Preliminary Actions

First you need to update your server. To do this, enter a simple command:

apt update && upgrade

It is worth noting that the installation is not difficult, since Fail2Ban is already included in the repositories of your Debian 11. Installation is easy, just enter the command:

apt install fail2ban

After you set it up, please check. The verification step is extremely important for making future adjustments:

systemctl status fail2ban

If Fail2ban is not running on your instance, you need to run it. This can be done with the following command:

systemctl start fail2ban

Next, move on to configuring Fail2ban. This is necessary for proper launch. Enter the following command:

systemctl enable fail2ban

Configuring Fail2Ban

If the first installation step was successfully completed and verified, then you can proceed to the Fail2ban configuration. Fail2ban is installed bundled with a default configuration file. This file contains configurable settings in Fail2ban. The file location is as follows:

/etc/fail2ban/jail.conf

The file contains settings known as filters for configuring Fail2ban. This tool also has many options in its configuration file. These options can be useful for specific scripts and services that work with each other on your Linux machine.

• The bantime value is the exact time during which the malicious IP is blocked
• The maxretry value – The number of times the user will try to login. If the limit is exceeded, the IP address is blocked.
• The ignoreip value is the networks you trust. All networks you enter here will bypass Fai2Ban filtering.
• The enable value allows Fail2ban to confirm whether you want this jail to be enabled or disabled.

Next is to talk about jails. It has an individual customization option. Jails can increase the security of your Linux computer in many ways. You can add different filters to your server services. The first step is to create the jail.local configuration file. You can do it like this:

touch /etc/fail2ban/jail.local

Open jail.local in a text editor of your choice.

nano /etc/fail2ban/jail.local.

After the clarifications above have been provided regarding hail conf. you will be able to apply this directly to the configuration.

enabled = true
port = ssh
bantime = 10h
maxretry = 12
ignoreip = Any_IP

[apache-badbots]
enabled = true
port = http,https, smtp...
bantime = 72h
maxretry = 3

[squid]
enabled = false
port = 80,443,25, 1234...

First! You need to understand that the server needs at least 4GB of memory. If it is less, then this can lead to instability in the work of Apache Cassandra 3.11.2 on Debian 11.

Java installation

In order to use Apache Cassandra correctly and without problems, you should install Java on your server. This can be done using the following command:

apt install openjdk-11-jdk -y

Next, you need to configure the repositories and other dependencies.

apt install apt-transport-https gnupg2 -y

Then you need to add the key. The name commonly used for it is Apache Cassandra GPG (use wget)

wget -q -O - https://www.apache.org/dist/cassandra/KEYS | sudo apt-key add -

Then you should add the downloaded repository

sh -c 'echo "deb https://downloads.apache.org/cassandra/debian 40x main" | sudo tee -a /etc/apt/sources.list.d/cassandra.sources.list'

Installing Apache Cassandra

Before installation, we recommend that you update the system

apt-get update

Then you can proceed to install

apt-get install Apache Cassandra

Then you can enable this utility to run every time your system boots

systemctl enable cassandra

After successful installation, we also recommend checking the status of the Apache Cassandra service

systemctl status cassandra

To interact with the Cassandra cluster, you will be able to login with the following simple command:

cqlsh

Install the CrowdSec Agent

Login to the server using SSH, or VNC with a non-root user who has sudo privileges. To get started, it is recommended that you log into your server with a sudo user. You can do it like this:

ssh any-user@<Your_IP_Address>

Next, it is recommended to download a special script. It will add the given repository – packagecloud.io to the list of sources and the packagecloud.io GPG key to check the downloads. Just copy the command (using curl)

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash

Install CrowdSec

After successfully installing a special script, you can proceed with the installation of CrowdSec. This can be done by following the following command:

apt install crowdsec

Next, you need to check this installation. Just enter the following command:

systemctl status crowdsec

The result will be something like this:

crowdsec.service - Crowdsec agent
    Loaded: loaded (/lib/systemd/system/crowdsec.service; enabled; vendor pres>
    Active: active (running) since ... etc.

You will be able to upload a list of required manipulations with your CrowdSec. The helper can be called like this command:

cscli machines list

Install a Firewall

It is highly recommended to install a firewall. This will be useful and very important as using the CrowdSec agent to prevent intrusions into your system. Install as below:

apt install crowdsec-firewall-bouncer-iptables -y

You can view the important points regarding the firewall like this:

cscli alerts list

cscli decisions list

cscli metrics 

apt update

It is recommended that you install the snapd package for Workbench to work properly. This can be installed by running the following command:

apt install snapd

Install the kernel files using Snap by running the following command:

snap install core

Now, to install MySQL Workbench using Snap, run the following command:

snap install mysql-workbench-community

Once installed, you can find MySQL Workbench in the application finder, or in the applications menu. In Debian 11, you will see a warning that the operating system is not supported. MySQL Workbench currently supports the following operating systems: Ubuntu, Red Hat Enterprise, Oracle Linux, Fedora, and Microsoft Windows. The fact that your system is not officially supported can be ignored, and this does not mean that you will run into errors. However, below I decided to add some Linux compatible alternatives to MySQL Workbench. More information on MySQL Workbench can be obtained at this link.

First of all, it is recommended to update and upgrade the packages before any installation:

sudo apt-get update
sudo apt-get upgrade

Installing dependencies required for Ly

To install ly you will need to install some very important dependencies . For simplicity, run the following command:

apt-get install build-essential libpam0g-dev libxcb-xkb-dev git -y

Install Ly

The next step is to install ly display manager. Start by opening a terminal window and clone the repository as shown below (use this Git guide link):

git clone --recurse-submodules https://github.com/nullgemm/ly.git

Once completed, navigate to the directory

cd ly

Run the compile command as shown below (just paste the command):

make

After compilation is complete, run the following command to test the display manager in the current tty session.

sudo make run

Once you’ve successfully tested, the next step is to install Ly and its systemd services. The command looks like this:

make install

After a successful installation, you should run the command below to enable the systemd service

systemctl enable ly

lspci | egrep 'VGA|NVIDIA'

As for the lists of NVIDIA drivers, they are all freely available in the official and paid Debian 11 package repositories. However, they are disabled by default. To enable them, issue the following command:

apt-add-repository contrib

To enable the non-free package repository, run the following command:

apt-add-repository non-free

Then make updates

apt-get update

Now let’s move on to the installation steps. To install the NVIDIA drivers, run the following command:

apt install nvidia-driver

Then confirm setting [Y]. Once you have confirmed the installation of the NVIDIA drivers and all required dependencies, wait for the installation to complete and reboot the server with the following command:

reboot