user root für ssh zulassen:
nano /etc/ssh/sshd_config
Ändern bzw. ergänzen:
PermitRootLogin yes
systemctl restart sshd
Auf den lokalen Computer im Terminal ausführen
ssh-copy-id -i id_rsa.pub root@192.168.20.10
Netzwerk-Interface(s) bearbeiten:
nano /etc/network/interfaces
allow-hotplug ens0
iface ens0 inet static
address 192.168.20.10/24
netmask 255.255.255.0
network 192.168.20.0
broadcast 192.168.20.255
# gateway 192.168.20.1
(Alternativ) Netzwerk-Interface(s) bearbeiten:
> /etc/network/interfaces
nano /etc/network/interfaces
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.0.28/24
gateway 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
auto eth10
allow-hotplug eth10
iface eth10 inet static
address 192.168.10.28/24
netmask 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255
auto eth20
allow-hotplug eth20
iface eth20 inet static
address 192.168.20.28/24
netmask 255.255.255.0
network 192.168.20.0
broadcast 192.168.20.255
auto eth30
allow-hotplug eth30
iface eth30 inet static
address 192.168.30.28/24
netmask 255.255.255.0
network 192.168.30.0
broadcast 192.168.30.255
Netzwerk neu starten:
systemctl restart networking
Repository ergänzen!
nano /etc/apt/sources.list
Alternativ:
> /etc/apt/sources.list
nano /etc/apt/sources.list
deb http://deb.debian.org/debian bookworm main contrib
deb http://deb.debian.org/debian bookworm-updates main contrib
deb http://security.debian.org bookworm-security main contrib
deb http://deb.debian.org/debian bullseye main
deb http://security.debian.org/debian-security bullseye-security main
deb http://deb.debian.org/debian bullseye-updates main
# deb https://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
# deb-src https://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
# deb https://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
# deb-src https://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
# deb https://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware
# deb-src https://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware
nano /etc/apt/sources.list.d/docker.list
nano /etc/apt/sources.list.d/webmin.list
#deb http://192.168.0.70:3142/download.proxmox.com/debian/pve bookworm pve-no-subscription
deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] http://192.168.0.70:3142/download.docker.com/linux/debian bookworm stable
deb [signed-by=/usr/share/keyrings/debian-webmin-developers.gpg] http://192.168.0.70:3142/download.webmin.com/download/newkey/repository stable contrib
deb http://192.168.0.70:3142/deb.debian.org/debian bookworm main contrib
deb http://192.168.0.70:3142/deb.debian.org/debian bookworm-updates main contrib
deb http://192.168.0.70:3142/security.debian.org bookworm-security main contrib
deb http://192.168.0.70:3142/deb.debian.org/debian bullseye main
deb http://192.168.0.70:3142/security.debian.org/debian-security bullseye-security main
deb http://192.168.0.70:3142/deb.debian.org/debian bullseye-updates main
Danach Updates und benötigte Programme installieren
apt update -y && apt upgrade -y && apt autoremove -y
Alternativ:
apt update -y && apt upgrade -y && apt autoremove -y && apt install sudo curl mc locales-all dnsutils iproute2 bridge-utils cifs-utils samba-common samba samba-common-bin net-tools tree ifupdown --install-recommends -y
Oder: wenn sudo installiert ist
sudo apt update -y && sudo apt upgrade -y && sudo apt autoremove -y
apt install sudo curl mc net-tools tree ifupdown libuser dnsutils iproute2 bridge-utils cifs-utils samba-common samba samba-common-bin snmp snmpd --install-recommends -y
apt install sudo curl mc net-tools tree ifupdown libuser dnsutils iproute2 bridge-utils cifs-utils nfs4-acl-tools nfs-kernel-server nfs-common nfs-ganesha nfswatch rpcbind ypserv ypbind-mt yp-tools --install-recommends -y
apt install sudo curl mc net-tools tree ifupdown libuser dnsutils --install-recommends -y
Benutzer docker einrichten:
apt-get install sudo
adduser docker --shell /bin/bash
usermod -aG sudo docker
groups docker root
gpasswd -a docker sudo
sudo update-alternatives --config editor
sudo visudo
Den Benutzer docker hinzufügen:
# User priviliege specification
root ALL=(ALL:ALL) ALL
docker ALL=(ALL) ALL
Bei Bedarf webmin installieren: webmin.com/download
Docker installieren: docs.docker.com/engine/install/debian und Docker als non-root user ausführen: docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user
Docker installieren: https://docs.docker.com/engine/install/debian
Docker als non-root user ausführen: https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user
Docker Compose installieren:
(Check aktuelle Version: github.com/docker/compose
sudo curl -SL https://github.com/docker/compose/releases/download/v2.29.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
Portainer-CE installieren: docs.portainer.io/start/install-ce/server/docker/linux
docker run -d -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
Docker Grundlagen: Training 1/4 – Portainer, NGINX Proxy Manager, Vaultwarden, Pi-Hole
OLD: Docker inkl Portainer installieren: www.howtoforge.de/anleitung/wie-installiere-ich-portainer-unter-debian-11
sudo apt install nfs-common
sudo mkdir -p /nfs/ContainerBackup
sudo mount 192.168.0.200:/volume1/ContainerBackup /nfs/ContainerBackup
sudo apt install bacula bacula-server bacula-common
sudo docker network create -d macvlan \
--subnet=192.168.0.0/24 \
--gateway=192.168.0.1 \
--ip-range=192.168.0.48/28 \
-o parent=ens18 macvlan-ens18
sudo mount -o defaults 192.168.0.200:/volume1/ContainerBackup /nfs/ContainerBackup
Deutsche Sprache in der Shell einstellen: pascalebeier.de/debian-deutsche-sprache-in-der-shell-einstellen/
sudo dpkg-reconfigure locales -plow
Uhrzeit einstellen:
sudo dpkg-reconfigure tzdata
Die einfachste Möglichkeit ist es, die Datei apt.conf anzupassen
sudo touch /etc/apt/apt.conf
sudo nano /etc/apt/apt.conf
Die nachfolgende Zeile einfügen (ggf. die http-Adresse und Port anpassen)
Acquire::http::Proxy "http://192.168.0.70:3142/";
Oder in der Datei /etc/apt/sources.list sowie weiteren Dateien die nacfolgende Adresse anfügen oder ersetzen (ggf. die http-Adresse und Port anpassen)
sudo nano /etc/apt/sources.list
deb http://192.168.0.70:3142
Beispiel:
deb http://192.168.0.70:3142/deb.debian.org/debian bookworm main contrib
deb http://192.168.0.70:3142/deb.debian.org/debian bookworm-updates main contrib
deb http://192.168.0.70:3142/security.debian.org bookworm-security main contrib
deb [signed-by=/usr/share/keyrings/grafana.key] http://192.168.0.70:3142/apt.grafana.com stable main
Zum Abschluss die neuen Quellen einlesen
sudo apt update -y && sudo apt upgrade -y && sudo apt autoremove -y
Bei Bedarf kann ein SNMPv3-Client auf dem zu überwachenden Rechner installiert werden
sudo apt update -y && sudo apt upgrade -y && sudo apt autoremove -y
sudo apt install snmp snmpd libsnmp-dev ifupdown -y
sudo service snmpd stop
sudo net-snmp-config --create-snmpv3-user -ro -a SHA -A "KITnetworkV3" -x AES -X "KITnetUserPW" authPrivUser
sudo net-snmp-config --create-snmpv3-user -ro -a MD5 -A "KITnetworkV3" -x DES -X "KITnetUserPW" authPrivUser
sudo service snmpd start
Bei Bedarf kann ein ZABBIX-Agent auf dem zu überwachenden Rechner installiert werden.
sudo apt update -y && sudo apt upgrade -y && sudo apt autoremove -y
sudo apt install zabbix-agent2 net-tools tree -y
Falls Docker istalliert ist, die nachfolgenden zwei Befehle ausführen
sudo usermod -aG docker zabbix
sudo gpasswd -a zabbix docker
Die nachfolgenden Zeilen in der ZABBIX-Konfiguration anpassen
sudo nano /etc/zabbix/zabbix_agent2.conf
### Option: Server
Server=192.168.0.64
### Option: ServerActive
ServerActive=192.168.0.64
### Option: Hostname
Hostname=Zabbix server
### Option: ListenPort
ListenPort=10050
sudo systemctl restart zabbix-agent2
sudo systemctl enable zabbix-agent2
sudo netstat -tulpn|grep zabbix
root@client:~# sudo netstat -tulpn|grep zabbix
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 8240/zabbix_agentd
tcp6 0 0 :::10050 :::* LISTEN 8240/zabbix_agentd
https://www.howtoforge.de/anleitung/wie-installiere-ich-portainer-unter-debian-11/
https://github.com/docker/compose/releases
deb [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/ubuntu trusty main
deb-src [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/ubuntu trusty main
nano /etc/apt/sources.list.d/crowdsec_crowdsec.list
ZABBIX Anpassung
apt install zabbix-server-pgsql zabbix-frontend-php php8.2-pgsql zabbix-nginx-conf zabbix-sql-scripts zabbix-agent odbc-postgresql nginx-doc postgresql-client postgresql --install-recommends -y
Das Paket ifupdown installieren
sudo apt-get install ifupdown
sudo nano /etc/network/interfaces