Cockpit is a web-based management tool for Linux systems. It aims to simplify management tasks while maintaining compatibility with other administration tools.
Step 1
Cockpit requires the use of the firewalld service to be able to make changes to your firewall rules.
If you are using ufw as a host-based firewall
Remove ufw before replacing it with firewalld.
$ sudo apt-get remove --purge --yes ufw
Install firewalld as a host-based firewall
Install firewalld and maintain ssh access as well as enabling cockpit to receive incoming connections.
By default, the Cockpit web console listens on port 9090 for connections. If you want to make changes from the default, use the following command to edit /etc/systemd/system/cockpit.socket.d/override.conf.
$ sudo systemctl edit cockpit.socket
The example below changes the web console port from 9090 to 9091 and restricts access to the localhost.
### Editing /etc/systemd/system/cockpit.socket.d/override.conf
### Anything between here and the comment below will become the new contents of the file
[Socket]
ListenStream=
ListenStream=127.0.0.1:9091
### Lines below this comment will be discarded
Use the following command for your changes to take effect.
If you installed Cockpit on the local machine and changed the listening port to 9091, you can now access the Cockpit web console on https://localhost:9091.
“Security is a process, not a product. Products provide some protection, but the only way to effectively do business in an insecure world is to put processes in place that recognize the inherent insecurity in the products.” Bruce Schneier acknowledges that in information technology perfect security probably doesn’t exist.
Debian GNU/Linux was first released in 1993 and has been under active developement ever since. Today, the Debian Project unites thousands of contributors from across the globe with the aim of producing “an operating system distribution that is composed entirely of free software”.
This guide is intended to assist those who are installing Debian for the first time. It describes a straightforward path to a GNOME desktop. The number of applications is less in comparison to the default. Choose from more than 60000 official packages to tailor the system to your own requirements.
Debian and the new package formats
Debian stable is, above all else, focused on the task of maintaining bug-free software packages. It is the reason why Debian, in over 30 years, has gained a reputation for being “like a rock in an ever-swirling sea of updates”. It is also the reason why Debian stable does not keep up with the latest versions.
Universal package formats, such as Flatpak, Snap, or AppImage, are managed separately from conventional packaging systems and thus provide the end-user with added flexibility and choice. They solve the problem of stale distribution packages because newer versions can be installed without compromising the integrity of the underlying core.
Before you begin
In addition to the target computer, you should have access to a reasonably fast connection to the Internet. Ideally, your device would connect to your router using Ethernet. If your laptop does not have an Ethernet port, consider getting the Plugable USB 3.0 Gigabit Ethernet Adapter. Using a wireless network, you will need to provide your Wi-Fi password twice during the installation.
Depending on your acutal requirements, there are different Debian CD images to choose from. In all likelihood, you are following these instructions to install on x86-64 hardware, for which a network install CD image amd64 would be the correct choice. It supports Intel as well as AMD processors and “includes non-free firmware for extra support for some awkward hardware”.
Choose a hostname and a username for your setup. In the examples which follow, debian is used as the hostname and bookworm as the username. Just remember to make the substitutions when executing commands that reference either.
Choose 1) an encryption passphrase to encrypt your storage device, 2) a user password to secure your user account, and 3) a root password to secure the root account.
Ensure that all of your data is safely backed up because formatting your storage device will erase all of its data.
After completing the installation, Debian GNU/Linux will be the only operating system on your computer.
Installing Debian GNU/Linux
If your computer uses the Unified Extensible Firmware Interface (UEFI) and you are unsure about which settings to use, you may wish to disable the Secure Boot option.
Step 1
After booting the system from the USB stick that you have prepared, continue by selecting the text based installer.
Step 2
Keep English as the language for the installation.
[!!] Select a language
Language: English
Step 3
Keep United States as the location for your system. This will also set United States as the default locale for the system environment. You will have an opportunity to set additional locales and adjust time zones at a later point during the installation.
[!!] Select your location
Country, territory or area: United States
Step 4
Use the keymap that is the correct one for your particular keyboard.
[!!] Configure the keyboard
Keymap to use: your keyboard
Step 5
You will likely be asked to select the primary network interface for use during the installation. If network autoconfiguration fails, go back and try another interface from the list.
[!!] Configure the network
Network configuration method:
Retry network autoconfiguration
Retry network autoconfiguration with a DHCP hostname
Configure network manually
Do not configure the network at this time
Go Back
Step 6
Set the hostname for your system. In this example, we use debian as the hostname.
[!] Configure the network
Hostname: debian
Continue
[!!] Partition disks
Partitioning method: Guided - use entire disk and set up encrypted LVM
Be careful to select the correct target device for your system.
[!!] Partition disks
Select disk to partition: your target disk for installation
Choose to keep all files in one partition.
[!] Partition disks
Partitioning scheme: All files in one partition (recommended for new users)
Now write the changes to disk.
[!!] Partition disks
Write the changes to disk and configure LVM?
Yes
You may skip the overwriting of the disk with random data by selecting Cancel. Be aware, however, that skipping this step will lessen the quality of the encryption.
Step 9
Enter your encryption passphrase.
[!!] Partition disks
Encryption passphrase: your encryption passphrase
Continue
Confirm your encryption passphrase.
[!!] Partition disks
Re-enter passphrase to verify: your encryption passphrase
Continue
Step 10
Use the available space for partitioning your disk.
[!!] Partition disks
Amount of volume group to use for guided partitioning: max
Continue
Step 11
Write the changes to disk.
[!!] Partition disks
Finish partitioning and write changes to disk
Confirm writing the changes to disk.
[!!] Partition disks
Write the changes to disks?
Yes
Step 12
You may be asked to scan additional installation media.
[!] Configure the package manager
Scan extra installation media?
No
Step 13
Select your archive mirror country from the list.
[!] Configure the package manager
Debian archive mirror country: your country
Select an archive mirror from the list. For the fastest downloads, use the site that is closest to you.
[!] Configure the package manager
Debian archive mirror: mirror closest to you
You probably won’t need to configure an HTTP proxy:
[!] Configure the package manager
HTTP proxy information (blank for none): leave empty
Continue
[!] Configuring popularity-contest
Participate in the package usage survey?
Yes
Step 15
Choose standard system utilities from the list of predefined software collections and deselect all other entries.
[!] Software selection
Choose software to install:
[ ] Debian desktop environment
[ ] GNOME
[*] standard system utilities
Continue
Step 16
You may be asked if you want to install the GRUB boot loader to your primary drive. Select your target disk from Step 8 as the drive for boot loader installation.
[!] Install the GRUB boot loader
Install the GRUB boot loader to your primary drive?
Yes
Step 17
Remove the installation media before booting into your new system.
[!!] Finish the installation
Installation complete
Continue
Step 18
Enter your encryption passphrase to boot into the system for the first time. In this example, the encrypted disk is labelled sda3_crypt.
Please unlock disk sda3_crypt: your encryption passphrase
Log into the system with your username and user password.
Debian GNU/Linux 12 debian tty1
debian login: bookworm
Password: your user password
Step 19
Set the password for the root user by entering the following command. You will be asked for your user password to obtain sudo privileges first.
$ sudo passwd root
Step 20
Install a minimal GNOME desktop.
$ sudo apt-get install --yes gnome-core
If you are installing into a virtual machine, use this additional command to enable copy and paste between the host and the guest.
$ sudo apt-get install --yes spice-vdagent
Step 21
Restart your system.
$ sudo reboot
Step 22
Enter your encryption passphrase to boot into the system.
Please unlock disk sda3_crypt: your encryption passphrase
Select Show Applications from the the panel at the bottom of the screen or press [Super + a] and open the Settings application. On most keyboards, the [Super] key is the one with the Windows logo printed on it. Continue by adding the following keyboard shortcuts:
From within the GNOME desktop, open Firefox ESR by using the shortcut [Super + b] and re-open these instructions at edafe.de/step24.
Open a terminal with the shortcut [Super + t] and, where applicable, use copy and paste to enter the commands set out on this page. Be careful not to miss any punctuation.
Step 25
Set the time zone for your area.
$ sudo dpkg-reconfigure tzdata
Configuring tzdata
Geographic area: your area
Ok
Step 26
Configure locales for all the languages that your system is going to be used with. Use UTF-8 locales wherever possible.
$ sudo dpkg-reconfigure locales
In this example, German and Japanese locales are generated in addition to the default locale for the system environment.
Configuring locales
Locales to be generated:
[*] de_DE.UTF-8 UTF-8
[*] en_US.UTF-8 UTF-8
[*] ja_JP.UTF-8 UTF-8
OK
Keep en_US.UTF-8 as the default locale for the system environment.
Configuring locales
Default locale for the system environment:
en_US.UTF-8
OK
Step 27
The Desktop was disabled in GNOME 3.28. This decision was not universally popular at the time. However, developers pointed to the fact that, as an unmaintained feature, it stood in the way of other improvements. The following command hides the now orphaned Desktop folder from view.
$ echo Desktop >> ~/.hidden
Step 28
Install additonal Debian packages to give you a functional GNOME desktop.
$ echo -e '\n# use Neofetch to display information about the system\nif [ -f /usr/bin/neofetch ]; then\n clear && neofetch;\nfi' >> ~/.bashrc && source ~/.bashrc
Step 31
Enable the unattended installation of important upgrades.
$ sudo dpkg-reconfigure unattended-upgrades
Step 32
If in Step 5 you selected a wireless interface as the primary network interface for use during the installation, you will need to re-establish connection to the wireless network after rebooting.
The snap directory in your home folder is not supposed to be accessed manually. Use the following command to hide it from view.
$ echo snap >> ~/.hidden
Step 37
By default, Debian installs the Extended Support Release (ESR) version of Firefox. The ESR receives crash fixes, security fixes and policy updates as needed.
The flatpak, on the other hand, installs the Rapid Release version of Firefox. In contrast to the ESR, the Rapid Release receives major updates at least every four weeks. Both versions can be used concurrently. When installed on your desktop, they are listed as Firefox ESR and Firefox Web Browser, respectively.
As an option, you may install Firefox Rapid Release and set it as the default browser.
“LastPass likely could have prevented this if they were more concerned about keeping their users secure than about saving their face. Their statement is also full of omissions, half-truths and outright lies. As I know that not everyone can see through all of it, I thought that I would pick out a bunch of sentences from this statement and give some context that LastPass didn’t want to mention.” Wladimir Palant helps to decode what LastPass had to say about their latest security breach.
“… and when quizzed about the upcoming nurses strikes, the Conservative party chairman said that demands for a 19% pay rise for nurses would cost the NHS 10 billion pounds, which should instead be spent on NHS frontline services. Back to you, Chris.
Gaslighting fuckers! If nurses aren’t the NHS frontline?? I mean, what about ambulance drivers and and paramedics? Are they not frontline services? Give them a decent pay rise, you fuckers! They deserve it, find the money! You all spring into action every time you crash the economy, you can find the money then. Get ’round the table, make a decent offer. Instead, they’re sending in the army telling us the unions are holding the country to ransom. The unions!? Can we all just be clear about this? Our last prime minister blew a 30 billion pound hole in the economy overnight, test and trace cost us 37 billion pounds. Useless PPE wasted 8.7 billion pounds, which ended up in the pockets of Tory donors. A shambolically executed Brexit lost us 40 billion in tax revenue alone. Richi Sunak lost 11 billion pounds by overpaying interest on UK debt, and yet, you read the front pages, it’s nurses who were the ones who are greedy and irresponsible. It’s the fire service that’s holding the country to ransom, ’cause they all just decided they’d prefer to drink tea on a freezing picket line than save children from burning buildings. It wasn’t so long ago we were clapping them; hailing them as heroes. They were all considered key workers during the pandemic, weren’t they? Bus drivers, teachers, nurses. Now, they’re called lazy workshy fuckers. Postal workers, striking to save what’s left of the Royal Mail — it having been sold off to the lowest bidder for a quick buck by the millionaires in Westminster — but it’s your postman who is destroying the country!? The entire northern rail network is on the brink of collapse whilst rail companies and their shareholders make record profits, …but it’s that fat, lazy fucker behind the ticket desk, asking for a bit of job security, who is destroying our rail infrastructure!? 25 to 50% of average households are unable to pay their bills this winter, whilst energy companies announced record breaking profits. In 2021, Shell paid zero pounds on their oil production in the UK and received 100 million pounds of subsidies in tax payer’s money. Working people are suffering at the hands of corporate greed and unbridled economic mismanagement, and this is why people are striking for better pay, conditions and job security. Recently, the government gave us the Public Order bill that, that [sic] even one Tory peer described as an afront to a civilised society. Crackdowns on peaceful protest is the purview of China and Iran, not British democracy. And yet these reactionary fuckwits tell us it’s Scottish primary school teachers who are holding us hostage. The bastards who wrecked the economy, squandered our reputation on the international stage, sold off any and all of the country’s assets for a quick buck are getting their mates in the media to tell you that it’s bus drivers, bin men, teachers, nurses, postmen, passport control workers and rail workers who are throwing the country to the dogs. Don’t believe them; they are lying to you!
Well, stome [sic], still some weeks ahead of Christmas industrial action, misery for commuters, patients and holiday makers. Frustration and anger at the unions for deciding to strike over Christmas …”
“The Boomerang is hitting Britain hard, especially right now. Empire wasn’t just something that happened to the Colonies, it’s something that happened to Britain. It created some of Britain’s most well-loved institutions, from the NHS to its greatest talents. But it also created the unequal Britain we see today.”
“And look, to go by recent polls, Australia, like the UK, seems unlikely to let go of the monarchy anytime soon. But other Commonwealth countries are already preparing to do so. Last year, Barbados removed the queen as head of state. Jamaica is looking to have a referendum to do the same within the next three years, with one poll showing a majority supports it. And Antigua and Barbuda, Grenada and Belize, seem to be moving in the same direction. And while the royal family have said that these countries are free to leave, if they so choose, they also refuse to reckon with why they might want to do that in the first place. Instead, they’ve continued working hard to be perceived as a mere symbol while never taking responsibility for what that symbol excused. All while ignoring calls for true apologies and reparations to those who suffered tremendously because of what was done in their name. And look, you don’t have to hate the royal family personally … You don’t even have to think that the institution shouldn’t exist. But if it’s going to continue to, it is fair to expect significantly more from them. Because right now, far too often, they hide behind the convenient shield of politeness and manners which frequently demands the silence of anyone who might criticise them or what they stand for. Will this segment even air on Sky TV in Britain? I honestly don’t know! Maybe, maybe not. But if they do cut it out for being disrespectful, they won’t want to seriously think about why. Why they and everyone else are working so hard not to offend a family whose name was branded into people’s skin and who sit atop a pile of stolen wealth, wearing crowns adorned with other countries treasures.”
“Soziale Medien werden von Plattformbetreibern dominiert, die das eigene Interesse in den Vordergrund rücken und jede Entscheidung daran messen, wie sich eine Profitmaximierung erzielen lässt. Hat man das einmal verinnerlicht, wirft sich einem unweigerlich die Frage auf, was an sozialen Medien eigentlich sozial ist. Sozial bedeutet anderen zu helfen, was auch bedeuten kann, die eigenen Interessen zurückzustellen. Also im Grunde genau das Gegenteil dessen, wie kommerziell ausgerichtete Plattformen wie Twitter, Facebook und Co. agieren.” @kuketzblog erklärt die Idee des Fediverse und unterstreicht damit, warum es sich so grundlegend von Platformen wie Twitter und Facebook unterscheidet. Dieser Beitrag ist von großer Wichtigkeit, nicht nur für Nutzer sozialer Medien.