debian – customizing linux server after flashing image

I have a process which applies a image/clone of a “fully configured” debian-based system to batches of like hardware, and then customizes several key system properties POST flash for uniqueness before the devices ship. Different than most answers i find, this is “one -> many” source to “fleet”.

I expect there is quite a bit of overlap with existing tools, but I don’t have any experience with “fleet provisioning” for “full os” machines and haven’t been very successful on google. We have gone down this route (custom solution) as an interim as it was minimally sufficient for now, and was much simpler technically than automating the post-os-install device setup via ~ansible or similar. It appears to be working and solved a POC need, but as we look at taking this further we’d like to ensure we’re considering established approaches.

My question is twofold:

  1. does our current simple approach have any significant omissions/security-risks
    • (using a classic/manual install based on debian iso + userspace tool install&config as a baseline)
  2. in the linux ecosystem, is there an established toolset to do what we’re doing? Ideally fully scriptable (non-gui)
    • (I am not finding a universal name for this – is there one?)

Today, we automate customizing the following:

  • unique hostname
  • random password for admin user (only user with login enabled)
  • new ssh keys for admin
  • UUID + PARTUUID for the partitions & fstab

For reference, the devices are essentially small x86 embedded servers that serve as hubs with wan connectivity. There are a number of tools on installed into the system for device management & telemetry, and business functions. In the future we’ll need to support trusted boot and disk encryption.

Appreciate your advice.

linux – Add IPV6 range / block on network debian configuration

I am configuring a network interface on my server, editing this file /etc/network/interfaces.d/50-cloud-init.cfg

I need to have a list of IP address configured which all are in the same ip-block.
For now i’m writing every single ip address separately on the configuration file.
I would like to know if it’s possible to activate a whole block / range of ip in one shot ?

What i have inside for now s something like this :

auto lo
iface lo inet loopback

auto eno1
iface eno1 inet dhcp
    mtu 1500

auto eno1:0
iface eno1:0 inet static
address xx5.xx9.xx.0

auto eno1:1
iface eno1:1 inet static
address xx.xx.xx.1

auto eno1:2
iface eno1:2 inet static
address xx.xx.xx.2

auto eno1:3
iface eno1:3 inet static
address xx.xx.1xx.3

auto eno1:4
iface eno1:4 inet static
address xx.xx.xx.4

auto eno1:5
iface eno1:5 inet static
address xx.xx.xx.5

auto eno1:6
iface eno1:6 inet static
address xx6.xx.xx.6

auto eno1:7
iface eno1:7 inet static
address xx6.xx.xx.7

ubuntu – How can I add a kernel argument to a debian preseed file?

I’ve been using Debian preseed files for a while now doing netinstalls of Debian and Ubuntu.

Ubuntu 20.04 has a weird video problem even on the text terminal. After install, sometimes you can’t see anything. The host is working over the network properly but nothing on vga output.

Adding nomodeset to the kernel commmandline list fixes it.

I’d like to just add nomodeset to the kernel args that the system is installed with but I’m having a heck of a time finding the preseed option for specifying additional kernel arguments / kernel commandline.

I tried merely adding nomodeset during the launch of the installer but that didn’t appear to take hold on the installed environment eiher.

What is the proper way in a Debian Installer preseed file, to specify additional kernel arguments that should be applied to the installed system?

How would I set up Debian 10 and Postfix security for a limited send-only email setup?

I (me and my wife) run a small Debian 10/Buster web server with a few websites for friends and need to set up outgoing email. I’ve got to the point where I can send emails from the command line (echo "Message Body" | mail -s "Message Subject" TARGET_EMAIL_HERE).

We need a set up that meets the following requirements:

  • only a few emails each week are will be sent:
    • some emails from a Perl contact form on a website (which needs tighter anti-spam protection, was going to use the Google CAPTCHA)
    • some emails with document attachments from a theatre booking system that only known and trusted users can log into
  • need a ‘reply to’ field in outgoing emails so people can hit “reply” in their email client (appears easy when setting up scripts to use mail servers)
  • we don’t want to allow any incoming email to the server

What we have:

  • user websites are set up in their user directories (which are 755), but we administer the sites and they cannot log in to the server
  • me and my wife are sudo-ers (two system admins) and the only people who login via SSH/SFTP
  • root login is disabled
  • We’ve changed the SSH port

I’m aware this is the bare minimum of info, but I’d like some guidance on setting up and securing Postfix for this kind of usage.

packaging – DEBIAN or debian in .deb package?

I am experimenting with creating a .deb package and am unsure about the file structure of a package. Is the directory that contains control, changelog, rules, etc supposed to be named DEBIAN or debian?

I am using dpkg-deb to package it, and it seems to require DEBIAN, and I am trying to use Lintian to check it, and it isn’t recognizing the changelog or copyright files. Lintian throws the errors debian-changelog-file-missing and no-copyright-file but later warns unknown-control-file changelog and unknown-control-file copyright. Looking at this page, it suggests using debian, and I rename the directory to that but it causes dpkg-deb to fail. Reading through the Debian Policy Manual, it usually uses debian in examples, but occasionally uses DEBIAN, which makes me wonder if in certain circumstances both may be needed. What is the right way to do this?

Debian server unable to run Certbot

root@vps434142:~# certbot 
Traceback (most recent call last):
  File "/usr/bin/certbot", line 6, in <module>
    from pkg_resources import load_entry_point
  File "/usr/local/lib/python3.6/site-packages/pkg_resources/", line 3017, in <module>
  File "/usr/local/lib/python3.6/site-packages/pkg_resources/", line 3003, in _call_aside
    f(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/pkg_resources/", line 3030, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/local/lib/python3.6/site-packages/pkg_resources/", line 659, in _build_master
  File "/usr/local/lib/python3.6/site-packages/pkg_resources/", line 967, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/local/lib/python3.6/site-packages/pkg_resources/", line 853, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'certbot==0.28.0' distribution was not found and is required by the application

Linux header 4.9.0-11-amd64 is missing in debian

I am a software developer and have only a basic understanding about Linux systems. We are in a migration phase from GCP to AWS and found that the Linux headers are missing while installing Cloud endure agent.

On checking found that the version 4.9.0-11-amd64 is missing in debian repository. Is there any way to install the header version 4.9.0-11-amd64 ?

Any help would be highly appreciated.

linux – Bluetooth dongle BLED112 on Debian 10 is not working

Following a suggestion from Stackoverflow I will try to seek help here:

I just randomly found a Bluegiga BLED112 Bluetooth dongle and I tried to connect it to my Debian 10 laptop as a basic dongle for Bluetooth audio outs.

Unfortunately I wasn’t able to solve all the issues I had, starting from the fact that the device is not fully listed once used lsusb and just a mere ID number – namely ID 2458:0001 – pops out and bluetooth or bluez helps weren’t successful either.

This given, I tried to follow several of the guides you can find online, also by running available scripts, but again nothing worked.

So if it’s possible, what should I do in order to run such a dongle for the basic use I mentioned above – i.e. just for connecting my stereo speakers to my computer?