Basic Operating System Configuration

by

⚙️ Initial Operating System Configurations for the Project
📌 Objective: Define and document the initial configurations to ensure the security, efficiency, and stability of the Offtube system.

🔍 OS Roles:

💼 Clients: Windows 11 Pro
🖥️ Servers: Debian 12
🔧 Administrators: Debian 12

🛡️ 1. User and Permission Configuration

💼 Clients (Windows 11 Pro)

🔹 Create limited user accounts:

powershell
 
net user EMPLEAT Password123 /add net localgroup Administrators EMPLEAT /delete

🔹 Folder access permissions:

powershell
 
icacls C:\Dades /grant EMPLEAT:(OI)(CI)M

🔹 Enable BitLocker for data protection:

powershell
 
manage-bde -on C: -RecoveryPassword

🖥️ Servers (Debian 12)

🔹 Create users and assign roles:

 
sudo adduser empleat sudo usermod -aG sudo admin

🔹 Directory access control:

 
sudo chown -R www-data:www-data /var/www/ sudo chmod -R 750 /var/www/

🔹 Disable root SSH access:

 
sudo nano /etc/ssh/sshd_config # Change: PermitRootLogin no # Add: AllowUsers admin sudo systemctl restart ssh

🔧 Administrators (Debian 12)

🔹 Assign sudo permissions:

 
usermod -aG sudo admin

🔹 Control log access:

 
chmod -R 640 /var/log

🌐 2. Network Configuration

💼 Clients (Windows 11 Pro)

🔹 Set static IP:

powershell
 
New-NetIPAddress -InterfaceIndex 4 -IPAddress 192.168.1.101 -PrefixLength 24 -DefaultGateway 192.168.1.254

🔹 Custom DNS:

powershell
 
Set-DnsClientServerAddress -InterfaceIndex 4 -ServerAddresses ("8.8.8.8","8.8.4.4")

🖥️ Servers (Debian 12)

🔹 Set static IP:

 
sudo nano /etc/network/interfaces # Example: auto eth0 iface eth0 inet static address 192.168.1.50 netmask 255.255.255.0 gateway 192.168.1.254 dns-nameservers 8.8.8.8 8.8.4.4 sudo systemctl restart networking

🔧 Administrators (Debian 12)

🔹 Network monitoring:

 
sudo apt install iftop nload iftop -i eth0

🖥️ 3. Essential Software Installation

💼 Clients (Windows 11 Pro)

🔹 Corporate basic software:

powershell
 
winget install Google.Chrome winget install Microsoft.Office winget install Putty

🖥️ Servers (Debian 12)

🔹 Essential services:

 
sudo apt update && sudo apt upgrade -y sudo apt install apache2 mariadb-server ufw fail2ban -y

🔹 UFW configuration:

 
sudo ufw allow OpenSSH sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw enable

🔧 Administrators (Debian 12)

🔹 Useful tools:

 
sudo apt install htop tmux vim curl

📡 4. Remote Access Configuration

💼 Clients (Windows 11 Pro)

🔹 Enable RDP:

powershell
 
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

🖥️ Servers (Debian 12)

🔹 Enable and limit SSH:

 
sudo systemctl enable ssh sudo systemctl start ssh sudo nano /etc/ssh/sshd_config # Add: AllowUsers admin sudo systemctl restart ssh

🔧 Administrators (Debian 12)

🔹 Persistent sessions:

 
tmux new -s admin

🐚 5. Shell and Environment Customization

💼 Clients (Windows 11 Pro)

🔹 Improve PowerShell:

powershell
 
Set-ExecutionPolicy RemoteSigned

🖥️ Servers (Debian 12)

🔹 Customize Bash prompt:

 
echo 'export PS1="\[\e[32m\]\u@\h:\w\[\e[m\]$ "' >> ~/.bashrc source ~/.bashrc

🔧 Administrators (Debian 12)

🔹 Useful aliases:

 
echo "alias ll='ls -lah'" >> ~/.bashrc echo "alias update='sudo apt update && sudo apt upgrade -y'" >> ~/.bashrc source ~/.bashrc

✅ Conclusion

RoleOSDescription
👤 ClientsWindows 11 ProUser setup, security, remote access, and basic tools
🖥️ ServersDebian 12Web services, static IPs, firewall, SSH
🛠️ AdminsDebian 12Monitoring, remote management, shell customization

Leave a Comment

Esta web utiliza cookies propias y de terceros para su correcto funcionamiento y para fines analíticos y para mostrarte publicidad relacionada con sus preferencias en base a un perfil elaborado a partir de tus hábitos de navegación. Contiene enlaces a sitios web de terceros con políticas de privacidad ajenas que podrás aceptar o no cuando accedas a ellos. Al hacer clic en el botón Aceptar, acepta el uso de estas tecnologías y el procesamiento de tus datos para estos propósitos.
Privacidad