add nftables and logrotate for OVH

md/debian_server_setup.md

@@ -56,6 +56,8 @@ chown -R ${MYUSER}:users /home/${MYUSER}/.ssh
 
 ### Disable root Login
 
+> **Note**: modern Debian SSH sets root login to SSH key only, this section may not be necessary
+
 **If the above is successful** and you are capable of gaining full root privileges via the non-root SSH session using sudo, now disable root logins in SSH from the outside world for an additional security layer. The `root` account still remains usable, just not via _direct_ SSH access.
 
 The task is to set `PermitRootLogin no` - the setting varies from one provider to another, sometimes it's already set (either yes or no), sometimes it's commented out. This small scriptlet should handle these 2 most common cases, **be careful** and investigate for yourself:
@@ -93,7 +95,7 @@ apt-get update
 echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections
 echo "iptables-persistent iptables-persistent/autosave_v6 boolean true" | debconf-set-selections
 echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections
-apt-get install sysstat unattended-upgrades iptables-persistent man less vim rsync bc net-tools git strace
+apt-get install sysstat unattended-upgrades iptables-persistent man less vim rsync bc net-tools git strace nftables logrotate
 ```
 
 The `smem` package will pull in a lot of X dependencies due to an embedded recommendation, install it while disabling that feature. This utility can be used to quickly query memory usage (including swap) on the memory constrained cloud server:
@@ -174,7 +176,7 @@ swapon /swap.file
 
 ```
 systemctl disable remote-fs.target rsync.service
-systemctl enable sysstat unattended-upgrades netfilter-persistent
+systemctl enable sysstat unattended-upgrades netfilter-persistent logrotate
 
 apt-get full-upgrade -y