adduser USER && usermod -aG adm,cdrom,dialout,lpadmin,plugdev,sambashare,sudo USER

Mit neuem Nutzer anmelden und mit

sudo passwd -l root

den root-Login deaktivieren.

sudo apt install fail2ban apache2 quassel-core ntp ntp-update postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd ufw spamassassin zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl postgrey apache2 apache2-doc apache2-utils libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap phpmyadmin php7.0-cli php7.0-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear php-auth php7.0-mcrypt mcrypt  imagemagick libruby libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl php7.0-opcache php-apcu libapache2-mod-fastcgi php7.0-fpm letsencrypt bind9 dnsutils haveged vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

amavisd-new

dpkg-reconfigure dash

default system shell = no

service apparmor stop
update-rc.d -f apparmor remove

dd if=/dev/zero of=~/tempfile bs=1M count=5000 conv=fdatasync,notrunc && rm ~/tempfile
sudo hdparm -tT /dev/vda1
sysbench --test=cpu --num-threads=2 --cpu-max-prime=200000 run

/etc/fail2ban/jail.local

[pureftpd]
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

[postfix-sasl]
enabled  = true
port     = smtp
filter   = postfix-sasl
logpath  = /var/log/mail.log
maxretry = 3

/etc/fail2ban/filter.d/pureftpd.local

[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =

/etc/fail2ban/filter.d/dovecot-pop3imap.local

[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =

/etc/fail2ban/filter.d/quassel.local

[Definition]
failregex = Info: Non-authed client disconnected: <HOST>
            SSL required but non-SSL connection attempt from <HOST>
            Invalid login attempt from <HOST> as
            Client <HOST> did not send a registration message before trying to login, rejecting\.
ignoreregex =

/etc/fail2ban/jail.d/quassel.local

[quassel]

enabled = true
port = 4242
filter = quassel
logpath = /var/log/quassel/core.log
maxretry = 5

fail2ban filter and jail for quassel

service fail2ban restart

/etc/postfix/master.cf

...]
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
[...]

service postfix restart

service spamassassin stop
update-rc.d -f spamassassin remove

bind auf localhost nicht aufheben

mysql_secure_installation

Enter current password for root (enter for none): ←- press enter Set root password? [Y/n] ←- y New password: ←- Enter the new MariaDB root password here Re-enter new password: ←- Repeat the password Remove anonymous users? [Y/n] ←- y Disallow root login remotely? [Y/n] ←- y Reload privilege tables now? [Y/n] ←- y

service mysql restart

/etc/cron.d/awstats

#MAILTO=root

#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh

# Generate static reports:
#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh

phpMyAdmin Web server to reconfigure automatically: ←- apache2 Configure database for phpmyadmin with dbconfig-common? ←- Yes MySQL application password for phpmyadmin: ←- Press enter

Apache

a2enmod suexec rewrite ssl actions include cgi dav_fs dav auth_digest headers actions fastcgi alias

HTTP-Proxy deaktivieren /etc/apache2/conf-available/httpoxy.conf

<IfModule mod_headers.c>
    RequestHeader unset Proxy early
</IfModule>

service apache2 restart

Erstmal Quassel auf beiden Maschinen stoppen

sudo service quasselcore stop

Kopieren der Konfiguration und der Logs

sudo scp /var/lib/quassel/quasselcore.conf /var/lib/quassel/quassel-storage.sqlite user@newhost:/home/user/

Auf dem neuen Rechner

sudo rm /var/lib/quassel/quasselcore.conf
sudo mv quasselcore.conf /var/lib/quassel/
sudo mv quassel-storage.sqlite /var/lib/quassel/

Ändern der Dateirechte

sudo chown quasselcore:quassel /var/lib/quassel/quasselcore.conf
sudo chown quasselcore:quassel /var/lib/quassel/quassel-storage.sqlite

Server wieder starten

sudo service quasselcore start

How to move quassel-core config and chat log Quassel IRC und Let’s Encrypt unter Debian