{"id":15051031,"url":"https://github.com/enatec/debianauto","last_synced_at":"2026-02-23T13:33:41.132Z","repository":{"id":212650181,"uuid":"731997349","full_name":"Enatec/DebianAuto","owner":"Enatec","description":"Automated Debian 12 installation","archived":false,"fork":false,"pushed_at":"2023-12-15T18:00:54.000Z","size":166,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-20T21:52:23.735Z","etag":null,"topics":["automated-installation","debian","debian-linux","debian12","preseed","preseed-files","preseed-install","security"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Enatec.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-15T11:35:07.000Z","updated_at":"2023-12-15T11:44:28.000Z","dependencies_parsed_at":"2023-12-15T12:44:13.141Z","dependency_job_id":"2f409bff-75bd-4a35-bb91-1bbcb9c662d6","html_url":"https://github.com/Enatec/DebianAuto","commit_stats":null,"previous_names":["enatec/debianauto"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Enatec%2FDebianAuto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Enatec%2FDebianAuto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Enatec%2FDebianAuto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Enatec%2FDebianAuto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Enatec","download_url":"https://codeload.github.com/Enatec/DebianAuto/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243511368,"owners_count":20302549,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automated-installation","debian","debian-linux","debian12","preseed","preseed-files","preseed-install","security"],"created_at":"2024-09-24T21:30:34.405Z","updated_at":"2025-10-26T16:38:17.380Z","avatar_url":"https://github.com/Enatec.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Auto Debian\n\nAutomated Debian 12 installation\n\nAin was to create a slim and secure base image. Mostly used for virtual hosts in an Hyper-V enviroment.\n\nMost of the security and hardening related work is based on the work of [jhochwald (Joerg Hochwald)](https://github.com/jhochwald/) and [Mokkujin (Chris)](https://github.com/Mokkujin/).\n\nMany of the [cisecurity.org](https://www.cisecurity.org/) requirements and recommendations should be matched!\n\nYou can apply the rc.local file to any Debian, or Debian based system. It is meant to help the system administrator built a secure environment. This fille works best for a newly installed system!\n\nEven if all the security is curated carefully we can not guarantee that it will work for you. It will not magically secure any random excisting host. That said, it might be a good starting point to built a secure system/environment.\n\n## What it does\n\n- It will install a slim Debian 12 server system\n- It will create a default User with the name `enadmin`\n- The password of `enadmin` user is: `Start1234`, and you should change this directly after the installation\n  - You can change the user and/or the password in the `preseed.cfg` file\n  - Please remember to change to `rc.local` if you change to username. Please see line 23 for this change.\n- The user `enadmin` can administer the freshly installed system and is allowed to login remotely, and use `sudo`\n  - Please see Line 111 in the `rc.local` file. Look for `\u003cPLACE YOU OWN KEYS HERE\u003e`, this is where \u003cu\u003eyour\u003c/u\u003e SSH public keys must be placed\n  - Remote login (SSH) \u003cu\u003erequires\u003c/u\u003e the usage of SSH public keys, login via password is not enabled!\n- The user `root` is disabled! Please keep this in mind!!!\n\n### Bare Metal?\n\nIf you use this to deploy a bare metal server, what is perfectly fine, you should remove all the Hyper-V parts in the `rc.local` file.\n\n### Other hypervisors?\n\nYou can use any other hypervisor! But you should remove the Hyper-V parts and should apply any recommended tools manually.\n\n### Containers?\n\nThis is not meant to be used in any container environment, e.g., Docker!!!\n\n### WSL?\n\nCan you use this with WSL/WSL2? The simple answer is: **NO**!\n\nThe long answer: You can remove all the Grub related stuff and apply the `rc.local` to your Debian WSL container. But in our opinion, you should also remove the SSH parts.\n\n### Further reading CIS Security recommendation:\n\n- Center for Internet Security: [https://www.cisecurity.org/](https://www.cisecurity.org/)\n- CIS recommendations: [CIS Benchmarks](https://learn.cisecurity.org/benchmarks)\n\n## Found a bug or Issue?\n\nIf you find something bad (like a bug, error, or any issue), please report it here by open an [Issue](https://github.com/Enatec/DebianAuto/issues).\n\nOr even better: Fork the Repository, fix it and submit a [pull request](https://github.com/Enatec/DebianAuto/pulls), so others can participate too!\n\nSee the [Contribution Guide](CONTRIBUTING.md) for more details!\n\n## Create an ISO Image\n\n```shell\n#!/usr/bin/env bash\n###\n# This script will create a new ISO with the preseed.cfg file and the rc.local script\n# The rc.local script will be executed at the end of the installation\n#\n# All commands are fully qualified to ensure the script can be run from anywhere and no aliases are used\n# This script is designed to be run from the Windows Subsystem for Linux (WSL) on Windows 11\n# Many of the commands are run with sudo, so you will need to ensure you have sudo access on your WSL\n# You will also need to ensure you have the required packages installed (genisoimage and syslinux-utils)\n###\n\n# This should be the name of the ISO you want to use as a base (this is the Debian 10.4.0 netinst ISO)\nisoIn=debian-12.4.0-amd64-netinst.iso\n# This is the name of the new ISO that will be created\nisoOut=preseed-${isoIn}\n# This is the source directory where the files are located\nSourceDirectory='/mnt/c/DEV/DebianAuto'\n# This is the target directory where the files will be copied to\nTargetDirectory='/home/enadmin/DebianAuto'\n\n# Ensure we have the required packages\n/usr/bin/sudo /usr/bin/apt install genisoimage syslinux-utils -y \u003e/dev/null 2\u003e\u00261\n# Clean-up existing ISO in the source directory\n/usr/bin/sudo /usr/bin/rm -f $SourceDirectory/$isoOut \u003e/dev/null 2\u003e\u00261\n# Clean-up target directory\n/usr/bin/sudo /usr/bin/rm -rf $TargetDirectory \u003e/dev/null 2\u003e\u00261\n# Copy files to target directory\n/usr/bin/cp -rT $SourceDirectory $TargetDirectory\n# Goto target directory\npushd $TargetDirectory \u003e/dev/null 2\u003e\u00261\n# Check if the ISO exists in the target directory\nif [ -f $isoIn ]; then\n   # Check if we need to remove the old ISO\n   if [ -f $isoOut ]; then\n      # Remove the old ISO\n      /usr/bin/sudo /usr/bin/rm -f $isoOut\n   fi\n   # Remove any old directories\n   /usr/bin/sudo /usr/bin/rm -rf new-iso vanilla-iso \u003e/dev/null 2\u003e\u00261\n   # Create new directories\n   /usr/bin/mkdir -p vanilla-iso new-iso \u003e/dev/null 2\u003e\u00261\n   # Mount the ISO\n   /usr/bin/sudo /usr/bin/mount -o loop $isoIn vanilla-iso \u003e/dev/null 2\u003e\u00261\n   # Copy the ISO contents to the new directory\n   /usr/bin/cp -rT vanilla-iso/ new-iso/\n   # Unmount the ISO\n   /usr/bin/sudo /usr/bin/umount vanilla-iso \u003e/dev/null 2\u003e\u00261\n   # Goto the Jumpstart directory\n   pushd Jumpstart/ \u003e/dev/null 2\u003e\u00261\n   if [ -f ../debian.tar.gz ]; then\n      # Remove the old tarball\n      /usr/bin/sudo /usr/bin/rm -f ../debian.tar.gz \u003e/dev/null 2\u003e\u00261\n   fi\n   # Change permissions on rc.local\n   /usr/bin/chmod 700 ./rc.local \u003e/dev/null 2\u003e\u00261\n   # Create the tarball\n   /usr/bin/tar -czf ../debian.tar.gz . \u003e/dev/null 2\u003e\u00261\n   # Return to the target directory\n   popd \u003e/dev/null 2\u003e\u00261\n   # Copy the tarball and preseed.cfg to the new ISO\n   /usr/bin/cp debian.tar.gz new-iso/\n   /usr/bin/cp preseed.cfg new-iso/\n   # Change permissions on the preseed.cfg\n   /usr/bin/chmod 644 new-iso/isolinux/adtxt.cfg\n   # Add the preseed.cfg entry to the boot menu\n   /usr/bin/cat \u003e\u003e new-iso/isolinux/adtxt.cfg \u003c\u003cEOF\nlabel auto-wipe\nmenu label ^Automatic - DESTRUCTIVE\nkernel /install.amd/vmlinuz\nappend auto=true priority=critical vga=788 file=/cdrom/preseed.cfg initrd=/install.amd/initrd.gz --- quiet\nEOF\n   # Change permissions on the preseed.cfg\n   /usr/bin/chmod 444 new-iso/isolinux/adtxt.cfg\n   # Change to the new ISO directory\n   pushd new-iso/ \u003e/dev/null 2\u003e\u00261\n   # allow write access to the md5sum.txt file\n   /usr/bin/chmod +w md5sum.txt \u003e/dev/null 2\u003e\u00261\n   # Generate the new md5sum.txt file\n   /usr/bin/find -follow -type f ! -name md5sum.txt -print0 2\u003e/dev/null | /usr/bin/xargs -0 md5sum \u003e md5sum.txt\n   # remove write access to the md5sum.txt file\n   /usr/bin/chmod -w md5sum.txt \u003e/dev/null 2\u003e\u00261\n   # Go back to the target directory\n   popd \u003e/dev/null 2\u003e\u00261\n   # Create the new ISO\n   /usr/bin/sudo /usr/bin/genisoimage -r -J -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -o $isoOut new-iso \u003e/dev/null 2\u003e\u00261\n   # Optional, if you want to make the ISO hybrid (USB bootable) for VM testing\n   /usr/bin/sudo /usr/bin/isohybrid $isoOut \u003e/dev/null 2\u003e\u00261\n   # Remove the temporary directories\n   /usr/bin/sudo /usr/bin/rm -rf new-iso vanilla-iso \u003e/dev/null 2\u003e\u00261\n   # Remove the tarball\n   /usr/bin/sudo /usr/bin/rm -f debian.tar.gz \u003e/dev/null 2\u003e\u00261\n   # Copy the ISO to the source directory\n   /usr/bin/sudo /usr/bin/cp -rf $isoOut $SourceDirectory\n   # Change ownership and permission of the ISO\n   /usr/bin/sudo /usr/bin/chown enadmin:enadmin $SourceDirectory/$isoOut\n   /usr/bin/sudo chmod 644 $SourceDirectory/$isoOut\nelse\n   # Whoops, we can't find the ISO\n   echo \"Unable to find $isoIn\"\nfi\n\n# Return to where we started\npopd \u003e/dev/null 2\u003e\u00261\n# Remove the target directory (Clean-up)\n/usr/bin/sudo /usr/bin/rm -rf $TargetDirectory \u003e/dev/null 2\u003e\u00261\n```\n\nPlease check and review all the values, before just start the script!\n\n### Requirements\n\n- `debian-12.4.0-amd64-netinst.iso` (can be [downloaded](https://www.debian.org/download) from the Debian project)\n- The files of this repository\n- A Linux based system (We use Debian 12 as WSL2 Image)\n- All required packages will be downloaded (if required)\n\n### Alternatives\n\nYou can also deploy the `preseed.cfg` via a Server, e.g., Web-Server or File-Share. As long as the system can reach it during the installation.\n\nIn addition, you can change the `preseed.cfg` file (and the very end) to download the Jumstart file from the same location where the `preseed.cfg` itself is found, or any other location the system can reach. It is not required to build your own ISO or put the Jumpstart file on the install media.\n\n## Contribution\n\n**More then welcome!**\n\nPlease see the [Contribution Guide](CONTRIBUTING.md) for more details!\n\n## Default License\n\nIn our opinion: All the stuff here should be free, and the license should be as flexible as possible.\n\n### BSD 3-Clause License\n\nCopyright (c) 2023, enabling Technology GmbH - All rights reserved.\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:\n\n1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.\n2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.\n3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n_By using the Software, you agree to the License, Terms and Conditions above!_\n\n### DISCLAIMER\n\n- Use at your own risk, etc.\n- This is open-source software, if you find an issue try to fix it yourself. There is no support and/or warranty in any kind\n- This is a third-party Software\n- The developer of this Software is NOT sponsored by or affiliated with the Debian project\n- The Software is not supported by the Debian projects\n- By using the Software, you agree to the License, Terms, and any Conditions declared and described above\n- If you disagree with any of the terms, and any conditions declared: Just delete it and build your own solution\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenatec%2Fdebianauto","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenatec%2Fdebianauto","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenatec%2Fdebianauto/lists"}