Linux System Configuration: Difference between revisions

From The Brainwrecked Wiki
Jump to navigation Jump to search
← Older editNewer edit →
m Fixed typo in Console Font
m Added sudo configuration
Line 160: Line 160:
set functioncolor magenta</nowiki>}}
set functioncolor magenta</nowiki>}}
|}
|}
|}
|-
| sudo
| colspan=2 |
{| style="margin-left:auto;margin-right:auto;text-align:left;"
|
echo '%wheel ALL=(ALL) ALL' > /etc/sudoers.d/0_privilege
echo '%users ALL=(ALL) NOPASSWD:/usr/bin/dmidecode -t 17' > /etc/sudoers.d/dmidecode
echo 'Defaults passprompt="[sudo] password for %U: "' > /etc/sudoers.d/prompt
echo 'Defaults rootpw' > /etc/sudoers.d/rootpw
|}
|}
|-
|-

Revision as of 02:08, 14 May 2021

Description Alpine Arch Debian Void
Laptop Lid Switch Fix 
/etc/elogind/logind.conf
...
HandleLidSwitch=ignore
...
 
/etc/systemd/logind.conf
...
HandleLidSwitch=ignore
...
Time Zone ln -s /etc/zoneinfo/<Country>/<City> /etc/localtime ln -s /usr/share/zoneinfo/<Country>/<City> /etc/localtime
Locale Availability apk add musl-locales ${EDITOR} /etc/locale.gen;
locale-gen
Locale Selection 
/etc/profile.d/locale.sh
LANG=en_US.UTF-8
LANGUAGE=en_US
LC_COLLATE=POSIX
LC_MESSAGES=C
LC_CTYPE=en_US.UTF-8
LC_NUMERIC=en_US.UTF-8
LC_TIME=en_US.UTF-8
LC_MONETARY=en_US.UTF-8
LC_PAPER=en_US.UTF-8
LC_NAME=en_US.UTF-8
LC_ADDRESS=en_US.UTF-8
LC_TELEPHONE=en_US.UTF-8
LC_MEASUREMENT=en_US.UTF-8
LC_IDENTIFICATION=en_US.UTF-8
 
/etc/locale.conf
LANG=en_US.UTF-8
LANGUAGE=en_US
LC_COLLATE=POSIX
LC_MESSAGES=C
LC_CTYPE=en_US.UTF-8
LC_NUMERIC=en_US.UTF-8
LC_TIME=en_US.UTF-8
LC_MONETARY=en_US.UTF-8
LC_PAPER=en_US.UTF-8
LC_NAME=en_US.UTF-8
LC_ADDRESS=en_US.UTF-8
LC_TELEPHONE=en_US.UTF-8
LC_MEASUREMENT=en_US.UTF-8
LC_IDENTIFICATION=en_US.UTF-8
Keymap setup-keymap 
/etc/vconsole
KEYMAP=us
FONT=Lat2-Terminus16
Console Font ${EDITOR} /etc/conf.d/consolefont;
rc-update add consolefont boot
Hostname echo "hostname" > /etc/hostname
Hosts 
/etc/hosts
# Static table lookup for hostnames.
# See hosts(5) for details.

127.0.0.1       localhost.local.lan     localhost
::1             localhost.local.lan     localhost
127.0.1.1       hostname.local.lan      hostname
Initramfs ${EDITOR} /etc/mkinitfs.conf; mkinitfs 
/etc/mkinitcpio.conf
...
# Open-source drivers
MODULES+=(amdgpu i915 nouveau radeon)
# Proprietary NVIDIA
MODULES+=(nvidia nvidia_drm nvidia_modeset nvidia_uvm)
# QEMU virtual machines
MODULES+=(bochs_drm cirrus qxl virtio-gpu)
...
HOOKS=(base udev autodetect)
HOOKS+=(modconf block filesystems keyboard fsck)
HOOKS+=(keymap consolefont)
...
# Only for filesystems already compressed with zstd
COMPRESSION="cat"
...

mkinitcpio -P

User Creation useradd -m -u <nnnn> -g users -G wheel,games,video,audio,optical,storage,scanner,power <username>
Passwords passwd <username>
NanoRC 
/etc/nanorc
set boldtext
set casesensitive
set constantshow
set locking
set whitespace "»·"

set titlecolor bold,lightwhite,blue
set promptcolor lightwhite,lightblack
set statuscolor bold,lightwhite,green
set errorcolor bold,lightwhite,red
set spotlightcolor black,lime
set selectedcolor lightwhite,magenta
set stripecolor ,yellow
set scrollercolor cyan
set numbercolor cyan
set keycolor cyan
set functioncolor green

include /usr/share/nano/*.nanorc
include /usr/share/nano-syntax-highlighting/*.nanorc
 
/root/.nanorc
set titlecolor bold,lightwhite,magenta
set promptcolor black,yellow
set statuscolor bold,lightwhite,magenta
set errorcolor bold,lightwhite,red
set spotlightcolor black,orange
set selectedcolor lightwhite,cyan
set stripecolor ,yellow
set scrollercolor magenta
set numbercolor magenta
set keycolor lightmagenta
set functioncolor magenta
sudo 
echo '%wheel ALL=(ALL) ALL' > /etc/sudoers.d/0_privilege
echo '%users ALL=(ALL) NOPASSWD:/usr/bin/dmidecode -t 17' > /etc/sudoers.d/dmidecode
echo 'Defaults passprompt="[sudo] password for %U: "' > /etc/sudoers.d/prompt
echo 'Defaults rootpw' > /etc/sudoers.d/rootpw
PolicyKit rootpw 
/etc/polkit-1/rules.d/49-rootpw_global.rules
// Always authenticate Admins by prompting for the root password
// similar to the rootpw option in sudo

polkit.addAdminRule(function(action, subject) {
    return ["unix-user:root"];
});
Sticky bit directories 
/etc/sysctl/stickbit.conf
# Allow the creation regular files in world-writable sticky directories
# when the file owner doesn't match that of the directory

fs.protected_regular=0
NTP Client
([Open]NTP) 
/etc/ntpd.conf
server [server1]
server [server2]
server [server3]
restrict default kod limited nomodify nopeer noquery notrap
restrict 127.0.0.1
restrict ::1
driftfile /var/lib/ntp/ntp.drift
NTP Client
(systemd-timesyncd) 
/etc/systemd/timesyncd.conf
...
[Time]
NTP=[your-local-server]
FallbackNTP=[closest-remote-server]
...

timedatectl set-ntp true

NTP Server 
/etc/ntpd.conf
server [server1]
server [server2]
server [server3]
server 127.127.1.0
fudge  127.127.1.0 stratum 10
restrict default kod nomodify notrap noquery
restrict 192.168.10.0 mask 255.255.255.0 kod nomodify notrap
restrict 127.0.0.1
restrict ::1
driftfile /var/lib/ntp/ntp.drift
SMARTd 
/etc/smartd.conf
...
DEVICESCAN -n standby,15,q -s (S/../.././02)
...
Limit Logs 
/etc/systemd/journald.conf
...
SystemMaxUse=64M
...
Reduced service timeout 
/etc/systemd/system.conf
...
DefaultTimeoutStartSec=30s
DefaultTimeoutStopSec=15s
...
systemd-resolved
local host name resolution 
/etc/nsswitch.conf
...
hosts: files mymachines myhostname resolve dns
...
/etc/systemd/resolved.conf
...
Domains=your.local.domain
...
systemd-resolved
with avahi 
/etc/systemd/resolved.conf
...
MulticastDNS=no
...
Retrieved from "https://wiki.bwt.com.de/index.php?title=Linux_System_Configuration&oldid=459"