sudo add-apt-repository ppa:otto-kesselgulasch/gimp
sudo apt-get update
sudo apt-get install gimp
sudo apt-get install gimp-plugin-registry
sudo apt-get install gimp-gmic
sudo add-apt-repository ppa:numix/ppa
sudo apt-get update && sudo apt-get install numix-gtk-theme numix-icon-theme-circle
Utilitare & Diverse
sudo apt-get install -y htop aptitude lm-sensors irssi wavemon whois vim steam privoxy filezilla vlc curl nmap redshift inkscape pwgen
wget http://www.teamviewer.com/download/teamviewer_linux.deb
Gnome Extensions
SSH keys
ssh-keygen -t ecdsa -b 521 -C "$(whoami)@$(hostname)-$(date -I)"
Use OpenSSH ssh-agent instead of the gnome keyring http://dtek.net/blog/how-stop-gnome-keyring-clobbering-opensshs-ssh-agent-ubuntu-1204
Add redshift to the autostart programs for Ro, Bucharest with: /usr/bin/redshift -l 44.25:26.06 -t 5700:3600 -g 0.8 -m vidmode &
Add HP wireless printer with sudo hp-setup -i. Adding the printer from the gnome gui does not work for simple scan.
Basic Iptables
echo "up iptables-restore < /etc/iptables.ipv4" >> /etc/network/interfaces
# drop weird packets
-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,PSH PSH -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ALL FIN,PSH,URG -j DROP
-A INPUT -m state --state INVALID -j DROP
# drop fragmented packets
-A INPUT -f -j DROP
# drop XMASS packets
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP
# drop NULL packets
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# limit 3 pings a second
-A INPUT -p icmp --icmp-type 8 -m limit --limit 3/sec -j ACCEPT
-A INPUT -p icmp --icmp-type 8 -j DROP
# rate limit SSH
#-A INPUT -p tcp --dport 22334 -i eth0 -m state --state NEW -m recent --set
#-A INPUT -p tcp --dport 22334 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
# accept established connections
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# drop policy for input
#-P INPUT DROP
# accept input trafic for ssh, http and mail
#-A INPUT -p tcp --dport 22334 -j ACCEPT
#-A INPUT -p tcp --dport 80 -j ACCEPT
#-A INPUT -p tcp --dport 25 -j ACCEPT
# drop all other input trafic
#-A INPUT -j DROP
# drop invalid forward packets
#-A FORWARD -m state --state INVALID -j DROP
# drop FORWARD trafic
-P FORWARD DROP
# drop invalid output packets
-A OUTPUT -m state --state INVALID -j DROP
echo "up ip6tables-restore < /etc/iptables.ipv6" >> /etc/network/interfaces
# drop weird packets
-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,PSH PSH -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ALL FIN,PSH,URG -j DROP
-A INPUT -m state --state INVALID -j DROP
# drop fragmented packets
#-A INPUT -f -j DROP
# drop XMASS packet
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP
# drop NULL packets
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# limit 3 pings a second
-A INPUT -p icmpv6 --icmpv6-type 8 -m limit --limit 3/sec -j ACCEPT
-A INPUT -p icmpv6 --icmpv6-type 8 -j DROP
# accept established connections
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# drop FORWARD trafic
-P FORWARD DROP
# drop invalid output packets
-A OUTPUT -m state --state INVALID -j DROP
COMMIT
Grub password grub-mkpasswd-pbkdf2 vim /etc/grub.d/40_custom
set superuser="user"
password_pbkdf2 user encryptedpass
update-grub
Disable Magic SysRq
echo 0 > /proc/sys/kernel/sysrq
Set limits on number of files opened and proceses in /etc/security/limits.conf
http://askubuntu.com/questions/462112/nofile-ulimit-n-on-ubuntu-14-04-lts
* hard nofile 94000
* soft nofile 94000
* hard noproc 64000
* soft noproc 64000
Posted on:
If you are interested in contacting me feel free to do so by mail or online:
nob {at} nob.ro