页面“C基础”与“Debian服务器初始化”之间的差异
(页面间的差异)
跳到导航
跳到搜索
第1行: | 第1行: | ||
+ | [[Salt-ssh批量初始化机器]] | ||
+ | [https://debian-handbook.info/browse/zh-CN/stable/sect.how-to-migrate.html Debian 管理员手册] | ||
+ | =os install= | ||
+ | 有时候会出现 select and install software 等等几个小时的情况 应该是不要选择mirrors就好了 安装后再自己加 | ||
+ | = os init= | ||
+ | Gentoo Linux 手册 非常有学习的价值 | ||
+ | [[容器初始化]] | ||
+ | == change sources == | ||
+ | ==if docker== | ||
+ | [[利用Dockerfile修改容器中的apt源(debian源)]] | ||
+ | ===10源=== | ||
+ | <pre> | ||
− | + | deb http://mirrors.aliyun.com/debian/ buster main non-free contrib | |
− | + | deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib | |
− | http:// | + | deb http://mirrors.aliyun.com/debian-security buster/updates main |
− | + | deb-src http://mirrors.aliyun.com/debian-security buster/updates main | |
− | + | deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib | |
− | + | deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib | |
− | + | deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib | |
− | + | deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib | |
− | |||
− | |||
− | http:// | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | http:// | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
− | + | ===9 源=== | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<pre> | <pre> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | echo 'deb http://mirrors.aliyun.com/debian/ stretch main non-free contrib | |
− | + | deb-src http://mirrors.aliyun.com/debian/ stretch main non-free contrib | |
+ | deb http://mirrors.aliyun.com/debian-security stretch/updates main | ||
+ | deb-src http://mirrors.aliyun.com/debian-security stretch/updates main | ||
+ | deb http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib | ||
+ | deb-src http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib | ||
+ | deb http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib | ||
+ | deb-src http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib ' >sources.list | ||
</pre> | </pre> | ||
− | + | == ssh config== | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | = | ||
<pre> | <pre> | ||
+ | openssh | ||
+ | apt-get install openssh-client openssh-server | ||
+ | 这个要先安装 不然自启动会不成功 | ||
− | + | 如何激活服务并在启动时启用或禁用服务(即系统启动时自动启动服务) | |
− | + | # systemctl is-active ssh.service | |
− | + | systemctl enable ssh.service | |
+ | # systemctl disable ssh.service | ||
+ | echo "ssh-rsa AAAAB3NzaC you_prk_key root@ops | ||
+ | " >> /root/.ssh/authorized_keys | ||
+ | sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config | ||
+ | sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config | ||
+ | sed -i "s/^#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config | ||
+ | systemctl restart sshd | ||
+ | #service sshd restart | ||
+ | 补充 | ||
+ | 服务端 | ||
+ | chown -R 0700 ~/.ssh | ||
+ | chown -R 0644 ~/.ssh/authorized_keys | ||
− | + | 客户端改一下 | |
− | + | chmod 600 id_rsa | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
− | = | + | ==常用软件== |
<pre> | <pre> | ||
− | / | + | #alias |
− | + | cp /etc/profile /etc/profile_bak | |
− | + | echo "alias ll='ls $LS_OPTIONS -l'" >>/etc/profile && source /etc/profile | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | = | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | useradd -d /data/evan -s /bin/bash -m evan | |
− | + | 数m表示如果该目录不存在,则创建该目录 | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | apt install net-tools procps rsync wget w3m vim build-essential dnsutils tmux curl sudo lsb-release iotop software-properties-common -y # 说明 dig dnsutils firewalld screen 暂时不要 | ||
− | + | #全面的开发工具 | |
− | + | sudo apt install git golang build-essential gcc g++ gdb libboost-dev make automake autogen autoconf cscope global cmake cmake-gui astyle clang-format clang llvm lldb libsqlite3-dev sqlite3 bison flex ruby-dev linux-headers-`uname -r` | |
− | |||
− | + | #ps 说明 | |
− | + | apt install procps | |
− | + | mariadb-client | |
− | + | 安装Fail2Ban | |
+ | </pre> | ||
− | https:// | + | [https://www.debian.cn/archives/2880 Debian 安装 fail2ban 方式SSH爆破攻击] |
− | + | [[Debian配置iptables]] | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | =时间同步= | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<pre> | <pre> | ||
− | + | UTC时区切换到CST 时区 | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | #用这个啦 | |
− | + | # 设置亚洲时区 tzselect 有时不准 | |
− | + | timedatectl set-timezone Asia/Shanghai | |
− | + | # 启用NTP同步 #关闭是 false | |
− | + | timedatectl set-ntp yes | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | echo "export TZ='Asia/Shanghai'" >> /etc/profile | |
+ | cat /etc/profile |grep TZ | ||
+ | source /etc/profile | ||
+ | date -R #时区查看 | ||
+ | date | ||
+ | Sat Aug 19 17:03:17 CST 2017 | ||
− | |||
− | |||
+ | 校正日期和时间 linux256 | ||
+ | cp /usr/share/zoneinfo/Asia/ShangHai /etc/localtime #时区为亚洲/上海 | ||
+ | # 网络校时 | ||
+ | apt-get install ntpdate | ||
+ | ntpdate 210.72.145.44 # 中国国家时间服务器: 210.72.145.44 | ||
+ | # 手动校时 | ||
+ | sudo date -s 11/13/2019 #2019年11月13日 | ||
+ | sudo date -s 10:05:30 #10点05分30秒 | ||
− | + | </pre> | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | =security= | |
+ | ==ufw== | ||
+ | ==firewalld== | ||
+ | 这个放弃了 | ||
− | + | 详情可见 [[Centos7 firewalld防火墙基础]] | |
− | |||
+ | [https://computingforgeeks.com/how-to-install-and-configure-firewalld-on-debian/ How To Install and Configure Firewalld on Debian 10] | ||
− | + | [https://ywnz.com/linuxaq/5495.html 在Debian 10(Buster)上安装和配置Firewalld] | |
− | |||
− | |||
− | |||
− | |||
− | = | + | = 优化optimize= |
− | |||
− | |||
− | |||
− | |||
− | + | [https://github.com/mostamazing/mostamazing/issues/28 linux 里ulimit永久生效设置(debian9 64] | |
− | |||
− | |||
− | = | + | =9 update to 10= |
+ | sudo apt dist-upgrade -y #在之前改成 10的源 | ||
− | + | 在QCLOUD上升级失败了 可以试一下他们自己的源 | |
− | + | https://mirrors.cloud.tencent.com/debian/dists/ | |
− | + | https://cloud.tencent.com/developer/article/1473368 | |
− | |||
− | + | =故障= | |
− | = | + | ==报错1 == |
− | == | ||
<pre> | <pre> | ||
− | + | Reading package lists... | |
− | + | E: Release file for http://mirrors.ustc.edu.cn/debian/dists/stretch-updates/InRelease is expired (invalid since 69d 5h 56min 7s). Updates for this repository will not be applied. | |
− | + | E: Release file for http://mirrors.ustc.edu.cn/debian/dists/stretch-backports/InRelease is expired (invalid since 69d 5h 56min 7s). Updates for this repository will not be applied. | |
− | + | E: Release file for http://mirrors.ustc.edu.cn/debian-security/dists/stretch/updates/InRelease is expired (invalid since 66d 14h 56min 48s). Updates for this repository will not be applied. | |
− | + | ERROR: Service 'php-worker' failed to build: The command '/bin/sh -c apt-get update' returned a non-zero code: 100 | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | ==处理 == | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<pre> | <pre> | ||
− | + | ########################################################################### | |
− | + | # Crontab | |
− | + | ########################################################################### | |
− | + | RUN rm -f /etc/apt/sources.list | |
− | + | RUN rm -f /etc/apt/sources.list.d/buster.list | |
− | + | COPY sources.list /etc/apt/ | |
+ | RUN apt -o Acquire::Check-Valid-Until=false update | ||
− | + | RUN apt-get update | |
+ | RUN apt-get clean | ||
+ | RUN apt-get install -y apt-transport-https | ||
+ | RUN apt install -y cron vim | ||
+ | RUN ["service","cron","start"] | ||
− | |||
− | + | cat php-worker/sources.list | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | deb http://deb.debian.org/debian stretch main | |
− | |||
− | |||
− | |||
</pre> | </pre> | ||
+ | ==报错2 == | ||
+ | Error message “sudo: unable to resolve host (none)” | ||
+ | That /etc/hosts has an entry for localhost. It should have something like: | ||
− | + | 127.0.0.1 localhost.localdomain localhost | |
− | + | 127.0.1.1 you-hostname | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | = | + | =参考= |
+ | [https://blog.chaos.run/dreams/ubuntu-server-starting-settings/index.html Debian服务器的初始化配置-Google Authenticator] | ||
− | [https://www. | + | [https://www.debian.cn/archives/2880 Debian 安装 fail2ban 方式SSH爆破攻击] |
− | [ | + | [https://blog.51cto.com/wzlinux/2043586 Ubuntu 新装服务器部署流程] |
− | [https://www. | + | [https://www.howtoing.com/install-java-in-debian-and-ubuntu 如何在Debian和Ubuntu系统中安装Java 9] |
− | + | [http://www.ruanyifeng.com/blog/2014/03/server_setup.html Linux服务器的初步配置流程] | |
− | [ | ||
− | http:// | + | [http://spenserj.com/blog/2013/07/15/securing-a-linux-server/ Securing a Linux Server] |
− | + | [http://blog.51cto.com/feihan21/1060365 Linux服务器初始化配置脚本] | |
− | [ | ||
− | https:// | + | [https://blog.imdst.com/linux-fu-wu-qi-chu-shi-hua-an-quan-jia-gu/ Linux服务器初始化调优及安全加固] |
− | [https:// | + | [https://linux.cn/article-5067-1.html 如何使用 fail2ban 防御 SSH 服务器的暴力破解攻击] |
− | = | + | [https://blog.csdn.net/developerinit/article/details/73065229?utm_source=blogxgwz7 Debian的一些常用命令] |
− | |||
− | https:// | + | [https://www.cnblogs.com/yoyotl/p/8151409.html Debian 8 设置时区和时间配置] |
− | [[category: | + | [[category:ops]] [[category:debian]] |
2021年4月25日 (日) 06:19的版本
目录
os install
有时候会出现 select and install software 等等几个小时的情况 应该是不要选择mirrors就好了 安装后再自己加
os init
Gentoo Linux 手册 非常有学习的价值
change sources
if docker
利用Dockerfile修改容器中的apt源(debian源)
10源
deb http://mirrors.aliyun.com/debian/ buster main non-free contrib deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib deb http://mirrors.aliyun.com/debian-security buster/updates main deb-src http://mirrors.aliyun.com/debian-security buster/updates main deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
9 源
echo 'deb http://mirrors.aliyun.com/debian/ stretch main non-free contrib deb-src http://mirrors.aliyun.com/debian/ stretch main non-free contrib deb http://mirrors.aliyun.com/debian-security stretch/updates main deb-src http://mirrors.aliyun.com/debian-security stretch/updates main deb http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib deb-src http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib deb http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib deb-src http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib ' >sources.list
ssh config
openssh apt-get install openssh-client openssh-server 这个要先安装 不然自启动会不成功 如何激活服务并在启动时启用或禁用服务(即系统启动时自动启动服务) # systemctl is-active ssh.service systemctl enable ssh.service # systemctl disable ssh.service echo "ssh-rsa AAAAB3NzaC you_prk_key root@ops " >> /root/.ssh/authorized_keys sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config sed -i "s/^#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config systemctl restart sshd #service sshd restart 补充 服务端 chown -R 0700 ~/.ssh chown -R 0644 ~/.ssh/authorized_keys 客户端改一下 chmod 600 id_rsa
常用软件
#alias cp /etc/profile /etc/profile_bak echo "alias ll='ls $LS_OPTIONS -l'" >>/etc/profile && source /etc/profile useradd -d /data/evan -s /bin/bash -m evan 数m表示如果该目录不存在,则创建该目录 apt install net-tools procps rsync wget w3m vim build-essential dnsutils tmux curl sudo lsb-release iotop software-properties-common -y # 说明 dig dnsutils firewalld screen 暂时不要 #全面的开发工具 sudo apt install git golang build-essential gcc g++ gdb libboost-dev make automake autogen autoconf cscope global cmake cmake-gui astyle clang-format clang llvm lldb libsqlite3-dev sqlite3 bison flex ruby-dev linux-headers-`uname -r` #ps 说明 apt install procps mariadb-client 安装Fail2Ban
时间同步
UTC时区切换到CST 时区 #用这个啦 # 设置亚洲时区 tzselect 有时不准 timedatectl set-timezone Asia/Shanghai # 启用NTP同步 #关闭是 false timedatectl set-ntp yes echo "export TZ='Asia/Shanghai'" >> /etc/profile cat /etc/profile |grep TZ source /etc/profile date -R #时区查看 date Sat Aug 19 17:03:17 CST 2017 校正日期和时间 linux256 cp /usr/share/zoneinfo/Asia/ShangHai /etc/localtime #时区为亚洲/上海 # 网络校时 apt-get install ntpdate ntpdate 210.72.145.44 # 中国国家时间服务器: 210.72.145.44 # 手动校时 sudo date -s 11/13/2019 #2019年11月13日 sudo date -s 10:05:30 #10点05分30秒
security
ufw
firewalld
这个放弃了
How To Install and Configure Firewalld on Debian 10
在Debian 10(Buster)上安装和配置Firewalld
优化optimize
linux 里ulimit永久生效设置(debian9 64
9 update to 10
sudo apt dist-upgrade -y #在之前改成 10的源
在QCLOUD上升级失败了 可以试一下他们自己的源
https://mirrors.cloud.tencent.com/debian/dists/
https://cloud.tencent.com/developer/article/1473368
故障
报错1
Reading package lists... E: Release file for http://mirrors.ustc.edu.cn/debian/dists/stretch-updates/InRelease is expired (invalid since 69d 5h 56min 7s). Updates for this repository will not be applied. E: Release file for http://mirrors.ustc.edu.cn/debian/dists/stretch-backports/InRelease is expired (invalid since 69d 5h 56min 7s). Updates for this repository will not be applied. E: Release file for http://mirrors.ustc.edu.cn/debian-security/dists/stretch/updates/InRelease is expired (invalid since 66d 14h 56min 48s). Updates for this repository will not be applied. ERROR: Service 'php-worker' failed to build: The command '/bin/sh -c apt-get update' returned a non-zero code: 100
处理
########################################################################### # Crontab ########################################################################### RUN rm -f /etc/apt/sources.list RUN rm -f /etc/apt/sources.list.d/buster.list COPY sources.list /etc/apt/ RUN apt -o Acquire::Check-Valid-Until=false update RUN apt-get update RUN apt-get clean RUN apt-get install -y apt-transport-https RUN apt install -y cron vim RUN ["service","cron","start"] cat php-worker/sources.list deb http://deb.debian.org/debian stretch main
报错2
Error message “sudo: unable to resolve host (none)”
That /etc/hosts has an entry for localhost. It should have something like:
127.0.0.1 localhost.localdomain localhost 127.0.1.1 you-hostname
参考
Debian服务器的初始化配置-Google Authenticator