TL;DR To implement strong cryptography policies on Debian 13, follow these steps to ensure your system uses secure defaults and disables weak algorithms: Update Your System: Always start by ensuring your system is up-to-date. sudo apt update && sudo apt upgrade -y # Update packages Configure OpenSSL: Edit the OpenSSL configuration to enforce strong cryptographic standards. ...
TL;DR This guide provides a quick overview of automating the hardening of Debian 13 using Ansible, following the CIS Benchmarks. The goal is to enhance security by applying recommended configurations efficiently. Install Ansible: Ensure Ansible is installed on your control node. sudo apt update sudo apt install ansible -y # Install Ansible Create an Inventory File: Define your Debian 13 servers. ...
TL;DR To quickly set up an encrypted email infrastructure on Debian 13, follow these steps. This guide assumes you have root access and a basic understanding of email protocols. Install Required Packages: Start by installing Postfix and Dovecot, which will handle sending and receiving emails. sudo apt update sudo apt install postfix dovecot-core dovecot-imapd dovecot-lmtpd Configure Postfix: Edit the Postfix configuration to set up a basic SMTP server with TLS encryption. ...
TL;DR To quickly set up rspamd for advanced mail filtering on Debian 13, follow these steps. This guide assumes you have a working mail server setup and root or sudo access. Install Rspamd: First, ensure your package list is up to date and install rspamd: sudo apt update sudo apt install rspamd Enable and Start Rspamd Service: ...
TL;DR To quickly configure OpenDMARC, DKIM, and SPF for Postfix on Debian 13, follow these steps. This guide assumes you have Postfix already installed and running. Install Required Packages: sudo apt update sudo apt install opendmarc opendkim postfix-policyd-spf-python Configure OpenDKIM: Edit /etc/opendkim.conf to include: AutoRestart Yes AutoRestartRate 10/1h Syslog Yes SyslogSuccess Yes LogWhy Yes Canonicalization relaxed/simple Selector default KeyFile /etc/opendkim/keys/default.private SigningTable refile:/etc/opendkim/SigningTable KeyTable refile:/etc/opendkim/KeyTable InternalHosts /etc/opendkim/TrustedHosts Generate DKIM keys: ...
TL;DR To quickly set up Netdata on Debian 13 for detecting system resource abuse and configuring alerts, follow these steps: Install Netdata: Use the official script to ensure you get the latest version. bash <(curl -Ss https://my-netdata.io/kickstart.sh) --stable-channel Start and Enable Netdata: Ensure Netdata starts on boot. # Enable and start the Netdata service sudo systemctl enable netdata sudo systemctl start netdata Configure Firewall: Allow access to Netdata’s web interface on port 19999. ...
TL;DR To set up secure WORM backups using ZFS on Debian 13, follow these steps for a quick implementation. This guide assumes you have ZFS installed and a pool ready. Create a ZFS Dataset for Backups: sudo zfs create poolname/backup Set Immutable Properties: Enable the readonly property to prevent accidental writes: ...
TL;DR To secure Git repositories on a private Debian 13 server, follow these steps: Install Git: Ensure Git is installed on your server. sudo apt update && sudo apt install git # Install Git Create a Git User: Use a dedicated user for Git operations. sudo adduser git # Create a new user named 'git' Set Up SSH Access: Restrict access to the Git user via SSH. ...
TL;DR For those looking to implement file-level encryption on Debian 13, this guide provides a quick overview of using eCryptfs for encrypting specific directories. This approach is beneficial when you need encryption beyond full disk encryption with LUKS, offering more granular control over which files are encrypted. Install eCryptfs: Ensure you have the necessary package installed. ...
TL;DR To set up Split-Horizon DNS on Debian 13, follow these concise steps: Install BIND9: Ensure you have the BIND9 DNS server installed. sudo apt update sudo apt install bind9 bind9utils bind9-doc Configure BIND for Split-Horizon: Edit the BIND configuration files to create separate views for internal and external DNS queries. ...
