Post-installation Debian 13 (Trixie)

Sécurité & Gaming

Guide de post-installation orienté sécurité, confidentialité et gaming pour Debian 13.

1. Installation des firmwares non libres

sudo apt install firmware-linux firmware-linux-nonfree firmware-misc-nonfree

2. Activer le dépôt Backports Debian 13

Créer le fichier :

sudo nano /etc/apt/sources.list.d/debian-backports.sources

Contenu :

Types: deb deb-src
URIs: http://deb.debian.org/debian
Suites: trixie-backports
Components: main contrib non-free non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Mettre à jour :

sudo apt update

Installer un paquet spécifique depuis les backports :

sudo apt install -t trixie-backports package-name

3. Paquets supplémentaires utiles

sudo apt install gnome-tweaks gparted curl wget cron unzip p7zip-full ffmpeg 
                 gnome-shell-extensions flatseal timeshift

Terminal Ptyxis & Fastfetch

sudo apt install ptyxis fastfetch

Rendre le terminal transparent :

gsettings set org.gnome.Ptyxis.Profile:/org/gnome/Ptyxis/Profiles/$PTYXIS_PROFILE/ opacity .50

4. Flatpak & Flathub

sudo apt install flatpak gnome-software-plugin-flatpak
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

🔁 Redémarrer

5. Plymouth & démarrage silencieux (GRUB)

sudo apt install plymouth plymouth-themes
sudo nano /etc/default/grub

Modifier :

GRUB_TERMINAL=console
GRUB_DEFAULT=0
GRUB_TIMEOUT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash loglevel=3 rd.systemd.show_status=0 vt.global_cursor_default=0"
GRUB_CMDLINE_LINUX=""
GRUB_GFXMODE=1920x1080x32

sudo sed -i 's/^quiet_boot="0"/quiet_boot="1"/' /etc/grub.d/10_linux
sudo update-grub2

Choisir un thème :

sudo plymouth-set-default-theme -l
sudo plymouth-set-default-theme -R THEME-CHOISI

🔁 Redémarrer

6. Pare-feu UFW

sudo apt install ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw logging on
sudo ufw enable

7. Outils réseau

sudo apt install nmap net-tools dnsutils zenmap wireshark

8. Antivirus & Rootkits

ClamAV

sudo apt install clamav clamav-freshclam
sudo service clamav-freshclam stop
sudo freshclam
sudo service clamav-freshclam start
clamscan -r /

Rkhunter

sudo apt install rkhunter
sudo rkhunter --propupd
sudo rkhunter --update
sudo rkhunter --check --sk

9. Monitoring & Audit

Sysstat

sudo apt install sysstat
sudo nano /etc/default/sysstat

ENABLED="true"

sudo systemctl enable --now sysstat

Auditd

sudo apt install auditd audispd-plugins
sudo systemctl enable --now auditd

Règles d’audit :

sudo nano /etc/audit/rules.d/cq.rules

-w /etc/passwd -p wa -k password_changes
-w /etc/group -p wa -k groups_changes
-w /etc/ -p wa -k configuration_changes

sudo augenrules --load
sudo ausearch -k password_changes

10. AIDE (IDS)

sudo apt install aide
sudo nano /etc/aide/aide.conf

Modifier :

checksums=sha512

Exclusions :

!/tmp
!/var/tmp
!/var/log/.*
!/proc/.*
!/sys/.*
!/run/.*
!/mnt/.*
!/media/.*
!/home/.*
!/usr/src/.*

sudo aide --init
sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db

11. Politiques mots de passe & PAM

Modifier le fichier /etc/login.defs

PASS_MAX_DAYS 90
PASS_MIN_DAYS 1
PASS_WARN_AGE 7
ENCRYPT_METHOD SHA512
SHA_CRYPT_MIN_ROUNDS 5000
SHA_CRYPT_MAX_ROUNDS 8000

PAM & UMASK

sudo apt install libpam-passwdqc
sudo nano /etc/pam.d/common-session

session optional pam_umask.so umask=027

12. Navigateurs & VPN

ProtonVPN

wget https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.8_all.deb
sudo dpkg -i protonvpn-stable-release_1.0.8_all.deb
sudo apt update
sudo apt install proton-vpn-gnome-desktop

Librewolf

sudo apt install extrepo
sudo extrepo enable librewolf
sudo apt install librewolf

Brave

sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
sudo curl -fsSLo /etc/apt/sources.list.d/brave-browser-release.sources https://brave-browser-apt-release.s3.brave.com/brave-browser.sources
sudo apt update && sudo apt install brave-browser

13. Gaming sur Debian

Steam

sudo dpkg --add-architecture i386
sudo apt update
sudo apt install steam-launcher

Gamemode

sudo apt install gamemode
gamemode-simulate-game

Commande Steam :

gamemoderun %command%

Wine & Protontricks

sudo apt install wine

(Protontricks recommandé via Flatpak)

14. Maintenance & NVMe

sudo apt update && sudo apt full-upgrade
sudo apt autoclean && sudo apt autoremove
sudo apt purge '~c'

NVMe

sudo apt install nvme-cli
sudo nvme smart-log /dev/nvme0

🛡️ Debian 13 est maintenant sécurisé, optimisé et prêt pour le gaming.

Bienvenue sur mon blog :)

Post-installation Debian 13 (Trixie)

Post-installation Debian 13 (Trixie)

Sécurité & Gaming

1. Installation des firmwares non libres

2. Activer le dépôt Backports Debian 13

3. Paquets supplémentaires utiles

Terminal Ptyxis & Fastfetch

4. Flatpak & Flathub

5. Plymouth & démarrage silencieux (GRUB)

6. Pare-feu UFW

7. Outils réseau

8. Antivirus & Rootkits

ClamAV

Rkhunter

9. Monitoring & Audit

Sysstat

Auditd

10. AIDE (IDS)

11. Politiques mots de passe & PAM

PAM & UMASK

12. Navigateurs & VPN

ProtonVPN

Librewolf

Brave

13. Gaming sur Debian

Steam

Gamemode

Wine & Protontricks

14. Maintenance & NVMe

NVMe

Laisser un commentaire Annuler la réponse