Show package versions
echo 'APT::Get::Show-Versions "true";' > /etc/apt/apt.conf.d/01versions
Use local apt-cacher
echo 'Acquire::http::Proxy "http://apt.sdeziel.info:3142";' > /etc/apt/apt.conf.d/01apt-cacher
# Install additionnal AA profiles apt-get install --no-install-recommends apparmor-profiles # Set some profiles in enforce mode for p in bin.ping usr.sbin.avahi-daemon usr.sbin.dnsmasq; do sed -i 's/ flags=(complain)//' /etc/apparmor.d/$p done
Firefox setup
# Enhance privacy by disabling Flash/Macromedia cookie storage
cat << EOF >> /etc/apparmor.d/local/usr.bin.firefox
# Prevent Flash/Macromedia cookie storage
deny @{HOME}/.adobe/** rw,
deny @{HOME}/.macromedia/** rw,
EOF
# Enable Firefox AA profile
rm /etc/apparmor.d/disable/usr.bin.firefox
apparmor_parser -a -T -W /etc/apparmor.d/usr.bin.firefox
# Install Adblock Plus and add the anti-malware subscription
http://adblockplus.org/en/subscriptions
http://www.malwaredomains.com/
VIM
# On a laptop/desktop apt-get install --no-install-recommends vim-nox # On a server apt-get install --no-install-recommends vim # Configure VIM as the default editor update-alternatives --set editor /usr/bin/vim.basic
# Minimal comfort apt-get install --no-install-recommends terminator thunderbird enigmail xul-ext-lightning pidgin # Create an empty directory that thunderbird requires and the can't create itself mkdir /usr/lib/mozilla/extensions/ # Enable thunderbird AA profile apparmor_parser -a -T -W /etc/apparmor.d/usr.bin.thunderbird # Enable pidgin AA profile apparmor_parser -a -T -W /etc/apparmor.d/usr.bin.pidgin # Install the KVM virtualization layer and it's management frontend apt-get install --no-install-recommends qemu-kvm libvirt-bin virt-manager adduser $SUDO_USER libvirtd # or sudo adduser $USER libvirtd # Disable local virtual network as it relies on NAT (bad) virsh net-autostart default --disable virsh net-destroy default # Networking apt-get install --no-install-recommends vlan bridge-utils # Multimedia apt-get install --no-install-recommends vlc vlc-plugin-pulse gstreamer0.10-ffmpeg gstreamer0.10-fluendo-mp3 # Misc apt-get install --no-install-recommends cifs-utils sshfs powertop debootstrap schroot nmap tftp-hpa
apt-get install --no-install-recommends devscripts dput patchutils bzr git # Now that we have all the required VCS, ensure that important files are tracked apt-get install --no-install-recommends etckeeper cd /etc etckeeper uninit # use git instead of bzr sed -i -e 's/^VCS="\(.*\)"/VCS="git"/' /etc/etckeeper/etckeeper.conf etckeeper init etckeeper commit "Initial /etc commit using git as the VCS for etckeeper"
This is covered in OpenVPN on Ubuntu
# Only one tty is used for s in $(seq 2 6); do stop tty$s echo manual >> /etc/init/tty$s.override done # I don't like noisy packages :) stop avahi-daemon echo manual >> /etc/init/avahi-daemon.override # I don't have a printer (it might not be the case for everyone) stop cups echo manual >> /etc/init/cups.override # Who uses atd these days ? stop atd echo manual >> /etc/init/atd.override
# VLC is much better apt-get purge --auto-remove totem totem-mozilla # I don't like the HUD feature as that messes with Alt-tab and spawns another daemon apt-get purge --auto-remove indicator-appmenu # I don't use printers apt-get purge --auto-remove indicator-printers # I don't use empathy/telepathy apt-get purge --auto-remove empathy telepathy-gabble telepathy-haze telepathy-idle telepathy-logger telepathy-mission-control-5 telepathy-salut indicator-status-provider-mc5 libtelepathy-glib0 # I don't use social media apt-get purge --auto-remove gwibber # I don't use the Ubuntu One cloud service apt-get purge --auto-remove python-ubuntuone-client python-ubuntuone-control-panel python-ubuntuone-storageprotocol rhythmbox-ubuntuone ubuntuone-client ubuntuone-client-gnome ubuntuone-control-panel ubuntuone-couch ubuntuone-installer # I don't have bluetooth support apt-get purge --auto-remove bluez pulseaudio-module-bluetooth # I use Thunderbird exclusively and don't like having useless daemon running all the time apt-get purge --auto-remove evolution-data-server # I don't need activity tracking apt-get purge --auto-remove zeitgeist zeitgeist-core zeitgeist-datahub rhythmbox-plugin-zeitgeist python-zeitgeist # I don't use color calibration apt-get purge --auto-remove colord # I don't have any modem apt-get purge --auto-remove modemmanager # Free some space apt-get purge --auto-remove example-content # Remove rarely (if ever) needed kernel headers apt-get purge --auto-remove linux-$(uname -r | cut -d- -f3) linux-headers-$(uname -r | cut -d- -f3) linux-headers-$(uname -r) linux-headers-$(uname -r | cut -d- -f1,2) # Remove -dev packages apt-get purge --auto-remove libc6-dev libc-dev-bin linux-libc-dev
cd /etc/xdg/autostart
for f in gnome-keyring-pkcs11.desktop gsettings-data-convert.desktop jockey-gtk.desktop onboard-autostart.desktop orca-autostart.desktop pulseaudio-kde.desktop update-notifier.desktop user-dirs-update-gtk.desktop; do
mv $f{,-disabled}
done
# and possibly this too
cd /etc/xdg/autostart
for f in deja-dup-monitor.desktop gnome-fallback-mount-helper.desktop gnome-keyring-gpg.desktop gnome-keyring-ssh.desktop nm-applet.desktop print-applet.desktop; do
mv $f{,-disabled}
done
# this one is optional and has some drawbacks: users cannot install the updates themselves
# this is worked around by install unattended-upgrades
dpkg-statoverride --update --add root root 0644 /usr/sbin/aptd
mv /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service{,-disabled}
apt-get install --no-install-recommends unattended-upgrades
# Say "yes" to install stable updates
dpkg-reconfigure unattended-upgrades
# Disable Guest sessions grep -q '^allow-guest=false$' /etc/lightdm/lightdm.conf || sed -i '/^\[SeatDefaults\]$/a allow-guest=false' /etc/lightdm/lightdm.conf # Optionally, hide the users list grep -q '^greeter-hide-users=true$' /etc/lightdm/lightdm.conf || sed -i '/^\[SeatDefaults\]$/a greeter-hide-users=true' /etc/lightdm/lightdm.conf