From e8840d57dc98fb3de6b1695d910a5ea0e40709ba Mon Sep 17 00:00:00 2001
From: Florian Hoss <65008174+flohoss@users.noreply.github.com>
Date: Tue, 7 Dec 2021 08:59:06 +0100
Subject: [PATCH] Update README.md

---
 README.md | 171 +++++++++++++++++++++++++++++++-----------------------
 1 file changed, 100 insertions(+), 71 deletions(-)

diff --git a/README.md b/README.md
index 7285eae..a3c6568 100644
--- a/README.md
+++ b/README.md
@@ -4,32 +4,33 @@ This is a small guide on how to secure a fresh debian install. Some of the comma
 
 # Prepare the system
 
-```bash
-apt-get update && apt-get upgrade -y
-# only if you are using awesome vim editor
-apt-get install vim -y
-```
+```apt-get update && apt-get upgrade -y```
+
+only if you are using awesome vim editor
+
+```apt-get install vim -y```
 
 OPTIONAL for backups with restic & rclone:
 
-```bash
-apt-get install restic -y
-restic self-update
-curl https://rclone.org/install.sh | sudo bash
-```
+```apt-get install restic -y```
+
+```restic self-update```
+
+```curl https://rclone.org/install.sh | sudo bash```
 
 # Create Admin user
 
-```bash
-useradd -m -U -s /bin/bash -G sudo sysadmin
-passwd sysadmin
-```
+```useradd -m -U -s /bin/bash -G sudo sysadmin```
+
+```passwd sysadmin```
 
 # Configure SSH
 
-```bash
-vim /etc/ssh/sshd_config
-```
+edit the sshd_config file
+
+```vim /etc/ssh/sshd_config```
+
+with following content:
 
 ```bash
 Include /etc/ssh/sshd_config.d/*.conf
@@ -68,25 +69,35 @@ AcceptEnv LANG LC_*
 Subsystem	sftp	/usr/lib/openssh/sftp-server
 ```
 
-```bash
-# check config for errors
-sshd -t
-# restart ssh service to apply settings
-systemctl restart sshd
-# check if service has been started successfully
-systemctl status sshd
-```
+check config for errors
+
+```sshd -t```
+
+restart ssh service to apply settings
+
+```systemctl restart sshd```
+
+check if service has been started successfully
+
+```systemctl status sshd```
 
 # Configure Fail2Ban
 
-```bash
-apt-get install fail2ban
-systemctl enable fail2ban
-# create a backup of the old config just in case
-cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
-# edit the config file
-vim /etc/fail2ban/jail.local
-```
+install fail2ban
+
+```apt-get install fail2ban```
+
+enable fail2ban
+
+```systemctl enable fail2ban```
+
+create a backup of the old config just in case
+
+```cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local```
+
+edit the config file
+
+```vim /etc/fail2ban/jail.local```
 
 ```bash
 [INCLUDES]
@@ -127,24 +138,31 @@ port    = 29
 logpath = %(sshd_log)s
 backend = %(sshd_backend)s
 ```
+restart fail2ban
 
-```bash
-systemctl restart fail2ban
-systemctl status fail2ban
-fail2ban-client status sshd
-```
+```systemctl restart fail2ban```
+
+check the status of fail2ban
+
+```systemctl status fail2ban```
+
+check the status of the client
+
+```fail2ban-client status sshd```
 
 **-- Logout from Server --**
 
 # Configure SSH key auth (Unix Systems)
 
-```bash
-# create a ssh key with Edwards-curve Digital Signature Algorithm
-# and name it server in the .ssh folder of the current user
-ssh-keygen -t ed25519 -f ~/.ssh/server
-# edit a ssh config file
-vim ~/.ssh/config
-```
+## following steps are executed on the local system - NOT on the server
+
+create a ssh key with Edwards-curve Digital Signature Algorithm and name it server in the .ssh folder of the current user
+
+```ssh-keygen -t ed25519 -f ~/.ssh/server```
+
+edit a ssh config file
+
+```vim ~/.ssh/config```
 
 ```bash
 Host server
@@ -154,17 +172,21 @@ Host server
     Port 29
 ```
 
-```bash
-# copy the created public key to the server
-ssh-copy-id -i ~/.ssh/server.pub server
-# login to the server with the users password
-ssh server
-# edit the ssh config
-sudo vim /etc/ssh/sshd_config
-```
+copy the created public key to the server
+
+```ssh-copy-id -i ~/.ssh/server.pub server```
+
+login to the server with the users password
+
+```ssh server```
+
+edit the sshd_config file
+
+```sudo vim /etc/ssh/sshd_config```
+
+with following content:
 
 ```bash
-# sshd_config
 Include /etc/ssh/sshd_config.d/*.conf
 
 Port 29
@@ -201,23 +223,30 @@ AcceptEnv LANG LC_*
 Subsystem	sftp	/usr/lib/openssh/sftp-server
 ```
 
-```bash
-# check config for errors
-sudo sshd -t
-# restart ssh service to apply settings
-sudo systemctl restart sshd
-# check if service has been started successfully
-sudo systemctl status sshd
-```
+check config for errors
+
+```sudo sshd -t```
+
+restart ssh service to apply settings
+
+```sudo systemctl restart sshd```
+
+check if service has been started successfully
+
+```sudo systemctl status sshd```
 
 # OPTIONAL Install UFW Firewall
 
-```bash
-sudo apt-get install ufw
-# allow SSH if you are using a remote connection
-sudo ufw allow ssh
-# check the status of the firewall (should be off)
-sudo ufw status verbose
-# turn the firewall on
-sudo ufw enable
-```
+```sudo apt-get install ufw```
+
+allow SSH if you are using a remote connection
+
+```sudo ufw allow ssh```
+
+check the status of the firewall (should be off)
+
+```sudo ufw status verbose```
+
+turn the firewall on
+
+```sudo ufw enable```