Linux after-install todo list (the useful list)

These are recommended steps to take as the first thing after installing a new Linux system from an ISO image.

This list is for people that want to get productive fast with a new install. These steps will provide a lightweight system with a small footprint, and will make sure that most/all of the essentials will get installed and not forgot.

About the list

The list is made for Debian based Linux systems. It is such a useful list that it is probably useful for some non-Debian based distros too.

The list does not cover system hardening, but some reasonably sane choices have been made so that the suggestions below are at least not counter productive.

The list will be most useful to you if you already have some Linux experience. Eg. it is not even explained what this (apparently important) "sudo" thing is. You are supposed to know that much.

The list is formatted as a text file. Feel free to copy+paste, as you will want to store it locally if/when you no longer have access to your bookmarks during post-install.


    

THE USEFUL LIST

(Edition 36) It is a long list. The first part of this list should be followed from top down, as some items "above" prepare the ground for some items "below". This part has the essential steps, these are probably necessary for most people. Below that everything is suggestions: You may want to follow some of these but not all of them, depending on what you would like to use your system for, etc. ------------------------------------------------------------------------ ------------------------------------------------------------------------

TABLE OF CONTENTS

  1. PART 1: THE ESSENTIALS
    1. CONFIGURE ESSENTIALS
    2. REDUCE INSTALLATION SIZE
    3. INSTALL THE ABSOLUTE ESSENTIALS
    4. FIREFOX, INITIAL/BASIC HARDENING
  2. PART 2: OPTIONAL SUGGESTIONS
    1. SYSTEM TOOLS
    2. APPLICATIONS AND UTILITIES
    3. GENERAL SOFTWARE UTILITIES
    4. IMAGES AND PHOTOS
    5. ALTERNATIVE WEB BROWSERS
    6. EMAIL
    7. DEVELOPER TOOLS AND PROGRAMS
    8. LOCALHOST WEB SERVER
    9. PASSWORD MANAGER
  3. PART 3: APPENDICES
    1. APPENDIX: Link a folder into localhost
    2. APPPENDIX: A few ways to reload and restart Apache2
    3. APPENDIX: Before you install anything, simulate
    4. APPENDIX: Installing from "backports"

------------------------------------------------------------------------
------------------------------------------------------------------------

PART 1: THE ESSENTIALS

------------------------------------------------------------------------ ------------------------------------------------------------------------

CONFIGURE ESSENTIALS

Configure sudo
# su -> enter pass when prompted, then: # visudo or (if visudo is not installed): # su -> enter pass when prompted, then: # nano /etc/sudoers - navigate cursor to "root line". Looks like this: root ALL=(ALL:ALL) ALL - copy root line to new line below ("cut" + two times "uncut") - replace "root" in line 2 with your user name - save+exit: [ctrl]+[o] then [ctrl]+[x] last, remember to exit 'su': # exit now, never type 'su' again please.
Configure time and date
# sudo date --set="2021-08-31 09:30:00" - check time, date, timezone # timedatectl - change timezone, if required # sudo tzselect (just follow instructions on screen) - - alternative method: # sudo timedatectl set-timezone Europe/Copenhagen (replace "Europe/Copenhagen" with your timezone)
Configure locale (languages, date-time formats etc)
https://wiki.debian.org/Locale # sudo nano /etc/default/locale - add: LC_TIME="en_DK.UTF-8" LC_PAPER="en_DK.UTF-8" LC_MEASUREMENT="en_DK.UTF-8" Note: Replace "en_DK" with your preferred locale - then # sudo dpkg-reconfigure locales if you do not have "dpkg-reconfigure", install debconf # sudo apt install debconf - then: # sudo dpkg-reconfigure locales
Configure software sources
# sudo nano /etc/apt/sources.list example sources.list content (complete "bullseye" all inclusive): -------------------------------------------------------------------- deb http://security.debian.org/debian-security/ bullseye-security main contrib non-free deb http://deb.debian.org/debian/ bullseye main contrib non-free deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free deb http://deb.debian.org/debian/ bullseye-backports main contrib non-free -------------------------------------------------------------------- Note: Above "bullseye" may be replaced with "stable". But if you do that you may risk a bit of a chaotic upgrade process when the stable release changes from "bullseye" to the next version.
Configure certificates
To set settings for accept of software programs installing new root certificates, and to add/remove certificates the proper way: # sudo dpkg-reconfigure ca-certificates To update certificates, eg after manual removal (not required after above command) # sudo update-ca-certificates You may want to wait with this step until you have configured or installed a web browser so that you can research options first. Some starting points: https://proprivacy.com/guides/root-certificates-explained https://en.wikipedia.org/wiki/Root_certificate https://www.eff.org/observatory ------------------------------------------------------------------------

REDUCE INSTALLATION SIZE

also see: https://wiki.debian.org/ReduceDebian - first check current install size and available space # df -h
Remove irrelevant languages
Below languages Danish and English have been kept ("da" + "en"). Please adjust to your needs. If you have no need for Danish or English just remove those language and keep only the one(s) you want to use.
Manual pages
# aptitude search manpages -> then (adjust as appropriate): # sudo apt purge manpages-zh manpages-tr manpages-ro manpages-pt-br # sudo apt purge manpages-pl manpages-pl-dev manpages-nl manpages-mk # sudo apt purge manpages-ja manpages-ja-dev manpages-it manpages-hu # sudo apt purge manpages-fr manpages-es manpages-de
Spell check, dictionaries etc
# aptitude search aspell -> apt purge aspell # aptitude search ispell -> apt purge ispell (note: above process will yield temporary errors and throw up dialogs - just click accept + will also remove ispell dictionaries: ibrazilian igerman etc) # aptitude search hunspell -> apt purge hunspell # aptitude search hyphen -> then: # apt purge hyphen-lt hyphen-hr hyphen-hu hyphen-de
Desktop language versioning
Below languages Danish and English have been kept ("da" + "en"). Please adjust to your needs. If you have no need for Danish or English just remove those language and keep only the one(s) you want to use. # aptitude search task- # sudo apt purge task-a* task-ba* task-be* task-bo* task-braz* task-bul* # sudo apt purge task-c* # sudo apt purge task-du* task-dz* task-es* task-f* task-ga* task-ge* # sudo apt purge task-gr* task-gu* task-h* task-i* task-j* task-k* # sudo apt purge task-lat* task-lit* task-m* task-n* task-p* task-r* # sudo apt purge task-s* task-t* task-u* task-v* task-w* task-xh* # sudo apt autoremove Below should already have been atoremoved (unwanted languages) -> if not, run 'apt purge' on them # aptitude search libreoffice-l10n # aptitude search libreoffice-help # aptitude search myspell # aptitude search mythes
Exotic input methods, multi language terminal etc.
# aptitude search fcitx (should be autoremoved as well) # aptitude search zhcon -> if found: # apt purge fcitx zhcon # sudo apt purge xiterm+th* # sudo apt autoremove # sudo apt purge mlterm mlterm-tiny # sudo apt autoremove # sudo apt purge im-config # sudo apt autoremove
Remove fonts
It's hard to give advice on this as some will want many fonts Your fonts directory is: /usr/share/fonts - check disk usage # du -h /usr/share/fonts/ - - sorted view # du -h --max-depth=2 /usr/share/fonts/ | sort -hr - count number of files # find /usr/share/fonts/ -type f | wc -l - you may delete folders with 'rm -r' (no example provided) - then rebuild font cache # fc-cache -rv
Remove "accessibility tools"
You may also want to remove "accessibility tools" if you do not need them. One example is 'orca' (screen reader. If activated it will read out loud(!) whatever is on your screen): # sudo apt purge orca
Last, remove undeleted config files/folders
The deletes above may have left a lot of undeleted config files that are no longer required. - to list them: # aptitude search ~c - to delete them: # sudo aptitude purge ~c This will produce a lot of messages. Some will be like this: dpkg: warning: while removing fonts-telu-extra, directory '/usr/share/fonts/truetype/fonts-telu-extra' not empty so not removed - open a new teminal window in order to keep those messages visible - next, examine the directory contents in the new terminal # ls -la /usr/share/fonts/truetype/fonts-telu-extra - and delete # sudo rm -r /usr/share/fonts/truetype/fonts-telu-extra ------------------------------------------------------------------------

INSTALL THE ABSOLUTE ESSENTIALS

On first internet connection, run: - update package lists # sudo apt update - install bug-warnings on updates # sudo apt install apt-listbugs - below should be installed after locale configurations (see above) # sudo apt install localepurge - last: # sudo apt upgrade -------------------------------------------------------------------------

FIREFOX, INITIAL/BASIC HARDENING

Do this now because you may want to search the www soon. To help you configuring Firefox you may want to jump straight to the section "Alternative Web Browsers" (below) and install an alternative browser. Either as a replacement for Firefox, or as a tool to browse the WWW for information to assist you while configuring Firefox.
Configure Firefox: Privacy and security settings
Before you start Firefox for the first time, install this: # sudo apt install webext-ublock-origin-firefox then: - go OFF-LINE before you start Firefox for the first time: - configure below security and privacy settings while being off-line > about:permissions > about:config I could offer recommendations but I won't as it's a minefield. Some starting points here: - https://avoidthehack.com/firefox-privacy-config - https://gist.github.com/jornane/f47c344bae4c04ac761ee48b0b88c869 - https://proprivacy.com/privacy-service/guides/firefox-privacy-security-guide
Install hardening browser plugins
- on first time online on FF, you should visit no web site at all. The only thing you should do is to select "Extensions" in the menu and install+configure relevant privacy extensions - add adblock + decentraleyes/similar, etc: - "Librefox" - a set of hardening configurations for an existing Firefox install https://awesomeopensource.com/project/intika/Librefox - optional, perhaps useful, Firefox plugin urls: (some will also have a version for other browsers) https://privacybadger.org/ https://addons.mozilla.org/en-US/firefox/addon/localcdn-fork-of-decentraleyes/ https://addons.mozilla.org/en-US/firefox/addon/noscript/ https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/ https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/ https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/ https://addons.mozilla.org/en-US/firefox/addon/web-developer/ https://addons.mozilla.org/en-US/firefox/addon/right-click-link/ - then remember to search for a new web search provider and add at least a few different ones. Be sure to change the default. Search engine suggestions (reverse alphabetical order): (not all are privacy-focused, some so more by claim than action) - https://www.qwant.com/ - https://www.startpage.com - https://searx.space/ - https://fireball.de/ - https://www.ecosia.org/ - https://duckduckgo.com/ - then clear history, shutdown/restart FF, whatever you prefer. - only AFTER performing these steps should you visit the first web site using Firefox. This section and the fact that there are several privacy-oriented browser alternatives should give you a hint that the main focus of Firefox is not your privacy, although it is not even among the worst there is. Some suggestions for alternatives are found below, in the section "Alternative Browser Versions". Note: This section is kept short. Still, you will want to spend some time on each of these steps. You may even want to first download an alternative web browser (see below) to assist you in making informed decisions! I should add that this section is only included because Firefox is the only browser installed per default by Debian. Detailled advice on browser choice and -hardening is really outside the scope of this text. ------------------------------------------------------------------------ ------------------------------------------------------------------------

PART 2: OPTIONAL SUGGESTIONS

Everything below are suggestions only. These are not random recommendations. Only really useful stuff has been included. Note: In some cases more than one tool for the same general type of task is listed. Use judgement: you should not install everything on the list below. ------------------------------------------------------------------------ ------------------------------------------------------------------------

SYSTEM TOOLS

Oh well, tech stuff... either you get it or you don't. You will certainly not want to install all on the list below, but it's all good stuff. Use some judgement.
WWW tools
- (eg 'ifconfig' /deprecated - replaced by 'ip') # sudo apt install net-tools # sudo apt install whois iputils-ping traceroute # sudo apt install wget - check "# which curl" - if not installed: # sudo apt install curl
System monitors and top variants
- top variants # sudo apt install iotop htop atop # sudo apt install iftop # sudo apt install nethogs # sudo apt install jnettop - stats / system info: - - ifstat: interfaces # sudo apt install ifstat - - inxi: config info (https://smxi.org/docs/inxi.htm) # sudo apt install inxi - - conky: desktop live monitor # sudo apt install conky
Enhanced terminals (suggestions only)
- tilda: top-of-screen terminal (https://github.com/lanoxx/tilda) # sudo apt install tilda - terminator (https://gnome-terminator.org/) # sudo apt install terminator - tmux terminal multiplexer (https://github.com/tmux/tmux) # sudo apt install tmux
Utilities (suggestions only)
- kill a window # sudo apt install xkill - disk mount without password (or, use eg GVFS for this) # sudo apt install udevil - debian package installer (probably already covered by dpkg) # sudo apt install gdebi
Disk management
- 'parted' partition editor ('partx' probably already installed) # sudo apt install parted - - or: gparted # sudo apt install gparted gpart - - - or: disk tools # sudo apt install fdisk - - - - or full system utilities collection (includes 'fdisk') # sudo apt install linux-utils - backup partitions into a compressed image file # sudo apt install partimage
Mobile broadband, wifi, ethernet
-for mobile broadband use "network-manager" + "modemmanager" + "ppp" # sudo apt intall network-manager modemmanager ppp - it will work with Wi-Fi and cable as well ------------------------------------------------------------------------

APPLICATIONS AND UTILITIES

You will probably not want to install all on the list below, but it's all good stuff. Use some judgement. bluetooth support (if desired, and not installed) # sudo apt install bluez bluez-obexd various file formats (for all kinds of file managers, eg mc below) # sudo apt install mime-support file arj bzip2 unar zip unzip unrar midnight commander # sudo apt install mc meld (compare files and folders) # sudo apt install meld - deluge bittorent client (note: there are alternatives and this is not the most lightweight) # sudo apt install deluge - some may insist that aptitude is essential even if they have apt # sudo apt install aptitude - xdotool is a commandline tool to simulate keystrokes and mouse clicks. Often used in scripts, and some software may require it for eg. some window-handling operations. If you don't see your need for it don't install. Software that rely on it will tell you on install. # sudo apt install xdotool ------------------------------------------------------------------------

GENERAL SOFTWARE UTILITIES

Perhaps you will not need anything from this section at all, but it's all good stuff. Use some judgement (these may be large downloads).
Software installers
- FlatPak (https://www.flatpak.org/) # sudo apt install flatpak - Snap (https://snapcraft.io/) # sudo apt install snapd - Discover (https://apps.kde.org/discover/) (has backends for flatpak+snap+fwupd) # sudo apt install plasma-discover - AppImage (https://appimage.org/) - dl: https://appimage.github.io/ - wait, what about Synaptic? #sudo apt install synaptic
Firejail sandboxing
(https://firejail.wordpress.com) # sudo apt install firejail - see for appimage https://firejail.wordpress.com/documentation-2/basic-usage/#appimage - see for apparmor https://firejail.wordpress.com/documentation-2/basic-usage/#apparmor
Apparmor system protection
(https://www.apparmor.net/) - you probably just need to check if installed (it probably is) # sudo aa-status ------------------------------------------------------------------------

IMAGES AND PHOTOS

You will want access to those pics of cats, dishes, and whatnot of course. But then you will probably not want to install all on the list below. Still, it's all good stuff. Use some judgement.
Image utilities
- lightweight image viewer (for gui) # sudo apt install gpicview - lightweight image viewer (for terminal) # sudo apt install feh - take screenshot from cmdline # sudo apt install scrot - commandline image editing # sudo apt install imagemagick - - and/or a faster alternative for some conversion types (see: https://exactcode.com/opensource/exactimage/) # sudo apt install exactimage - find image duplicates # sudo apt install findimagedupes - command-line image creation / drawing tool # sudo apt install flydraw
Photo/graphics programs
Just a few suggestions (note: large programs + downloads) - gimp photo/image editing + raw format handling + extras # sudo apt install gimp rawtherapee gimp-plugin-registry gimp-data-extras (above is >80Mb download and ~350Mb on disk) - vector based drawing # sudo apt install inkscape (above is ~24MB download and ~120 MB on disk) ------------------------------------------------------------------------

ALTERNATIVE WEB BROWSERS

You will probably not want to install all on the list below, but it's all good stuff. Use some judgement.
First, get alternative lightweight browsers
- links2: # sudo apt install links2 libdirectfb-extra - w3m: # sudo apt install w3m - dillo # sudo apt install dillo - NetSurf (http://www.netsurf-browser.org # sudo apt install netsurf-gtk The above are really simple lightweight browsers, they will not behave like modern browsers do. As an example javascript will not work. They are extremely fast.
Then, not-so-lightweight modern browsers
NOTE: Some/most will not work on 32 bit systems (older PCs) For a Firefox-like alternative that will display modern souped-up JS heavy web sites (these are not privacy oriented browsers): - Palemoon ("oldschool firefox") http://linux.palemoon.org/ (fairly lightweight, works very well on older systems, has well-known plugins, and can be reasonably hardened faster and easier than Firefox) - if 64 bit: http://linux.palemoon.org/ - 32+64 bit (incl ARM): debian+ubuntu repo: https://software.opensuse.org/download.html?project=home:stevenpusser&package=palemoon - Basilisk - 64 bit only. (More heavyweight, support for more "modern stuff" like WebRTC, CSS3, HTML5, NPAPI, WAPI - yet still XUL/Goanna based. From the Palemoon developers) http://www.basilisk-browser.org/features.shtml - GNOME Web / Epiphany. Based on WebKit. Lightweight. Install by FlatPak or repository. https://wiki.gnome.org/Apps/Web/ - simulate first, then remove "-s" if appropriate # sudo apt -s install epiphany-browser - Falkon / QupZilla from KDE. Based on QtWebEngine. 32 bit support. Install methods: FlatPak, Snap or repository. https://www.falkon.org/ - simulate first, then remove "-s" if appropriate # sudo apt -s install falkon - Konqueror from KDE. File manager, FTP client, web browser ... 32 bit support. Install using Discover or repository. https://apps.kde.org/konqueror/ - simulate first, then remove "-s" if appropriate # sudo apt -s install konqueror
For more privacy oriented versions of Firefox:
- Do not think of these as "privacy browsers", they are merely Firefoxes that have been changed in various ways. Some Google integration etc. may be left. - "librewolf": - 64 bit (but perhaps installable as Flatpak, AppImage, or build) https://librewolf-community.gitlab.io/ - "waterfox" (not primarily privacy oriented) - 64 bit only https://www.waterfox.net/
For a Chromium based browser with (some) privacy
- Only for 64 bit Linux systems (32 bit available for Windows) - Chromium is not lightweight, the following are not either - Do not think of these as "privacy browsers", they are merely Chromiums that have been changed in various ways. Some Google integration etc. may be left. - "Ungoogled Chromium" https://ungoogled-software.github.io/ - "Brave Browser" https://brave.com/linux/ - "Iridum Browser" https://iridiumbrowser.de/
For a browser that is built with privacy as the primary and single purpose
- "Tor Browser" (32+64 bit) https://www.torproject.org/ https://www.torproject.org/download/languages/ The following are NOT currently recommended for privacy reasons (they may still be good for other reasons/purposes): - Chrome, Chromium, Safari, Vivaldi, Opera, LibreBrowser, Epic Browser, Midori (neither is Edge, but that's a Windows browser) Here are some starting points for your own decision-making - https://restoreprivacy.com/browser/secure/ - https://coveryourtracks.eff.org/ ------------------------------------------------------------------------

EMAIL

This section is a list of FOSS email clients for Linux. When installing a new system it might be a good idea to try something new (once you've re-established your inbox of course) It has not been possible to test if all these have support for 32 bit or not. Some may also be large downloads. Research first, and simulate install if possible Wrt privacy, some of these may have some degree of integration to Google and/or other third-parties/web services. Please investigate before you decide.
Graphical user interface
- Balsa: Mail (GNOME) https://pawsa.fedorapeople.org/balsa/ - Claws Mail: Mail, news/RSS, lightweight (GTK+) https://www.claws-mail.org/ - Evolution: Mail, calendar, notes (GNOME) https://wiki.gnome.org/Apps/Evolution - Geary: Conversation-based mail (GNOME) https://wiki.gnome.org/Apps/Geary - Hamsket: Messaging and email (64 bit) - fork of Rambox https://github.com/TheGoddessInari/hamsket - Iceape-UXP: XUL Mail https://wiki.hyperbola.info/doku.php?id=en:project:iceape-uxp - Interlink: An XUL based email client (32+64 bit) https://binaryoutcast.com/projects/interlink/ - KMail: Mail part of Kontact (KDE) https://kontact.kde.org/components/kmail.html - Kube: Mail, calendar, notes (KDE) https://kube-project.com/ - Mail / Pantheon Mail: Mail (Elementary OS) https://launchpad.net/pantheon-mail - Mailpile: Mail, privacy focused, web-based https://www.mailpile.is/ - Nextcloud mail: Mail, calendar (32 bit support) https://apps.nextcloud.com/apps/mail - Rambox Community Ed.: Messaging and email - js dependent, ie heavy https://github.com/ramboxapp/community-edition - SeaMonkey: Mail, feeds, chat, html editor (Gecko) (32 bit support) https://www.seamonkey-project.org/ - Sylpheed: Mail, lightweight (GTK+) https://sylpheed.sraoss.jp/en/ - Thunderbird: Mail + calendar (32+64 bit) https://www.thunderbird.net/
Command line / terminal
- aerc https://aerc-mail.org/ - mutt http://www.mutt.org/ - sup: For large inboxes https://sup-heliotrope.github.io/ ------------------------------------------------------------------------

DEVELOPER TOOLS AND PROGRAMS

If you're not into (web) development you may not need anything from this section at all, but it's all good stuff. Use some judgement.
Development tools / code editors
- geany lightweight IDE (https://geany.org/) + virtual terminal # sudo apt install geany libvte9 - git (https://git-scm.com/) # sudo apt install git - graphical FTP client # sudo apt install filezilla If you regularly do development or programming please install your favourites. Above few suggestions are only intended to get you productive fast. ------------------------------------------------------------------------

LOCALHOST WEB SERVER

Install web server stack (apache2+php+mariadb+phpmyadmin)
# sudo apt install apache2 apache2-suexec-pristine # sudo apt install php php-pear php-json php-mbstring php-mysql php-intl # sudo apt install libapache2-mod-php # sudo apt install mcrypt php-imagick libmcrypt-dev libmagickcore-6.q16-6-extra # sudo apt install mariadb-common mariadb-server php-mysql # sudo apt install phpmyadmin php-gmp php-gd
Configure PHP and mysql/mariadb
# sudo phpenmod intl # sudo phpenmod mysqli # sudo mysql_secure_installation # sudo service mysql restart # sudo service mysqld restart # sudo service apache2 restart
Set admin password (if not already set)
- - login # mysql -u root - - or # sudo mysql -u root - - when logged in > SET PASSWORD FOR 'root'@'localhost' = PASSWORD('your password'); > flush privileges; > \q
Login to check everything went okay.
# sudo mysql -u root -p - or # mysqladmin -u root -p (above will just display help text and exit) check status of mysql service # sudo systemctl status mysql.service
Configure Apache2
# sudo a2enmod php # sudo a2enmod rewrite # sudo systemctl restart apache2 # sudo nano /etc/apache2/apache2.conf - change "AllowOverride to "All" in directory /var/www # sudo nano /etc/apache2/mods-enabled/dir.conf - reorder "index.php" to start of line, before the others # sudo service apache2 restart
Edit default Apache2 site configuration
# ls /etc/apache2/sites-enabled # cat /etc/apache2/sites-enabled/000-default.conf # sudo nano /etc/apache2/sites-enabled/000-default.conf - after/below "DocumentRoot /var/www/html" enter: <Directory /var/www/html> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all </Directory> -then: # sudo service apache2 restart
Configure localhost folders
# ls -al /var/www/html -if phpmyadmin is installed: # sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin # sudo chown -R user:www-data /var/www/html/ (note: above 'user' must be username) # sudo chmod -R 770 /var/www/html/ # sudo chmod ug=rwx /var/www # ls -lh /var/www/
Set up virtual hosts (on localhost)
This process tends to change a little with new versions of Apache, so use the official documentation: - https://httpd.apache.org/docs/2.4/vhosts/ - https://httpd.apache.org/docs/2.4/vhosts/examples.html A search engine may also be useful. A guide is outside the scope of this text, but you should really do it the right way. ------------------------------------------------------------------------

PASSWORD MANAGER

A separate section, as time spent on this issue is time well spent. Skip this whole section if you're already covered and/or if you are in a hurry to get productive. Then as time permits return to this issue, skip point "A" and go directly to point "B".
A) If you absolutely NEED to use KeePass
KeePass seems to be recommended a lot of places. Here it is not so. Still, you may find that you need to handle KeePass files. Note: If you do not require this specific password manager (eg because you already have used it before or/and hence have files in this format) do not use it. If you do not need to recover keys from a KP file you should use one of the alternative PW managers listed below. Use either KeePass2 or KeePassXC # sudo apt install keepass2 ( do not install if not unavoidable ) - or # sudo apt install keepassxc ( not recommended but least offensive ) BEWARE: KeePass2 will install a lot of new root certificates without even asking first! This is not only a privacy concern, it is a clear security risk. This does not seem to happen with KeePassXC. So, if you absolutely need some flavour of "KeePass", choose "XC". This may be prevented by choosing "no" or "ask" at the first step of this guide. Technically these are installed by "libmono-system" which is a library used by "kepass2", so they are installed by a dependency of KeePass and not by Keepass itself, which does not change the effect and neither does it remedy the situation. See Remove KeePass below Please install one that does not make your computer trust things that you don't even know if you want to trust or not. Examining complicated matters like that is extra work and as we are configuring a system we want to get productive fast and so there is no time for rogue installs eg. requirements to examine root certificates. You do not want that, so check out these alternative password managers:
B) KeePass password manager alternatives
ylva, pass, bypass, pwman3, passwordsafe, password-gorilla, impass, revelation, gokey, gnome-passwordsafe, cpm ... eg: # apt show revelation perhaps run a simulated install, to check what happens before actually installing eg: # apt-get -s install revelation Next, copy your keys from KeePass to the better one. This may take a while so make sure to select one that is simple and does not offer features that you don't know if you want or not. Just the basics please.
C) Remove KeePass and unwanted certificates:
Last: # sudo apt purge keepass* - and make sure the unwanted certificates are removed too. The package "ca-certificates-mono" is the one that installs the certificates in the first place, b/c of "libmono-system4.0-cil", so: # sudo apt purge ca-certificates-mono libmono-system4.0-cil Finish off with # sudo apt autoremove - of course, don't just trust some random list! You should examinine dependencies for your own system first: # aptitude why ca-certificates-mono - then # aptitude why libmono-system4.0-cil Finish off with # sudo apt autoremove
A (risky) shortcut to purge mono and KeePass
With extreme caution, try running this simulation: # sudo apt -s purge *mono* - if this does not seem to remove anything apart from the mono framework and keepass, it may be safe running it without the "-s". You may get warnings like these dpkg: warning: while removing libmono-security4.0-cil, directory '/etc/mono/certstore' not empty so not removed dpkg: warning: while removing mono-runtime-common, directory '/etc/mono' not empty so not removed ... examine these directories # ls -la /etc/mono/certstore* # ls -la /etc/mono* ... and remove if appropriate (likely so) # sudo rm -r /etc/mono Finish off with # sudo apt autoremove - and update certificates # sudo update-ca-certificates ------------------------------------------------------------------------ ------------------------------------------------------------------------

PART 3: APPENDICES

------------------------------------------------------------------------ ------------------------------------------------------------------------ A fast and simple way to "just hack" a folder of web content into localhost is by using a symbolic link: Say you have all your "dev stuff" in your folder "~/www/", then do: # ln -s /home/user/www /var/www/html/www (note "user" should be your user name, replace it first) - above will mirror your "~/www/" folder to http://localhost/www/

APPPENDIX: A few ways to reload and restart Apache2

reload: # sudo service apache2 reload - or: # systemctl reload apache2 restart: # sudo service apache2 restart - or: # sudo systemctl restart apache2 - or: # sudo /etc/init.d/apache2 restart check status of the apache2 service: # sudo systemctl status apache2

APPENDIX: Before you install anything, simulate

Run a simulated install to get an idea of what will happen, before you do an install. Just a tip. These two works the same way (shows complete process, but no download or disk usage sizes) # sudo apt install -s example_software_name # sudo apt-get install -s example_software_name This one provides download size and disk usage size (but does not show suggested packages) # sudo aptitude install -s example_software_name
Install "apt-listbugs"
You will want to be notified of grave bugs before you install some package that ruins your system. This was already mentioned above, under "Essential Installs", so to repeat: # sudo apt install apt-listbugs This package gives you the option to abort the install process before you ruin your system.

APPENDIX: Installing from "backports"

If a package is not yet available in the stable version, it may be available in "backports". Assuming you have added "backports" to your "sources.list" file, this is how to search and install packages. The package "wicd" is used as an example: # sudo apt update # aptitude -t bullseye-backports search wicd - or # apt -t bullseye-backports search wicd - if found, install: # sudo apt -t bullseye-backports install wicd (Note: "wicd" is a network manager. Do not install it if you use mobile broadband, as it will not work with that.) ------------------------------------------------------------------------ ------------------------------------------------------------------------

END OF LIST. THE FUN STARTS HERE.

This would be a good time to actually USE that 'partimage' utility you read about above, but forgot to install. But then you could also 'dd', 'rsync', or whatever you prefer. ------------------------------------------------------------------------ After finishing this list you should install your favorite media players, games, office suites, test frameworks, desktop environments, window managers, and whatnot. These types of things are not included. The focus is on quickly getting a basic work-ready system up and running. After finishing this list you will be able to get things done. (Top of list) (Table of Contents)

URL: http://clsc.net/clsc-net/tools/linux-todo-after-install.php