Despite Debian is the best distribution ever to run a server, It needs to be upgraded from time to time to switch to better technologies. I’m about to migrate my 8 years old server from Debian 7 technologies to Debian 11 technologies, to use better firewall protections, to use prometheus/grafana instead of munin,… Here is a list of the common base installation procedures which are executed on all my servers (security, monitoring, ….) and which I’ll describe in the next posts.

Prerequisites

Before starting this post serie to specialize a machine with a server role, I expect to have a clean Debian 11 Bullseye server with the Debian 11 Preparation steps executed. If not, read the blog archives.

Old configuration

Here is a short summary of the server configuration on my old server :

  • IPTables scripts
  • portsentry
  • Tripwire
  • Logcheck
  • Logwatch

It is very stable, as you can see in the below capture, more than 900 days of uptime.

oldserver.gif

It was never hacked since I installed it and rejected all attempts. The only successfull attempt was to guess a mailbox weak password and use my mail server to send spams. But, I was able to stop it within minutes, thanks to the monitoring and alerting systems.

New configuration

This blog posts serie describes how to install and configure the following base server tools as I do on all my servers. These is my common server base, before the server is specialized on usefull business tasks. I’ll describe the actual useful business services in the Debian 11 Services post serie.

  • Security
    • iptables
    • portsentry
    • tripwire
    • rkhunter
    • fail2ban
    • logcheck/logwatch/fwlogwatch
    • backupmanager
  • Monitoring
    • Monit
    • Prometheus, Alertmanager
    • Grafana