Befehle
Befehlsreferenz
Section titled “Befehlsreferenz”Alle Befehle hier sind Debian/Ubuntu-basiert. Auf anderen Distros ggf. apt → dnf/pacman ersetzen.
User & SSH
Section titled “User & SSH”adduser <name>usermod -aG sudo <name>Pakete
Section titled “Pakete”apt update && apt full-upgradeapt install <paket>dpkg-reconfigure -plow unattended-upgradesFirewall (ufw)
Section titled “Firewall (ufw)”ufw default deny incomingufw default allow outgoingufw allow 22/tcpufw allow 80,443/tcpufw enableufw statusSystemd
Section titled “Systemd”systemctl enable --now <service>systemctl status <service>journalctl -u <service> -fBackups (restic)
Section titled “Backups (restic)”restic -r sftp:user@host:/path initrestic -r <repo> backup /home /etc /varrestic -r <repo> snapshotsrestic -r <repo> restore <snapshot-id> --target /restoreSSH-Härtung
Section titled “SSH-Härtung”sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.baksudo sshd -tsudo systemctl restart sshdFail2ban
Section titled “Fail2ban”sudo systemctl enable --now fail2bansudo fail2ban-client status sshdWireGuard (wenn SSH hinter VPN)
Section titled “WireGuard (wenn SSH hinter VPN)”sudo apt install wireguardsudo systemctl enable --now wg-quick@wg0Restic: Retention + Healthcheck
Section titled “Restic: Retention + Healthcheck”restic -r <repo> forget --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --prunerestic -r <repo> checkrestic -r <repo> unlockDocker
Section titled “Docker”curl -fsSL https://get.docker.com | sudo shsudo usermod -aG docker <user>docker compose up -ddocker compose psdocker compose logs --tail=20