5 Things to do after a fresh install of GNU/Linux

Mike Turcotte-McCusker
Nov 4, 2017

So, regardless of what distribution being used, there are things that I do after every single install I do, and I thought perhaps I would share some of them with you; perhaps something I do is missing from your setup and you might like to include it!

I am going to leave out the things that you find in every other list...like "Download your favourite music player!" as this is redundant, and pointless to list.

The list includes the following five suggestions: increase audio quality, making sure the firewall is enabled,

1. Increase audio quality

I’m not going to get into the deeper explanation behind audio and its quality; suffice to say I use expensive headphones, speakers, and every possible opportunity I have to enhance the quality of my sound. So, when I install a new OS, one of the first things I do is make sure that my tunes sound good for while I’m following the rest of my setup. To do so, we need to edit a configuration file for PulseAudio.

sudo nano /etc/pulse/daemon.conf

In this, there are three lines we need to find:

; resample-method = speex-float-1
; default-sample-format = s16le
; default-sample-rate = 44100

The last two lines are above/below eachother, but the first line is a little ways above them in the configuration file.  Edit these, to look like this

resample-method = src-sinc-best-quality
default-sample-format = s24le
default-sample-rate = 96000

NOTE: You MUST ensure that the ; is removed from all three, for this to work. ; signifies a comment, or in this case, deactivated.

After this is done, save and exit the configuration file, and then we need to restart PulseAudio:

pulseaudio -k
pulseaudio --start

Aaaand voila! Your music will now sound better than it would have previously. You'd be surprised.

2. Make sure firewall is enabled.


Most distributions tend to have UFW installed as the default firewall, but not all of them enable the firewall by default. Always always always, make sure you enable the firewall.

The default 'home' setting is usually fine for most people, just simply turn the firewall on, and you're done. However, if there is no firewall installed, you'll want to install 'gufw' which will also include UFW itself, as well as a graphical tool for it.

3. Disable any unnecessary services

Antergos Services Icon

This one varies from distro to distro, on what needs to be disabled or not, but things like printer support are not needed if you don't own a printer, etc.

Typically, GNU/Linux systems do not run a trillion services to shut down like Windows, but always good to look, and see. Most distributions and environments have a services list in the system settings. The Antergos Cinnamon one, looks like the photo above.

4. Install Timeshift


Previously I wrote an article about how to install Timeshift into Linux Mint, but really I would advise installing it into any system you use, if it's not included with the distro. Timeshift is almost crucial for someone like me, who can't run the risk of losing everything in the case of a crash or other mishap. Get it. Use it.

5. Install ClamAV / Clamtk antivirus


Yes, it's true, a GNU/Linux system is far less likely to be infected by a virus than Windows, but it's not invincible. I wrote an article about how to install the ClamAV antivirus with Clamtk GUI and highly recommend it as well.

What about you? What are the top five things you do besides the usual installation of generic applications?

5 Things to do after a fresh install of GNU/Linux
Article Name
5 Things to do after a fresh install of GNU/Linux
Mike reveals five things that he does immediately after installing a new Linux distribution; includes improving audio quality, setting up antivirus, and more.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. Dave said on December 28, 2017 at 6:38 pm

    Great article, Mike. For me, first adds to Debian are
    1. Nautilus wipe for right click sure delete
    2. Redshift for less eyestrain at night, add commands to shortcut keys
    3. No Script on Firefox
    4. keepass to encrypt password list
    5. various aesthetics: dark theme in Gnome, change font to dejavu book, enable minimize/maximize boxes, edit grub to skip the start up page since I don’t dual boot, a shortcut key for one button suspend.

    For antivirus there is a ‘live’ 4M Linux I put on CD (something like 40 mb!)that runs clam AV separate from the main OS. I heard the idea that installing it actually increases vulnerability. I run it maybe every six months. In three years, no malware…so far. I think I got it on Softpedia.

  2. kzd28626@xoixa.com said on December 10, 2017 at 10:21 pm

    SSD wear is completely overexerted, the drive will be obsolete way before you manage to wear it out. Even TLC models only died after trying to make them fail and still took close to a PB of writes before dying. Really a non issue for real world use. The drive is going to be fine doing whatever and won’t die unless you do something to kill it on purpose. Put swap and stuff like that on the ssd.

    /tmp can be in tmpfs since it’s not supposed to be persistent while /var/tmp and the various log dirs in /var are a bit more of an issue. /var/tmp is supposed to persist across reboots so putting it on something persistent is probably a good idea. The log dirs have the same issue, if you don’t have them on something persistent you’ll lose the logs on each reboot. Your choice really.

    /home/user/.cache is another thing you can safely put on nonpersistent storage since there shouldn’t be anything there that needs to be preserved across reboots.

    A few other things you might want to do (or not) is use btrfs for it’s snapshots and other CoW goodies (just don’t use raid 5/6), use luks, recompile the kernel/media sw (only places where it matters, (for media sw I’d add -O3 -mavx2 -mfma -ftree-vectorize -ffast-math) with -march=native and get rid of unused shit in the kernel (although you’re mostly not optimizing anything here other than cutting down the compile time), mess with fancontrol (although depending on your board it might do a good job managing that on it’s own) and of course install lolcat (https://github.com/busyloop/lolcat) and put it in your bashrc.

    You can mess with the swappiness and other sysctl stuff if you want but unless you know what you are doing the defaults are pretty sane.

    Oh and limit the number of processes a user can make to prevent fork bombs from working,

  3. Supergirl said on November 13, 2017 at 4:04 am

    One thing I find thats very important to me is to set my
    browser cache to zero & to use NoScript…..
    Otherwise i get so much malware hiding in my cache that Firefox becomes unuseable.

    I guess I just go to more shady places that most of you..LoL

  4. Jason said on November 7, 2017 at 10:13 pm

    I don’t want to be harsh here, but you chose a bizarre combination of things to put on your to-do list. If we’re only going to talk about “5 things”, surely the list should be more focused than what you’ve presented.

    What about optimizing system for HiDPI display? Optimizing system to prevent premature SSD wear? Make Avahi and DHCP more privacy-friendly? TLP power management? Firejail? SYSTEM UPDATES???

    I agree with others here that ClamAV is not useful (even on a theoretical level) for the vast majority of people. Someone else mentioned RKhunter and CHrootkit: I put those in a similar category. There’s is no point using them unless you are running a web server AND have the tech skills to understand their outputs.

  5. moxin said on November 7, 2017 at 12:51 pm

    Just wanna ask, which DE is it, what GTK and icon theme are you using?

  6. Jozsef said on November 6, 2017 at 2:42 am

    My friend, you made it quite clear that you consider facts to be irrelevant and uninteresting because your perceptions of reality are automatically accurate and so are everyone else’s at the same time, even if they may differ, at least as far as reproduction of recorded music is concerned. Therefore I won’t go into an explanation of why extending frequency response octaves above human hearing to make it possible to reproduce sounds that don’t exist on any CD can only do harm. Instead I will address your ultimate standard of quality, which is what you yourself and other people hear.

    If you were to investigate human perception and learn about how our brains work, you would find that what we believe is real or what we “know” to be true is quite literally a greater influence on what we experience when listening than the sound our ears are actually picking up. There is so much processing the brain must do, effectively interpretation, on auditory (as well as visual) stimuli that if you listen to something you believe is better, you will actually hear that improvement. I don’t mean a subtle difference but the sound you “know” to be of lesser quality might be painfully shrill and garbled. On the other hand, when you are hearing a setup you know to be good, the beauty and clarity of the music will bring tears to your eyes, even though you may be comparing A to A. Did you notice that some here know that the original resolution sounds the best while others like you know that oversampling sounds the best? We are not different and I have been tricked in experiments on more than one occasion when I described the vast improvement I heard when I believed a particular change had been made, only to discover that the identical setup had been used to play a piece of music again with no alterations.

    Science is your friend if you want to learn or you can just keep listening and possibly ending up with worse sound at greater expense if your buying decisions are based on listening tests. I say choose with real information and then listen to verify, just once, quickly. After that, make it about music. Now, go forth and enjoy yourself. :)

  7. dark said on November 5, 2017 at 10:36 pm


    >”Manage Service and Units”
    Install Systemd-manager.

  8. jake said on November 5, 2017 at 10:14 pm

    We need another article on removing unnecessary services, deamons, etc… Even command line help that cuts across multiple (debian;-) distros.

    Just looked at my Systems Settings and sadly… very sadly. There is NO “Manage Service and Units”, otherwise the Systems Settings look very similar (I’m on Mint/Cinnamon, 17.3).

    The audio tip is great advice. I have a laptop with a healthy set of lungs but every now and again, I’ll test a distro and audio is at 10-40%.

    Didn’t know Timeshift existed. Very exciting piece of software. Thanks for some great suggestions and to continue to push the point about Firewalls and AV on Linux. Old-timers, safe-surfers, conservative users are gonna’ be ok. The new breed of true newbs always find ways of hurting themselves in the most ingenious ways.

  9. VioletMoon said on November 5, 2017 at 3:14 pm

    It is interesting that a veteran computer user of Windows and/or Linux would recommend “sound quality” above system updates–and with Linux it can be 200 or more updates even within a two-week period.

    Really miss Remastersys because one could finish updating/customizing a distro and then create the entire distro as an .iso to share or keep on hand.

    SystemBack has the option, but I don’t find it works so well; and Pinguy has the Remastersys code, but I don’t find it works so well.

  10. Henk van Setten said on November 5, 2017 at 3:01 pm

    Good tips (and good comments, too). I agree that TimeShift is not all-important, but for myself I just like to have a complete system backup at hand, just in case. But over the past 2 years with Mint 17 I never needed to use this restore function, so I cannot confirm or deny that Timeshift (as said by someone here) might break symlinks. For ordinary, simple data backups I use FreeFileSync.

    As for gufw or any other kind of firewall, my own feeling is that in Linux, using an informative network traffic monitor is perhaps even more important than having a firewall in place. I use KNemo for that (for the same in Windows, I use Glasswire).

    Sound quality, as noticed by others, is a very personal thing. I guess this depends in the very first place from how you use the system. I can well imagine one will develop stricter requirements (or preferences) when playing music a lot. My own Linux system does not serve as main music player or media streamer, but I often do use it for video playback (with VLC, mainly movies and series recorded from digital antenna TV). The default sound quality has always been good enough for me in this case, no complaints at all.

  11. anon3 said on November 5, 2017 at 2:52 pm

    @Paglu and @Kapil
    It’s mentioned in the article – Antergos Cinnamon.

  12. Kapil said on November 5, 2017 at 8:38 am

    Yeah can somebody tell which distro it is ? Or any specific theme he/she used ? Please.

  13. Paglu said on November 5, 2017 at 4:10 am

    Which distro did you use for the screenshots?

  14. dark said on November 4, 2017 at 11:55 pm

    If i want AV on Linux, i want AV require no root previleges to install and use to avoid possible decrease in Linux security. It should be possible with Flatpak or AppImage.

  15. IPonymous said on November 4, 2017 at 9:34 pm

    Audio quality.
    Evidence is not reality
    The best reality for the best sound quality is YOUR ears on your system.

    Bit Depth:
    Benefits sound from most audio(cd’s online streaming) and video.

    For audio generally multiples of 44100 such as 88200 and 176400 are best.
    For video(sound such as dvds and bluray) generally multiples of 48000 such as 96000 and 192000 are best. Online video the audio is ‘usually’ converted to 44100.
    More accurately sample 44100 and 48000 sources by their multiples.

    It may be beneficial to also modify the “alternate-sample-rate” because this way the sound from both video and audio sources will be sampled by their respective multiple.

    resample-method = src-sinc-best-quality
    default-sample-format = s32le
    default-sample-rate = 176400
    alternate-sample-rate = 192000
    (had to reboot after these modifications as the commands in the article killed but did not restore my volume control)

    Remember you can always try the above and if you dont like it restore it back.
    (just remember to make a backup of the original file before trying.)
    I use /etc/pulse/daemon.conf.ORIG
    Then properly modify /etc/pulse/daemon.conf which will be used by the system.

    Bit Bepth:
    is akin to black levels in tvs. Increases in black levels give the quality of depth to 2 dimensional images from higher definition depth information the effect is taking you deeper into the image- the way it would appear in nature.
    In Audio increasing the bit depth from 16 to 24, 32 bit does the same thing. It reveals more detail to the space between sounds taking you deeper into the sound image.

    If you ever noticed how dvd’s(480i) looked better on tvs with 1080 or 4k? Similar benefit if you increase the sample-rate.
    These settings may be more apparent on some systems than others such as headphones without crossovers(single driver as opposed to multiple) or with speakers that correct for time and phase errors.

    I submit this as information only and not as an argument to other comments. The intent is to offer more options to the listener to choose as they see fit or not. The ultimate goal is to help someone find the sound that is most pleasing for THEM.

    No doubt someone will respond to this trying to sound as though they are displaying technical ‘proof’ but the proof is not in the ‘belief’ of someones words, the proof is in actual listening where you ‘HEAR’ it, and the only way to do that is with … your own ears on your own equipment.

  16. IPonymous said on November 4, 2017 at 9:03 pm

    Anyone know where the list of options available for each parameter in the article about audio quality?
    *such as “resample-method”

  17. AnorKnee Merce said on November 4, 2017 at 8:39 pm

    For System backup, Systemback and Clonezilla should be better. They can create System Images as a System Recovery backup. Whereas Timeshift is like Windows System Restore which can only restore a serviceable or running system = eg no use if your hard-drive fails or system gets corrupted and unbootable.
    Free ClamAV only helps you to scan your Linux system and downloaded files, ie there is no Real-time protection unlike Windows AV programs which have. If Linux users want Real-time protection, they will have to pay, eg Sophos AV.

  18. BringIt said on November 4, 2017 at 6:38 pm

    The antivirus part is very questionable. Ridiculous even. The average youtubexhamsterfacebooker on linux will not need AV. To RECOMMEND it as something everyone should do, makes me wonder if the author is somehow affiliated with ClamAV? Am I ruffling feathers, poking the anthill with a big ignorance-stick? Maybe. Prove me wrong, show me how a linux newbie will directly and in realtime BENEFIT from using ClamAV. That’s right, sir, I just slapped you with my glove and challenged you to a DUEL. Unless you come up with hardcore 100% facts and compelling evidence, this staement is nothing more than the same damn fear-instigating mongering Windows users have been bombarded with for 30 years now. We’re trying to bring IN new linux users, not scare them off by saying the same crap they were served is the exact thing they will have to endure in linux-world too..

    1. Corky said on November 6, 2017 at 10:53 am

      If your goal is to bring people over to Linux perhaps lying to them isn’t the best way to go about it, firstly just because there are fewer malicious programs written for Linux doesn’t mean there are none.

      Secondly if you want to encourage people to swap from Windows to Linux perhaps it’s a good idea for them to feel as secure as possible, after having it drummed into them for decades how important AV software is on Windows expecting them to just abandon that idea over night while trying to learn about a new OS and not knowing if X is meant to be happening or is the result of some malicious program is asking a great deal.

      Basically I’d say your average user whose just migrated to Linux would be well served from using AV if only for the peace of mind aspect, think of it like a comfort object, transitional object, or security blanket until they get to know Linux.

  19. Nili said on November 4, 2017 at 5:25 pm

    Whoever offers a NETINST ISO is appreciated for me.
    Generally i follows this path on a Debian based without systemd.

    1. install xinit
    2. install server-xorg-core
    3. install rxvt-unicode
    4. install
    5. install


    1. Nili said on November 5, 2017 at 7:04 pm

      4. install window manager (mostly tile or stack openbox/fluxbox)
      5. install favorite apps/tools

  20. Tom Stanton said on November 4, 2017 at 4:44 pm

    Linux AV is known for false positives. Believe it or not, most Linux AV solutions mostly look for Windows viruses, which have no affect on Linux but could be spread to windows thru email/etc. As Thomas pointed out, in Linux vulernabilities are patched very quickly (often faster than the AV program adds the definition), you’re better off to just update on a regular basis

    As numerous others pointed out, any kind of resampling actually hurts audio quality.

    The full backup is overkill. If you backup a Linux system properly you can just restore a small subset of files to get your exact system back.

    Should’ve mentioned things like .vimrc or helpful bash profiles.

  21. Ron said on November 4, 2017 at 1:02 pm

    I’m surprised about #5. The general consensus on the forums of the distro I use is that using an AV on Linux actually decreases one’s security. (And the AV advised is notorious for false-positives.)


  22. Yuliya said on November 4, 2017 at 10:11 am

    While I don’t really use Linux that much (only mess around in Debian every now and then) regarding point 1, I don’t think you should resample all your audio. You would definitely want to use the sampling rate which most of your audio is, which is 44100Hz. The other two are fine.
    psst: make the fifth section title bold too

  23. Ivan said on November 4, 2017 at 9:55 am

    24bit /96kHz is necessary for editing, but not for listening.
    Convince yourself: https://www.xiph.org/video/

  24. microfix said on November 4, 2017 at 8:40 am

    My tried and tested list for over last eight years:
    1. Switch on firewall.
    2. Check for system/ kernel updates via repository.
    3. Install RKHunter & CHRootkit and ClamAV and update/ scan.
    4. Remove unnecessary bloat (unused software) then install required software via software manager.
    5. Disable unnecessary services.

    I found that Timeshift breaks custom symlinks and that pulseaudio just works without modifications.

  25. Womble said on November 4, 2017 at 7:49 am

    Not sure what you think resample does but for the best audio quality you need to make sure you listen at the original sample rate. That means DON’T resample.

  26. Ravi Joshi said on November 4, 2017 at 7:34 am

    With due respect, I think this list is severely incomplete, and a bit misleading as well.
    – You don’t need pulse audio.
    – You don’t need Timeshift. You never backup entire Linux and restore it. It is easier and possibly more advisable to reinstall OS. It’s faster, clean. It would have been better if we spent educating users on how to regularly back up documents or better still, how to keep sync turned on – so only the required files are backed up.
    – You don’t need antivirus.
    – Turning services off. If you are installing Linux, it’s better you spend 10 minutes learning how to turn on/off services using systemctl (or chkconfig) than relying on a GUI which could be specific to a certain distro.

    1. leanon said on November 5, 2017 at 4:22 am

      @Ravi Joshi

      Not to start another bashing war between browsers but Firefox needs pulseaudio.
      Unless maybe you have some insight in getting sound to work in the latest “Firefox” without?!?

    2. Gerard said on November 4, 2017 at 5:23 pm

      Ravi Joshi, I couldn’t agree more.

    3. Jody Thornton said on November 4, 2017 at 2:02 pm


      It is true that Linux is not invincible, so why wouldn’t you install an AV solution? And are you saying that Pulse Audio provides no benefit? You say vehemently that we should not follow Martin’s advice, but don’t state reasons why. I’d like to hear those.

      1. Anonymous said on November 5, 2017 at 2:21 am

        psst Jody its Mike not Martin

      2. Ron said on November 4, 2017 at 5:14 pm

        Answering for myself (not Ravi), because putting on an AV in Linux will actually decrease your security. See my link below for the reasons why. BTW, Martin didn’t write this article, Mike did.

    4. TelV said on November 4, 2017 at 1:57 pm

      Once upon a time Apple Mac users would swear blind that the OS was immune to virus infection, but not anymore. The same goes for Linux. In addition, Linux is also vulnerable to ransomware infections such as the one described in this Wikipedia article: https://en.wikipedia.org/wiki/Linux.Encoder.1

      There may not be that many vulnerabilities at the moment, but I think it’s a little naive to suggest that AV isn’t necessary on Linux.

      1. Thomas said on November 4, 2017 at 3:28 pm

        But is the solution for linux vulnerabilities not to update?
        When an exploit is reported, system updates come out in hours.

        How will any AV help against ransomware?
        It did nowhere on the windows ones… because it uses encryption software that is no virus as for itself, so there are no bad signatures in it.

    5. Robert said on November 4, 2017 at 12:36 pm

      I have to disagree. I have customized Linux enough that I don’t want to do a fresh install and waste hours re-customizing it should I have to. Timeshift is something I never new existed and is a great tip. And who doesn’t want better sound if that option is there? This article is like an Easter egg to me.

      1. Thomas said on November 4, 2017 at 1:42 pm

        you never need to reconfigure anything, just install the software and copy over you home folder containing the hidden files that hold your configurations.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.