If you support us through Liberapay, please see this important post.
You can sign up to get a daily email of our articles, see the Mailing List page!
Support us on Patreon to keep GamingOnLinux alive. This ensures we have no timed articles and no paywalls. Just good, fresh content! Alternatively, you can donate through Paypal!
  Go to:
Linux beyond the forks - My experience with pure Debian
slaapliedje commented on 1 December 2017 at 6:39 am UTC

debianxfceUse Debian testing Xfce with Oibaf ppa Mesa dev and a custom kernel from kernel.org. Then you will have bug fixes fast and games can cause many bugs. Debian stable uses years old buggy software. Debian testing Xfce howto, see the second message:
https://www.phoronix.com/forums/forum/software/distributions/926593-distro-for-linux-pc-in-living-room

What? It's Debian Stable because it is NOT buggy software, and actually this latest stable release has newer software than CentOS/RHEL 7. Stable is for servers.

Shmerl is right, for desktop usage, use Testing. If you know what you're doing, use unstable.

Whatever you do, don't download custom kernels from kernel.org and don't use any PPAs...

I've been using Debian (with occasionally dipping my toes elsewhere occasionally) since Debian Bo (Kernel 2.0.29!), I always end up going back to pure Debian, but tend to run Unstable/Sid. Fair warning if you do run Sid, whenever there is a new promotion to Stable, a ton of new crap gets flooded into it and tends to cause some instabilities. I usually switch to Testing during it's freeze period.

Debian works as a nice cohesive whole. Another suggestion was to use stable with backports. This is a very nice setup.

Oh and for security updates, you're covered for Testing, but not for Unstable. If you really need to live bleeding edge for some things you can pull specific packages out of experimental (for example, I pulled the nvidia drivers out of there to get SteamVR working.)

Edit: Ha, apparently I replied to this already with almost the same info... meh.

slaapliedje commented on 1 December 2017 at 6:45 am UTC

g000hTo be honest, out of the box, Debian doesn't need a firewall to be running. The reason being that there aren't any services (e.g. Apache2, ssh server, ftp, NFS, SMB) running to exploit. I guess it also depends on whether you are running anything dodgy on your machine, i.e. you want outbound rules in place. It is also quite a good idea to have your firewall separate from your desktop, anyway. That way if malware were to run on your desktop it couldn't affect your firewall rules.

I quite like using fail2ban as a safe-guard on my Debian (or Ubuntu or Mint) systems. I also like messing around with iptables or netfilter to customise the rules too, e.g. allow access to specific service from specific ip range.

I love fail2ban, except when I don't. At my last job I had set up PBX in a Flash, and it had fail2ban on there by default. Every once in a while one of the phones would try to authenticate and fail and retry several times until fail2ban would block it for 30m

If anyone wants some protection, I'd suggest doing fail2ban, suricata, psad, and arno-iptables-firewall (or whatever firewall program you prefer).
For those who don't know what they do;
Fail2Ban: auto-firewall rule generator based on authentication/access failures.
Suricata: Intrusion Detection System (replacement to snort)
PSAD: Port Scan Attack Detector (this is actually kind of scary when you see all the crap Windows scans for)
arno-iptables-firewall is just a nice wrapper around iptables (as any firewall should be on Linux)

Arehandoro commented on 1 December 2017 at 11:45 am UTC

slaapliedje
g000hTo be honest, out of the box, Debian doesn't need a firewall to be running. The reason being that there aren't any services (e.g. Apache2, ssh server, ftp, NFS, SMB) running to exploit. I guess it also depends on whether you are running anything dodgy on your machine, i.e. you want outbound rules in place. It is also quite a good idea to have your firewall separate from your desktop, anyway. That way if malware were to run on your desktop it couldn't affect your firewall rules.

I quite like using fail2ban as a safe-guard on my Debian (or Ubuntu or Mint) systems. I also like messing around with iptables or netfilter to customise the rules too, e.g. allow access to specific service from specific ip range.

I love fail2ban, except when I don't. At my last job I had set up PBX in a Flash, and it had fail2ban on there by default. Every once in a while one of the phones would try to authenticate and fail and retry several times until fail2ban would block it for 30m

If anyone wants some protection, I'd suggest doing fail2ban, suricata, psad, and arno-iptables-firewall (or whatever firewall program you prefer).
For those who don't know what they do;
Fail2Ban: auto-firewall rule generator based on authentication/access failures.
Suricata: Intrusion Detection System (replacement to snort)
PSAD: Port Scan Attack Detector (this is actually kind of scary when you see all the crap Windows scans for)
arno-iptables-firewall is just a nice wrapper around iptables (as any firewall should be on Linux)

Great info, thanks!

denyasis commented on 27 December 2017 at 2:38 am UTC

I switched from Mint to LMDE, to eventually pure debian for my server and my gaming machine (before it burst into flames, literally).

For my home server, I still use Debian Stable with a few modifications (backports, extra repos). I can say that in the 7 years I've run Debian on the server, I've had 0 breakages or issues (that weren't user errors!).

I'd agree that it is harder to setup, but if you feel comfortable with your Mint or Ubuntu system, its not too much of a leap to install Debian. While I plan on trying a few other Distros in a few years after I've saved the money to build a new gaming rig, I must say I've had a really good experience with Debian Testing as a gaming/Desktop machine. It is up-to-date without being too bleeding edge, which is a nice middle ground for me.

Also, to the other posters with the security tips. Thanks for those! I use Fail2ban and SSH keys, but never thought of logwatch or the port scan defense. Much appreciated!

14 commented on 27 December 2017 at 3:50 am UTC

I do love Debian, but I have never tried running it as a desktop other than demoing it in a virtual machine. It's hard to imagine departing Arch packages and the AUR. That said, I'm on the opposite spectrum when it comes to servers. Debian Stable servers FTW! Rock solid.

I do have a question to the OP: How do you have your screensaver / power settings / light locker configured? Working out okay? I was irritated how much trial and error I had to go through in XCFE to get those settings to work how I wanted in conjunction with caffeine. I eventually gave up and switched my side computer back to Antergos + KDE, even though I wanted a lighter DE. It does exactly what I want.

Avehicle7887 commented on 7 February 2018 at 3:12 am UTC

Project Update -

Been 3 months already since I made this eh? Time surely flies. Amongst replacing faulty ram and blown up power supply, I maintained my Debian 9 setup and slowly chipped away at it from various angles.

First of all let me say why I chose Stable: living on the edge is not crucial for me (2 of my systems are running Mint 17 - based off Ubuntu 14.04 mind you), the PC is not always connected to the internet and the Debian ISO's let me build a static offline repo hassle-free. Lastly, I wanted to experience a more complex distro and build it using only the packages I needed.

So far with it I have:

- Almost made a 1:1 appearance of my Mint (MATE) desktop.
- Tested a ton of games, all played fine.
- Tried my hand at compiling from source - successfully built latest Wine 3.1 and a handful of open source games: SuperTuxKart, Warzone 2100, FreeCiv and Wesnoth. Just for practice.

It is worth noting that at the time I installed this I used the 9.2.1 ISO's, I have since updated all the offline repositories using the Debian 9.3 update and successfully upgraded the system through synaptic. I also created a "3rd party" repo with my own packages.

Overall I'm very happy, it's super stable and highly customizable and I've learned a lot experimenting with it. Suffice to say when Debian 10 lands it will replace Mint across all my machines.

Another thing I would like to mention with Debian 9, is that the packages aren't as old as some people may think. I found many of them quite modern, some of them are even newer than my Mint 18.1 - Ryzen system.

-----
System used:

Intel Core 2 Quad Q6600
4GB DDR2 Ram (2x2)
Nvidia GT 1030 (384.111)
MATE Desktop Environment with a touch of Gnome programs

  Go to:

Due to spam you need to Register and Login to comment.


Or login with...

Livestreams & Videos
Community Livestreams
See more!
Popular this week
View by Category
Contact
Latest Comments
Latest Forum Posts