In this guide, we are going to see the list of top/important things to do after installing Debian Jessie.
One of the first things to do is to update the sources and then grant sudo access to the default user so that we don’t need to switch user as root to perform operations that require root access. Granting sudo access to users on Home PC’s is ok but granting sudo access to users in an office environment is not recommended.
Update The Source List
Note: I would like to let you know that in this guide, we are going to install software from the “contrib” and “non-free” repositories too.
Also we are going to add “contrib” & “non-free” repositories that are not 100% FOSS as per the Debian Free Software Guidelines.
- “contrib” – repositories include packages which do comply with the DFSG, but may fail other requirements. For instance, they may depend on packages which are in non-free or requires such for building them.
- “non-free” – repositories include packages which do not comply with the DFSG
If you want to use a installation that is 100% FOSS as per the Debian Free Software Guidelines then just don’t add “contrib” & “non-free” to the source list.
Note: security updates for contrib & nonfree repos are “not” handled by the Debian Security Team.
Q: How is security handled for contrib and non-free?
A: The short answer is: it’s not. Contrib and non-free aren’t official parts of the Debian Distribution and are not released, and thus not supported by the security team. Some non-free packages are distributed without source or without a license allowing the distribution of modified versions. In those cases no security fixes can be made at all. If it is possible to fix the problem, and the package maintainer or someone else provides correct updated packages, then the security team will generally process them and release an advisory.
Now lets begin. Open terminal & run the following commands,
Enter the root password
Now open the sources.list file by running the following command
You’ll find something like
deb http://ftp.us.debian.org/debian jessie main
deb-src http://ftp.us.debian.org/debian jessie main
deb http://security.debian.org/ jessie/updates main
deb-src http://security.debian.org/ jessie/updates main
Before editing the file, you should choose a mirror that is closest to you for the fastest downloads. Check the list of mirrors in this link, https://www.debian.org/mirror/list.
Now we have to add “contrib non-free” after main.
Also I’m disabling the source packages by commenting the source package repo. If you want to install the source packages also, then remove the # in front of the source repo.
Example of a jessie repo
deb http://ftp.us.debian.org/debian jessie main contrib non-free
#deb-src http://ftp.us.debian.org/debian jessie main contrib non-free
deb http://security.debian.org/ jessie/updates main contrib non-free
#deb-src http://security.debian.org/ jessie/updates main contrib non-free
For pure testing repo, just replace “jessie” with “testing” and add “contrib non-free” after main.
Example of a pure testing repo
deb http://ftp.us.debian.org/debian testing main contrib non-free
#deb-src http://ftp.us.debian.org/debian testing main contrib non-free
deb http://security.debian.org/ testing/updates main contrib non-free
#deb-src http://security.debian.org/ testing/updates main contrib non-free
Now save & close the file.
Note: Security updates for “testing” repository are “not” handled by the Debian Security Team.
Q: How is security handled for testing?
A: Security for testing benefits from the security efforts of the entire project for unstable. However, there is a minimum two-day migration delay, and sometimes security fixes can be held up by transitions. The Security Team helps to move along those transitions holding back important security uploads, but this is not always possible and delays may occur. Especially in the months after a new stable release, when many new versions are uploaded to unstable, security fixes for testing may lag behind. If you want to have a secure (and stable) server you are strongly encouraged to stay with stable.
In addition to that, if you want to use “testing” repo., then please check the best practises for testing users listed in the Debian Wiki.
Now lets update to fetch the list of packages from the newly added contrib & non-free repositories.
Grant Sudo Access (Optional)
If you don’t want to give sudo access to the users then you should skip these steps.
apt-get install sudo
usermod -a -G sudo <username>
Replace <username> with your username to which you want to grant sudo access.
Now logout & login to get sudo access to those users.
Now we are going to install the following packages,
- synaptic package manager – graphical package management tool which enables you to install, upgrade and remove software packages in a user friendly way.
- apt-xapian-index – maintenance and search tools for a Xapian index of Debian packages
- gdebi – simple tool to install deb packages
- gksu – graphical frontend for su
sudo apt-get install synaptic apt-xapian-index gdebi gksu
sudo apt-get install firmware-linux
sudo apt-get install amd64-microcode
sudo apt-get install intel-microcode
First lets make sure that we install the proper display drivers. There is no one step solution for this, so you have to check the following links and install the appropriate drivers.
After installing the display drivers, make sure to reboot the system and check that the display driver is working properly before proceeding to the next step.
sudo apt-get install ttf-freefont ttf-mscorefonts-installer ttf-bitstream-vera ttf-dejavu ttf-liberation
Enable flash support for Iceweasel.
sudo apt-get install flashplugin-nonfree
Enable flash support for Chromium browser. Skip this step if you plan on installing Google Chrome.
sudo apt-get install pepperflashplugin-nonfree
IcedTeaPlugin is a web browser plugin to execute Java applets.
sudo apt-get install icedtea-plugin
This is what I use on my system. You might want to change these as per your preference.
- file-roller : Archive manager
- evince : PDF reader
- parcellite : Clipboard manager
- qalculate : Calculator
- clementie : Audio player
- vlc : Video player
- bleachbit : System cleaner
- gimp : Image editor
- shotwell : To import pictures from digital camera
- gparted : Partition Manager
- gnome-disk-utility : Disk Utility
- libreoffice-writer : Document editor
- libreoffice-calc : Spreadsheet editor
- libreoffice-impress : Presentation editor
- chromium : Open source web browser
sudo apt-get install file-roller evince parcellite qalculate clementine vlc bleachbit gimp shotwell gparted gnome-disk-utility libreoffice-writer libreoffice-calc libreoffice-impress chromium
sudo apt-get install ufw
Add the default deny rule and we are good to go with a basic firewall.
sudo ufw default deny
The following single command is enough to enable the firewall and add it to startup.
sudo ufw enable
You can check the status by running the following commands
sudo ufw status
sudo ufw status verbose
If you want a gui to manage it then you may install gufw.
sudo apt-get install gufw
Volume Control: (Optional, Only for Xfce users)
You may skip this step if you want to stick with the the default Xfce mixer.
sudo apt-get install pavucontrol
Go to “applications -> settings -> settings editor“, select “xfce4-panel” on the left hand side list and then scroll & search for “xfce4-mixer”. Edit it and replace “xfce4-mixer” with “pavucontrol” (refer screenshots).
Now right click on the audio icon in the panel, select “Run Audio Mixer” and then choose the pulse audio settings that you want to use (refer screenshot).
GUI to manage network connections
(Optional / Only for Netinstall)
network-manager-gnome – This network manager supports VPN and mobile broadband in addition to wired & wireless wifi network connections.
sudo apt-get install network-manager-gnome
You can refer the Debian wiki, https://wiki.debian.org/WiFi/HowToUse, for information on setting up wifi.
Now we have to remove the list of network references in the network interfaces file. But we are going to disable it by commenting the lines rather than removing it. To do that, open the interfaces file and comment Comment every line except the 2 lines listed after the line that says “# The loopback network interface”.
sudo nano /etc/network/interfaces
This is how my /etc/network/interfaces file look like after commenting the primary network interface (to disable it) except the loopback interface.
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
iface lo inet loopback
# The primary network interface
# allow-hotplug eth0
# iface eth0 inet dhcp
Now reboot the system.
At this point of time, Debian is using the “libav-tools” package instead of ffmpeg in Jessie/Testing so we are going to stick with the default packages and install only some extra packages.
sudo apt-get install libavcodec-extra
sudo apt-get install gstreamer0.10-plugins-ugly gstreamer0.10-plugins-bad gstreamer0.10-fluendo-mp3 gstreamer0.10-pulseaudio
sudo apt-get install libgstreamer-perl libgstreamer-interfaces-perl
Extra screensavers (Optional)
If you are a fan of the matrix screensaver like me, then you might want to install it.
sudo apt-get install xscreensaver-gl
Multimedia codecs (Optional using deb-multimedia.org repo)
If you want to install w32codecs and libdvdcss2 (required for the decryption of CSS protected-DVD), then you need to add 3rd party repository to do that. It involves apt pinning using preferences file and you can find it in this article, Apt Pinning Debian Multimedia Using Preferences.