Post-install Debian 13.4 Trixie — AMD , sécurité forte, gaming et outils complets
Guide complet orienté desktop avancé : backports, noyau récent, pile AMD/Mesa, Fastfetch au démarrage, boot propre avec GRUB masqué, sécurité renforcée, VPN, navigateurs, Steam, Gamemode, maintenance et outils système.
1) Mise à jour de base
sudo apt update && sudo apt full-upgrade -y2) Dépôts firmwares non libres
sudo apt install firmware-linux firmware-linux-nonfree firmware-misc-nonfree firmware-amd-graphics amd64-microcode3) Dépôt backports Debian 13 + noyau récent + pile AMD/Mesa
Créer le fichier :
sudo nano /etc/apt/sources.list.d/debian-backports.sourcesRemplir ainsi :
Types: deb deb-src
URIs: http://deb.debian.org/debian
Suites: trixie-backports
Components: main contrib non-free non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpgsudo apt updateInstaller un paquet spécifique depuis backports :
sudo apt install -t trixie-backports package-nameMettre à jour vers le noyau le plus récent pour Debian :
sudo apt install -t trixie-backports linux-image-amd64 linux-headers-amd64AMD MAX : pile Mesa/Vulkan/VA-API/OpenCL et firmwares récents :
sudo apt install -t trixie-backports firmware-linux firmware-linux-nonfree firmware-misc-nonfree firmware-amd-graphics amd64-microcode
sudo apt install -t trixie-backports mesa-vulkan-drivers mesa-opencl-icd libgl1-mesa-dri libglx-mesa0 mesa-va-drivers mesa-vdpau-drivers vulkan-tools radeontop4) Installation des paquets supplémentaires
sudo apt install gnome-tweaks gparted curl wget cron unzip p7zip-full ffmpeg gnome-shell-extensions flatseal timeshift htop btop lm-sensors5) Installer terminal Ptyxis et Fastfetch
sudo apt install ptyxis fastfetchRendre transparent le terminal Ptyxis :
gsettings set org.gnome.Ptyxis.Profile:/org/gnome/Ptyxis/Profiles/$PTYXIS_PROFILE/ opacity .50Configurer Fastfetch — générer le fichier de config :
mkdir -p ~/.config/fastfetch
fastfetch --gen-configLancer Fastfetch automatiquement au démarrage du terminal Bash :
grep -qxF 'fastfetch' ~/.bashrc || echo 'fastfetch' >> ~/.bashrcOption Zsh :
grep -qxF 'fastfetch' ~/.zshrc || echo 'fastfetch' >> ~/.zshrcEn exemple, Ma config Fastfetch :
// # Fastfetch Nawre
{
"$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",
"logo": {
"source": "debian",
"color": { "1": "green" },
"padding": { "top": 2, "left": 2 }
},
"display": { "separator": " ➜ ", "color": { "keys": "cyan", "output": "white" } },
"modules": [
"title",
"break",
{ "type": "custom", "format": " \u001b[42m\u001b[30m Mon Debian :) \u001b[0m", "key": " " },
"break",
{ "type": "os", "key": " 🐧 Système ", "format": "{3} {8}" },
{ "type": "kernel", "key": " ⚙️ Noyau ", "format": "{1} {2}" },
{ "type": "uptime", "key": " ⏱️ Activité " },
{ "type": "shell", "key": " 🐚 Shell " },
{ "type": "packages", "key": " 📦 Paquets " },
"break",
{ "type": "display", "key": " 🖥️ Écran " },
{ "type": "de", "key": " 🪟 Bureau " },
{ "type": "terminal", "key": " 📟 Terminal " },
"break",
{ "type": "host", "key": " 💻 Machine " },
{ "type": "cpu", "key": " 🧠 CPU ", "temp": true, "format": "{6} @ {7} - {8}" },
{ "type": "gpu", "key": " 🎮 GPU ", "hideType": "all", "format": "{2}" },
{ "type": "memory", "key": " 💾 Mémoire ", "format": "{1} / {2} ({3})" },
{ "type": "swap", "key": " 🔄 Swap " },
{ "type": "disk", "key": " 💽 Disque " },
"break",
{ "type": "localip", "key": " 🌐 IP v4 ", "showIpv6": false },
{ "type": "battery", "key": " 🔋 Énergie ", "format": "{4} ({5})" },
{ "type": "poweradapter", "key": " 🔌 Secteur " },
"break", "colors"
]
}6) Installer dépôts Flatpak
sudo apt install flatpak
sudo apt install gnome-software-plugin-flatpak
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepoRedémarrer
7) Installer Plymouth et masquer le menu GRUB au démarrage
sudo apt install plymouth plymouth-themes
sudo nano /etc/default/grubChanger ces lignes :
GRUB_TERMINAL=console
GRUB_DEFAULT=0
GRUB_TIMEOUT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash loglevel=3 rd.systemd.show_status=0 vt.global_cursor_default=0"
GRUB_CMDLINE_LINUX=""
GRUB_GFXMODE=1920x1080x32Pour durcir encore l’audit au boot, tu peux fusionner ceci dans GRUB_CMDLINE_LINUX_DEFAULT :
audit=1 audit_backlog_limit=64sudo sed -i 's/^quiet_boot="0"/quiet_boot="1"/' /etc/grub.d/10_linux
sudo update-grub2sudo plymouth-set-default-theme -l
sudo plymouth-set-default-theme -R THEME-CHOISIRedémarrer
8) Installer le pare-feu
sudo apt install ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw logging on
sudo ufw enable
sudo ufw status verbose9) Installer les outils réseau
sudo apt install nmap net-tools dnsutils zenmap wireshark tcpdump traceroute mtr-tiny ethtool10) Installation ClamAV
sudo apt install clamav clamav-freshclam
sudo service clamav-freshclam stop
sudo freshclam
sudo service clamav-freshclam start
clamscan -r /11) Installation Rkhunter
sudo apt install rkhunter
sudo rkhunter --propupd
sudo rkhunter --update
sudo rkhunter --check --sk12) Installer Sysstat
sudo apt install sysstat
sudo nano /etc/default/sysstatENABLED="true"sudo systemctl start sysstat
sudo systemctl enable sysstat13) Activer auditd afin de collecter des informations d’audit sur Debian
sudo apt update && sudo apt install -y auditd audispd-plugins
sudo systemctl enable auditd
sudo systemctl start auditdConfigurer des règles d’audit avec :
sudo nano /etc/audit/rules.d/cq.rules-w /etc/passwd -p wa -k password_changes
-w /etc/group -p wa -k groups_changes
-w /etc/ -p wa -k configuration_changessudo mkdir -p /etc/audisp/plugins.d
sudo nano /etc/audisp/plugins.d/syslog.confactive = yes
direction = out
path = builtin_syslog
type = builtin
args = LOG_INFOAppliquer les règles :
sudo augenrules --loadVérifier si les règles fonctionnent :
sudo ausearch -k password_changesDémarrer automatiquement au boot :
sudo systemctl enable auditd14) Installer AIDE (Advanced Intrusion Detection Environment)
sudo apt update && sudo apt install aide
sudo nano /etc/aide/aide.confChanger :
checksums=sha512Et ajouter pour exclure :
!/tmp
!/var/tmp
!/var/log/.*
!/var/spool/.*
!/proc/.*
!/sys/.*
!/run/.*
!/mnt/.*
!/media/.*
!/home/.*
!/usr/src/.*sudo aide --config /etc/aide/aide.conf --init
sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db15) Configurer login.defs
Changer l’âge et l’expiration des mots de passe dans /etc/login.defs :
PASS_MAX_DAYS 90
PASS_MIN_DAYS 1
PASS_WARN_AGE 7Configurer le nombre de tours de hachage des mots de passe dans /etc/login.defs :
ENCRYPT_METHOD SHA512
SHA_CRYPT_MIN_ROUNDS 5000
SHA_CRYPT_MAX_ROUNDS 800016) Installer module PAM
sudo apt install libpam-passwdqcDéfinir un umask système de manière permanente :
sudo nano /etc/pam.d/common-sessionsession optional pam_umask.so umask=02717) Activer la comptabilité des processus sur Debian
sudo apt-get install acct
sudo /usr/sbin/accton on
sudo systemctl enable acct.servicePour consulter les données :
sudo dump-acct /var/log/account/pacct18) Installer Debsums
sudo apt install debsums
sudo nano /etc/default/debsumsCRON_CHECK=never19) Installer Unattended Upgrades pour les mises à jour de sécurité automatiques
sudo apt install unattended-upgrades
sudo systemctl start unattended-upgrades
sudo systemctl enable unattended-upgrades
sudo systemctl status apt-daily.timer
sudo systemctl status apt-daily-upgrade.timer
sudo systemctl enable --now apt-daily.timer
sudo systemctl enable --now apt-daily-upgrade.timer
sudo dpkg-reconfigure -plow unattended-upgradesÉditer :
sudo nano /etc/apt/apt.conf.d/50unattended-upgradesEt ajouter :
Unattended-Upgrade::Skip-Updates-On-Metered-Connections "false";20) Installation d’outils sécurité supplémentaires
sudo apt install lynis chkrootkit logwatch libpam-tmpdir apt-listbugs needrestart fail2ban apt-show-versions apparmor apparmor-profiles apparmor-utils21) Installer Firefox via le dépôt officiel Mozilla et supprimer Firefox ESR
sudo apt purge firefox-esr -y
sudo apt autoremove -y
sudo install -d -m 0755 /etc/apt/keyrings
wget -q https://packages.mozilla.org/apt/repo-signing-key.gpg -O- | sudo tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null
cat <<EOF | sudo tee /etc/apt/sources.list.d/mozilla.sources
Types: deb
URIs: https://packages.mozilla.org/apt
Suites: mozilla
Components: main
Signed-By: /etc/apt/keyrings/packages.mozilla.org.asc
EOF
cat <<EOF | sudo tee /etc/apt/preferences.d/mozilla
Package: *
Pin: origin packages.mozilla.org
Pin-Priority: 1000
EOF
sudo apt update
sudo apt install firefox firefox-l10n-fr -y
sudo apt-mark hold firefox-esr22) Installer ProtonVPN
wget https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.8_all.deb
sudo dpkg -i ./protonvpn-stable-release_1.0.8_all.deb && sudo apt update
sudo apt install proton-vpn-gnome-desktop
sudo apt install gnome-shell-extension-appindicator gnome-shell-extension-prefsOption split tunneling :
sudo apt install linux-headers-$(uname -r)
sudo apt install systemd-resolved23) Installer Brave
sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
sudo curl -fsSLo /etc/apt/sources.list.d/brave-browser-release.sources https://brave-browser-apt-release.s3.brave.com/brave-browser.sources
sudo apt update
sudo apt install brave-browser24) Gaming — Installer Steam
sudo apt update && sudo apt upgrade -y
sudo dpkg --add-architecture i386
sudo apt update
curl -fsSL https://repo.steampowered.com/steam/archive/stable/steam.gpg | sudo tee /usr/share/keyrings/steam.gpg > /dev/null
cat </dev/null
sudo apt update25) AMD MAX Gaming — Gamemode, MangoHud, outils Vulkan
sudo apt install meson libsystemd-dev pkg-config ninja-build git libdbus-1-dev libinih-dev build-essential gamemode mangohud goverlayTester Gamemode :
gamemode-simulate-gameSi ça n’affiche pas d’erreur, c’est bon.
Pour Steam, dans les options de lancement du jeu :
gamemoderun mangohud %command%26) Optimisations SSD / NVMe et maintenance
sudo systemctl enable --now fstrim.timer
sudo apt update && sudo apt full-upgrade
sudo apt autoclean && sudo apt autoremove
sudo apt purge '~c'Installer l’outil de test NVMe :
sudo apt install nvme-cli
sudo nvme smart-log /dev/nvme027) Outils utiles en plus
sudo apt install filezilla remmina vlc distrobox podman git-lfs jq tree ncdu rsync synaptic28) Vérifications utiles après installation
uname -r
fastfetch
glxinfo -B
vulkaninfo --summary
systemctl status ufw
systemctl status fail2ban
firefox --version
steam --version