1}${wireless_essid wlan0} ${color7}Rate:${color1}${wireless_bitrate wlan0} ${alignr}${color7}Quality:${color1}${wireless_link_qual_perc wlan0}%${color}${wireless_link_bar 8,75 wlan0}

${color7}Download: ${color2}${downspeed wlan0}KB/s ${color3} $alignr${color7}Upload: ${alignr}${color3}${upspeed wlan0}KB/s

${color2}${downspeedgraph wlan0 8,150} ${alignr}${color3}${upspeedgraph wlan0 8,150}

${color7}Total:${color2}${totaldown wlan0} ${alignr}${color7}Total:${color3}${totalup wlan0}

${color8}${hr 4}

${color4}Battery${color1}${alignr}${battery_percent BAT0}

${color}${battery_bar BAT0  8,}

apt install imagemagick

Put all the images into a folder sequentially numbered in the order then go to the Folder and type command  below

convert -compress jpeg * outputFile.pdf

for the current release use "stable"

for semi-rolling release use "testing"

for rolling release use "sid"

Optional Packages = Multimedia repo, contrib, non-free

Update the Source List

nano /etc/apt/sources.list

Delete everything and paste the text below instead;

## Debian

deb http://deb.debian.org/debian/ stable main contrib non-free non-free-firmware

deb-src http://deb.debian.org/debian/ stable main contrib non-free non-free-firmware

#

## Debian - Security Updates

deb http://security.debian.org/debian-security stable-security main contrib non-free non-free-firmware

deb-src http://security.debian.org/debian-security stable-security main contrib non-free non-free-firmware

#

## Debian Multimedia

deb http://www.deb-multimedia.org stable main non-free

apt update -oAcquire::AllowInsecureRepositories=true && apt install deb-multimedia-keyring -oAcquire::AllowInsecureRepositories=true && apt update && apt full-upgrade && apt autoremove

Backports

##Backports

deb http://deb.debian.org/debian bullseye-backports main contrib non-free

apt update

apt install -t bullseye-backports firefox

apt install cryptsetup ecryptfs-utils rsync lsof

modprobe ecryptfs

Login as root or Add a temporary User (useradd -m -g users -G sudo temp && passwd temp)

Ctrl+Alt+F1 , login as root or temp

ecryptfs-migrate-home -u username

logout of the root or temporary User, do not restart

logging back into your main account (CTRL+Alt+F7)

ecryptfs-unwrap-passphrase

reboot system

delete backup file in /home folder

rm -R username.RANDOM

remove temp user if you created one(userdel -r temp)

apt install gparted gpart ntfs-3g dosfstools mtools exfat-utils btrfs-progs jfsutils xfsprogs

Grub Boot Time

nano /etc/default/grub

GRUB_TIMEOUT=3(change the countdown time)

update-grub

Save Default Operating System in Grub

nano /etc/default/grub

GRUB_DEFAULT=saved

add the following line

GRUB_SAVEDEFAULT=true

update-grub

hostnamectl

hostnamectl set-hostname NAME

nano /etc/hosts

127.0.0.1    localhost NAME

apt install firmware-iwlwifi

iwlwifi firmware: failed to load iwl-debug-yoyo.bin (-2) error

nano /etc/modprobe.d/iwlwifi.conf

add the line below

options iwlwifi enable_ini=N

run

update-initramfs -u

nano /etc/lightdm/lightdm.conf

Show username

greater-hide-users=false

numlock on

apt install numlockx

add

greeter-setup-script=/usr/bin/numlockx on

Auto login

groupadd -r autologin

gpasswd -a username autologin

nano /etc/lightdm/lightdm.conf

add lines below

pam-service=lightdm

pam-autologin-service=lightdm-autologin

user-session=startxfce4

session-wrapper=/etc/lightdm/Xsession

autologin-user=username

autologin-user-timeout=0

apt install minidlna

ufw allow 8200/tcp

ufw allow 1900/udp

ufw status

nano /etc/minidlna.conf

media_dir=V,/data/Media/Movies

media_dir=A,/data/Media/Music

Restart the daemon for changes to take effect:

service minidlna restart

To rebuild the database use:

service minidlna force-reload

apt install network-manager network-manager-gnome

nano /etc/NetworkManager/NetworkManager.conf

Change the Code:

[ifupdown]

managed=true

Reboot the system...

if necessary;

nano /etc/network/interfaces

leave only this line and delete the rest:

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

# The loopback network interface

auto lo

iface lo inet loopback

service NetworkManager restart

reboot

apt install libreoffice-writer libreoffice-calc libreoffice-impress

apt install cups cups-pdf system-config-printer simple-scan

Cups Address

http://localhost:631

apt install samba

samba -V

systemctl status nmbd

ufw allow Samba

ufw app info Samba

ufw status

cp /etc/samba/smb.conf ~/Documents smb_backup.conf

---------------------------------------------------

sync the system users to the Samba user database

apt install libpam-winbind

---------------------------------------------------

nano /etc/samba/smb.conf

workgroup = WORKGROUP

Private Share, add end of the file;

[User]

path = /Location/User

available = yes

browsable = yes

public = no

writable = yes

​read only = no

valid users = user1,user2

read list = user1,user2

write list = user1

---------------------------------------------------

Groups

groupadd family

usermod -aG family user1 (sudo deluser USER GROUP)

grep family /etc/group

Private Share, add end of the file;

[File]

comment = File

​path = /Location/Location

available = yes

​browsable = yes

public = no

​writable = no

​read only = yes

​valid users = @family

dpkg --get-selections > Packages.txt

Copy the Packages.txt to the computer that you want to install your saved packages.(Copy it to the Home Folder) 

dpkg --set-selections < Packages.txt

apt -u dselect-upgrade

apt install snapd

install

snap install package

remove

snap remove package

update

snap refresh

for missing icons in menu

ln -s /var/lib/snapd/desktop/applications /usr/share/applications/snapd

apt-get install sudo

groupadd sudo

gpasswd -a username sudo

visudo /etc/sudoers

## Uncomment to allow members of group sudo to execute any command

 %sudo ALL=(ALL) ALL

dd if=/dev/zero of=/swapfile bs=1024k count=1024

(count=1024 for 1GB swap memory) 

(count=2048 for 2GB swap memory) 

(count=3072 for 3GB swap memory) 

(count=4096 for 4GB swap memory) 

chmod 600 /swapfile && mkswap /swapfile && swapon /swapfile 

nano /etc/fstab

(Add the line below at the end of the page, Save & Exit) 

/swapfile none swap sw 0 0

memory info

free -m

For Removing 

swapoff /swapfile

nano /etc/fstab

(Delete the Entry) 

/swapfile none swap sw 0 0

apt install apt-xapian-index && update-apt-xapian-index -vf

Software

Current Distribution & Version

cat /etc/issue

Linux Kernel Version

uname -r

All Kernel Details

uname -a

Packagename’s Version & Dependencies

apt-cache showpkg packagename

Processor

All Processors' Information

cat /proc/cpuinfo

Memory

Ram & Swap Information

cat /proc/meminfo

Free Memory

free -m

Graphics

Graphic Card, OpenGL info

glxinfo

Graphics Card Model

lspci | grep VGA

Graphics Card Vendor

glxinfo | grep vendor

Direct 3D Rendering?

glxinfo | grep direct

Supported Display Resolutions

xrandr

Audio

Audio Controller

lspci | grep Audio

Audio Device Information

aplay --list-devices

Networking

Ethernet Controllers

lspci | grep Ethernet

Networking Interfaces, IP Addresses

ifconfig

Hard Disks

All APrtitions' Information

fdisk -l

Partitions Mount Points

df -H

USB Devices

USB Devices' Information

lsusb

PCI Devices

lspci

Software for Hardware info

apt install hwinfo

hwinfo

Another Software

apt install lshw

lshw -html > System-Info.html

timedatectl list-timezones

timedatectl set-timezone America/Chicago

timedatectl

Wiping The Entire Disk

Writing 0

dd if=/dev/zero of=/dev/sdX bs=1M

Writing Random

dd if=/dev/urandom of=/dev/sdX bs=1M

alternative

shred -v -n1 -z /dev/sdX  dd if=/dev/urandom of=/dev/sdX bs=1M

Wiping Partitions

Writing 0

dd if=/dev/zero of=/dev/sdaX bs=1M

Writing Random

dd if=/dev/urandom of=/dev/sdaX bs=1M

Wiping the Master Boot Record (MBR)

dd if=/dev/zero of=/dev/sda bs=446 count=1

apt install vcdimager

vcdxrip -i /dev/sr0

Show Windows Key

strings /sys/firmware/acpi/tables/MSDM

Change password Win7

apt install chntpw

Go to Windows\System32\Config Right-click blank space and select Open in Terminal. 

chntpw -l SAM  > chntpw -u user_name SAM

 1>q>y

Install

apt install linux-headers-amd64

apt install zfsutils-linux

whereis zfs

fdisk -l

Create the Volume

USE SerialNumber-based IDs (Using mirroring)

ls -lh /dev/disk/by-id/

zpool create poolname mirror Serialnumber1 Serialnumber2

zpool status -v

Scrub

zpool scrub poolname

zpool status -v poolname

TRIM

zpool status -t poolname

autotrim property

zpool set autotrim=on poolname

Replace a Drive

zpool replace poolname GUID

ZFS import

zpool import -f poolname

zpool status

zpool online

Creating snapshots

zfs snapshot create poolname/filesystem@snapname

Listing snapshots

zfs list -t snapshot

Renaming snapshots

zfs rename poolname/filesystem@snapname poolname/filesystem@snapname

Deleting snapshots

zfs destroy poolname/filesystem@snapname

Rolling back a snapshot

zfs rollback -r poolname/filesystem@snapname

Creating a clone

zfs clone poolname/filesystem@snapname poolname/clone

Deleting clones 

(All clones of a snapshot must be deleted before the snapshot can be deleted.)

zfs destroy poolname/clone

Encryption

zfs create -o encryption=on -o keyformat=passphrase poolname/secret

zfs send poolname/data | zfs recv -o encryption=on -o keylocation=file:///path/to/my/raw/key backup/data

zfs mount -l poolname/secret