You can sign up to get a daily email of our articles, see the Mailing List page!
Support us on Patreon to keep GamingOnLinux alive. This ensures we have no timed articles and no paywalls. Just good, fresh content! Alternatively, you can support us on Paypal and Liberapay!
  Go to:
Linux beyond the forks - My experience with pure Debian
slaapliedje commented on 1 December 2017 at 6:39 am UTC

debianxfceUse Debian testing Xfce with Oibaf ppa Mesa dev and a custom kernel from kernel.org. Then you will have bug fixes fast and games can cause many bugs. Debian stable uses years old buggy software. Debian testing Xfce howto, see the second message:
https://www.phoronix.com/forums/forum/software/distributions/926593-distro-for-linux-pc-in-living-room

What? It's Debian Stable because it is NOT buggy software, and actually this latest stable release has newer software than CentOS/RHEL 7. Stable is for servers.

Shmerl is right, for desktop usage, use Testing. If you know what you're doing, use unstable.

Whatever you do, don't download custom kernels from kernel.org and don't use any PPAs...

I've been using Debian (with occasionally dipping my toes elsewhere occasionally) since Debian Bo (Kernel 2.0.29!), I always end up going back to pure Debian, but tend to run Unstable/Sid. Fair warning if you do run Sid, whenever there is a new promotion to Stable, a ton of new crap gets flooded into it and tends to cause some instabilities. I usually switch to Testing during it's freeze period.

Debian works as a nice cohesive whole. Another suggestion was to use stable with backports. This is a very nice setup.

Oh and for security updates, you're covered for Testing, but not for Unstable. If you really need to live bleeding edge for some things you can pull specific packages out of experimental (for example, I pulled the nvidia drivers out of there to get SteamVR working.)

Edit: Ha, apparently I replied to this already with almost the same info... meh.

slaapliedje commented on 1 December 2017 at 6:45 am UTC

g000hTo be honest, out of the box, Debian doesn't need a firewall to be running. The reason being that there aren't any services (e.g. Apache2, ssh server, ftp, NFS, SMB) running to exploit. I guess it also depends on whether you are running anything dodgy on your machine, i.e. you want outbound rules in place. It is also quite a good idea to have your firewall separate from your desktop, anyway. That way if malware were to run on your desktop it couldn't affect your firewall rules.

I quite like using fail2ban as a safe-guard on my Debian (or Ubuntu or Mint) systems. I also like messing around with iptables or netfilter to customise the rules too, e.g. allow access to specific service from specific ip range.

I love fail2ban, except when I don't. At my last job I had set up PBX in a Flash, and it had fail2ban on there by default. Every once in a while one of the phones would try to authenticate and fail and retry several times until fail2ban would block it for 30m

If anyone wants some protection, I'd suggest doing fail2ban, suricata, psad, and arno-iptables-firewall (or whatever firewall program you prefer).
For those who don't know what they do;
Fail2Ban: auto-firewall rule generator based on authentication/access failures.
Suricata: Intrusion Detection System (replacement to snort)
PSAD: Port Scan Attack Detector (this is actually kind of scary when you see all the crap Windows scans for)
arno-iptables-firewall is just a nice wrapper around iptables (as any firewall should be on Linux)

Arehandoro commented on 1 December 2017 at 11:45 am UTC

slaapliedje
g000hTo be honest, out of the box, Debian doesn't need a firewall to be running. The reason being that there aren't any services (e.g. Apache2, ssh server, ftp, NFS, SMB) running to exploit. I guess it also depends on whether you are running anything dodgy on your machine, i.e. you want outbound rules in place. It is also quite a good idea to have your firewall separate from your desktop, anyway. That way if malware were to run on your desktop it couldn't affect your firewall rules.

I quite like using fail2ban as a safe-guard on my Debian (or Ubuntu or Mint) systems. I also like messing around with iptables or netfilter to customise the rules too, e.g. allow access to specific service from specific ip range.

I love fail2ban, except when I don't. At my last job I had set up PBX in a Flash, and it had fail2ban on there by default. Every once in a while one of the phones would try to authenticate and fail and retry several times until fail2ban would block it for 30m

If anyone wants some protection, I'd suggest doing fail2ban, suricata, psad, and arno-iptables-firewall (or whatever firewall program you prefer).
For those who don't know what they do;
Fail2Ban: auto-firewall rule generator based on authentication/access failures.
Suricata: Intrusion Detection System (replacement to snort)
PSAD: Port Scan Attack Detector (this is actually kind of scary when you see all the crap Windows scans for)
arno-iptables-firewall is just a nice wrapper around iptables (as any firewall should be on Linux)

Great info, thanks!

  Go to:

Due to spam you need to Register and Login to comment.


Or login with...

Livestreams & Videos
Community Livestreams
  • RPGoodness: "Dragon Age Origins" (via Wine)
  • Date:
See more!
Popular this week
View by Category
Contact
Latest Forum Posts
Facebook