Packages (Buster)
This document covers package management itself, in addition to documenting some smaller packages that I use.
Apt
I tend to use aptitude rather than apt-get, personally, and I always turn off 'auto-resolve dependencies' and 'install recommended packages automatically'.
- apt-get install aptitude aptitude-doc-en apt-transport-https lsb-release ca-certificates curl
Your mileage may vary, but I try to know something about every component going into my system.
- /etc/apt/sources.list
deb http://deb.debian.org/debian/ buster main deb-src http://deb.debian.org/debian/ buster main
deb http://security.debian.org/debian-security buster/updates main deb-src http://security.debian.org/debian-security buster/updates main
deb http://deb.debian.org/debian/ buster-updates main deb-src http://deb.debian.org/debian/ buster-updates main
deb http://ftp.us.debian.org/debian/ buster-backports main deb-src http://ftp.us.debian.org/debian/ buster-backports main
If running PHP, you may want to go for the package maintainer's repo. Run:
curl -sSL -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
Generally a good idea to try to find your closest mirror. Sometimes your host even provides a mirror - will certainly make them happier if you use it.
To save time, I automatically run apt-get update hourly, through cron:
- /etc/cron.hourly/apt-get-update
#!/bin/sh #/etc/cron.hourly/apt-get-update # Much simpler than the cron-apt package. /usr/bin/apt-get update /usr/bin/apt-get -dy upgrade
Run:
chmod 0750 /etc/cron.hourly/apt-get-update
This automatically checks for updates, and downloads them, but it does not apply them.
Package Additions
- conntrack sysstat iotop lm-sensors sash libpam-tmpdir zip unzip libdigest-whirlpool-perl acct nmap cgdb sudo
- You may want to devote some time to what acct and sysstat can do for you.
- Development: apt-get install fakeroot debhelper build-essential
Package Removal
Debian has some defaults that you probably do not need on a server:
- Careful purge: task-ssh-server (be sure not to lose your actual ssh server).
- Basic Purge: task-english console-setup-linux isc-dhcp-client isc-dhcp-common laptop-detect libx11-data libxau6 libxdmcp6 portmap tasksel xauth xkb-data
- The culturally insensitive may also purge: console-setup console-terminus kbd keyboard-configuration
- /etc/console-setup may need to get removed manually
ntpsec-ntpdate
Significantly more lightweight than ntp, easier to configure and one less server to run. If you have a number of machines at a site, you may want to run one server and have the others pull off of it. Beyond this, though,
- /etc/default/ntpsec-ntpdate
- NTPOPTIONS=" -B "
- forces slewing. Prevents time travel. Time travel bad.
- /etc/cron.hourly/ntpdate
#!/bin/sh #/etc/cron.hourly/ntpdate #ntpdate autorun if [ -f /usr/sbin/ntpdate-debian ]; then /usr/sbin/ntpdate-debian -B fi
- Run:
chmod 0750 /etc/cron.hourly/ntpdate
Random silly packages
- fortunes (and friends), cowsay, filters
- Is good to greet visitors with a talking cow. Reminds you how seriously you should take your job.
- bsdgames, nethack-console, slashem
- One of these decades I will get around to ascending...