页面“Centos7服务器初始化”与“Debian服务器初始化”之间的差异

来自linux中国网wiki
(页面间的差异)
跳到导航 跳到搜索
 
 
第1行: 第1行:
=站内相关资源=
+
 
[[容器初始化]]
 
= 如果机器多[[Salt-ssh批量初始化机器]]=
 
 
[[Salt-ssh批量初始化机器]]
 
[[Salt-ssh批量初始化机器]]
 +
[https://debian-handbook.info/browse/zh-CN/stable/sect.how-to-migrate.html Debian 管理员手册]
 +
=os install=
 +
有时候会出现 select  and install software  等等几个小时的情况 应该是不要选择mirrors就好了 安装后再自己加
 +
= os init=
 +
Gentoo Linux 手册 非常有学习的价值
  
=如果机器少=
+
[[容器初始化]]
==我现在用的shell==
+
== change sources ==
 +
==if docker==
 +
[[利用Dockerfile修改容器中的apt源(debian源)]]
 +
===10源===
 
<pre>
 
<pre>
#!/bin/bash
 
#Authon: linuxsa.org 201911
 
# usage bash  osinit.sh 2>&1 | tee osinit.log 
 
#http://wiki.linuxchina.net/index.php/Centos7%E5%88%9D%E5%A7%8B%E5%8C%96
 
  
#常用开发包 gcc etc
+
deb http://mirrors.aliyun.com/debian/ buster main non-free contrib
yum groupinstall "Development Tools" -y
+
deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib
#常用命令 ifconfig etc
+
deb http://mirrors.aliyun.com/debian-security buster/updates main
yum install -y  net-tools    yum-utils rsync
+
deb-src http://mirrors.aliyun.com/debian-security buster/updates main
 +
deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
 +
deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
 +
deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
 +
deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
  
yum install epel-release -y
+
</pre>
yum install iftop tcpdump  -y
+
===9 源===
 +
<pre>
  
# ins docker
+
echo 'deb http://mirrors.aliyun.com/debian/ stretch main non-free contrib
# step 1: 安装必要的一些系统工具
+
deb-src http://mirrors.aliyun.com/debian/ stretch main non-free contrib
yum install -y yum-utils device-mapper-persistent-data lvm2
+
deb http://mirrors.aliyun.com/debian-security stretch/updates main
# Step 2: 添加软件源信息
+
deb-src http://mirrors.aliyun.com/debian-security stretch/updates main
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
+
deb http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
 +
deb-src http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
 +
deb http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib
 +
deb-src http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib ' >sources.list
 +
</pre>
  
# Step 3: 更新并安装 Docker-CE
+
== ssh config==
yum makecache fast
+
<pre>
 
 
yum -y install docker-ce
 
# Step 4: 开启Docker服务
 
systemctl enable docker
 
systemctl start docker
 
 
 
 
 
rpm -ivh https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm
 
 
 
yum install zabbix-agent -y  && systemctl  enable zabbix-agent
 
 
 
#install docker-compose etc
 
 
 
yum -y install vim wget curl yum-utils bash-completion bash-completion-extras epel-release lrzsz telnet python-pip
 
#这个看情况
 
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 
#mv  docker-compose /usr/local/bin/docker-compose
 
sudo chmod +x /usr/local/bin/docker-compose
 
chmod +x /usr/local/bin/docker-compose
 
#pip install docker-compose
 
 
 
#mkdir -p /home/data/docker
 
mkdir -p  /data/docker
 
  
echo '{"graph": "/data/docker"}' >/etc/docker/daemon.json
+
openssh
  
# cat /etc/docker/daemon.json
+
apt-get install openssh-client openssh-server
#{"graph": "/home/data/docker"}
+
这个要先安装 不然自启动会不成功
  
systemctl restart docker
+
如何激活服务并在启动时启用或禁用服务(即系统启动时自动启动服务)
 +
# systemctl is-active ssh.service
 +
systemctl enable ssh.service
 +
# systemctl disable ssh.service
  
#验证docker储存位置
 
docker system info | grep "Root Dir"
 
  
#开机自启动要用的
 
  
chmod +x /etc/rc.d/rc.local
 
 
setenforce 0
 
sed -i 's/enforcing/disabled/g' /etc/selinux/config
 
 
#firewall
 
systemctl enable firewalld
 
 
 
#修改源
 
#CentOS 7
 
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
 
#或者
 
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
 
 
#CentOS 8
 
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
 
#或者
 
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
 
 
#3. 运行 yum makecache 生成缓存
 
yum makecache
 
</pre>
 
 
==centos7初始化 ==
 
 
== ssh config==
 
<pre>
 
 
echo "ssh-rsa AAAAB3NzaC you_prk_key root@ops
 
echo "ssh-rsa AAAAB3NzaC you_prk_key root@ops
 
"  >> /root/.ssh/authorized_keys
 
"  >> /root/.ssh/authorized_keys
第98行: 第58行:
  
 
sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
 
sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
 +
sed -i "s/^#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
  
 
systemctl restart sshd
 
systemctl restart sshd
 
#service  sshd restart
 
#service  sshd restart
  
</pre>
+
补充
==网络配置==
+
服务端
<pre>
+
chown -R 0700 ~/.ssh
cat /etc/sysconfig/network-scripts/ifcfg-eth0
+
chown -R 0644 ~/.ssh/authorized_keys
TYPE="Ethernet"
 
BOOTPROTO=static 
 
IPADDR0=192.168.0.16
 
NETMASK=255.255.255.0  
 
GATEWAY0=192.168.0.1
 
DNS1=223.5.5.5 
 
DNS2=114.114.114.114
 
  
DEVICE="eth0"
+
客户端改一下
ONBOOT="yes"
+
chmod 600 id_rsa
  
 
</pre>
 
</pre>
  
== 安装常用软件==
+
==常用软件==
<pre> yum install python-devel
+
<pre>
yum install vim  wget  net-tools  psmisc links  lsof telnet  zlib-devel curl  tmux  mariadb    -y  # screen
 
  
yum groupinstall "Development Tools" -y
+
#alias
</pre>
+
cp /etc/profile  /etc/profile_bak
===CentOS7 安装ifconfig===
+
echo "alias ll='ls $LS_OPTIONS -l'" >>/etc/profile  &&  source /etc/profile
<pre>
 
  
不知道dig 是哪个软件包 提供的  请用 yum provides  command #绝对路径
 
  
yum provides /sbin/ifconfig
+
useradd -d /data/evan -s /bin/bash -m  evan
 +
数m表示如果该目录不存在,则创建该目录
  
******
 
net-tools-1.60-114.el6.x86_64 : Basic networking tools
 
Repo        : base
 
匹配来自于:
 
Filename    : /sbin/ifconfig
 
*****
 
  
由上可见安装的软件为net-tools
+
apt install net-tools procps  rsync wget  w3m    vim  build-essential dnsutils tmux  curl sudo lsb-release  iotop software-properties-common  -y  # 说明 dig dnsutils  firewalld  screen 暂时不要
  
ifconfig, netstat, route, and other
+
#全面的开发工具
 +
sudo apt  install git golang build-essential gcc g++ gdb libboost-dev make automake autogen autoconf cscope global cmake cmake-gui astyle clang-format clang llvm lldb libsqlite3-dev sqlite3 bison flex ruby-dev linux-headers-`uname -r`
  
[root@centos7 hcmdb]# yum info  net-tools 
 
已安装的软件包
 
名称    :net-tools
 
架构    :x86_64
 
版本    :2.0
 
发布    :0.17.20131004git.el7
 
大小    :917 k
 
源    :installed
 
简介    : Basic networking tools
 
网址    :http://sourceforge.net/projects/net-tools/
 
协议    : GPLv2+
 
描述    : The net-tools package contains basic networking tools,
 
        : including ifconfig, netstat, route, and others.
 
        : Most of them are obsolete. For replacement check iproute package.
 
  
yum -y  install net-tools  vim  wget
+
#ps 说明
#yum/dnf install net-tools  vim  wget
+
apt install procps
  
centos7精简安装后,使用中发现没有killall命令。
+
mariadb-client
可以通过以下命令解决:
 
  
yum install psmisc
+
安装Fail2Ban
   
+
  </pre>
简单介绍一下 psmisc :
 
  
Psmisc软件包包含三个帮助管理/proc目录的程序。
+
[https://www.debian.cn/archives/2880 Debian 安装 fail2ban 方式SSH爆破攻击]
安装下列程序: fuser, killall,pstree和pstree.x11(到pstree的链接)
 
fuser 显示使用指定文件或者文件系统的进程的PID。
 
killall 杀死某个名字的进程,它向运行指定命令的所有进程发出信号。
 
pstree 树型显示当前运行的进程。
 
pstree.x11 与pstree功能相同,只是在退出前需要确认
 
  
  
</pre>
+
[[Debian配置iptables]]
  
==常用软件==
+
=时间同步=
 
<pre>
 
<pre>
 +
UTC时区切换到CST 时区
  
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
+
#用这个啦
 +
# 设置亚洲时区  tzselect 有时不准
 +
timedatectl set-timezone Asia/Shanghai
 +
# 启用NTP同步 #关闭是 false
 +
timedatectl set-ntp yes
  
yum install  nmap-ncat lsof -y #nc (nmap-ncat)
 
  
lsof -i:1080
 
  
yum groupinstall "Development Libraries"
+
echo "export TZ='Asia/Shanghai'" >> /etc/profile 
 +
cat /etc/profile |grep TZ 
 +
source /etc/profile
  
yum groupinstall "Development Tools"
+
date -R  #时区查看
 +
date
 +
Sat Aug 19 17:03:17 CST 2017
  
</pre>
 
  
==nginx==
+
校正日期和时间 linux256
<pre>
 
yum install wget -y
 
  
wget https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/Packages/e/epel-release-7-12.noarch.rpm
+
cp /usr/share/zoneinfo/Asia/ShangHai  /etc/localtime    #时区为亚洲/上海
 +
# 网络校时
 +
apt-get install ntpdate
 +
ntpdate 210.72.145.44        # 中国国家时间服务器: 210.72.145.44
  
wget https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-12.noarch.rpm
+
# 手动校时
 +
sudo date -s 11/13/2019                #2019年11月13日
 +
sudo date -s 10:05:30                  #10点05分30秒
  
yum install nginx  -y
 
 
</pre>
 
</pre>
==jdk==
 
<pre>
 
java.security.InvalidKeyException: Illegal key size or default parameters
 
  
new vm 就要加上 unlime
+
=security=
 +
==ufw==
  
文件 UnlimitedJCEPolicyJDK7.zip
+
==firewalld==
规制办法
+
这个放弃了
evan@evankalilatop:~/xk/jdk$ cat jdkpath
 
替换 ${jdk_home}/jre/lib/security 下local_policy.jar, US_export_policy.jar
 
</pre>
 
  
==修改文件句柄数==
+
详情可见 [[Centos7 firewalld防火墙基础]]
<pre>
 
#临时修改,立刻生效
 
ulimit -n 655350       
 
  
#永久修改
+
[https://computingforgeeks.com/how-to-install-and-configure-firewalld-on-debian/ How To Install and Configure Firewalld on Debian 10]
echo "* soft nofile 655360" >> /etc/security/limits.conf
 
echo "* hard nofile 655360" >> /etc/security/limits.conf
 
</pre>
 
[https://www.jianshu.com/p/23ee9db2a620 使用ulimit 命令、/etc/security/limits.conf、proc 调整系统参数]
 
  
==kernel 优化==
+
[https://ywnz.com/linuxaq/5495.html 在Debian 10(Buster)上安装和配置Firewalld]
<pre>
 
#set sysctl 有空把这些意思拿出来
 
sysctl_config(){
 
cp /etc/sysctl.conf /et/sysctl.conf.bak
 
cat > /etc/sysctl.conf << EOF
 
net.ipv4.ip_forward = 0
 
net.ipv4.conf.default.rp_filter = 1
 
net.ipv4.conf.default.accept_source_route = 0
 
kernel.sysrq = 0
 
kernel.core_uses_pid = 1
 
net.ipv4.tcp_syncookies = 1
 
kernel.msgmnb = 65536
 
kernel.msgmax = 65536
 
kernel.shmmax = 68719476736
 
kernel.shmall = 4294967296
 
net.ipv4.tcp_max_tw_buckets = 6000
 
net.ipv4.tcp_sack = 1
 
net.ipv4.tcp_window_scaling = 1
 
net.ipv4.tcp_rmem = 4096 87380 4194304
 
net.ipv4.tcp_wmem = 4096 16384 4194304
 
net.core.wmem_default = 8388608
 
net.core.rmem_default = 8388608
 
net.core.rmem_max = 16777216
 
net.core.wmem_max = 16777216
 
net.core.netdev_max_backlog = 262144
 
net.core.somaxconn = 262144
 
net.ipv4.tcp_max_orphans = 3276800
 
net.ipv4.tcp_max_syn_backlog = 262144
 
net.ipv4.tcp_timestamps = 0
 
net.ipv4.tcp_synack_retries = 1
 
net.ipv4.tcp_syn_retries = 1
 
net.ipv4.tcp_tw_recycle = 1
 
net.ipv4.tcp_tw_reuse = 1
 
net.ipv4.tcp_mem = 94500000 915000000 927000000
 
net.ipv4.tcp_fin_timeout = 1
 
net.ipv4.tcp_keepalive_time = 1200
 
net.ipv4.ip_local_port_range = 1024 65535
 
EOF
 
/sbin/sysctl -p
 
echo "sysctl set OK!!"
 
}
 
  
  
使用PAM模块限制资源:
+
= 优化optimize=
# vi /etc/pam.d/login
 
session required pam_limits.so
 
</pre>
 
  
==可以禁用ipv6 ==
 
<pre>
 
cat >> /etc/modprobe.d/ipv6.conf <<EOF
 
alias net-pf-10 off
 
alias ipv6 off
 
EOF
 
</pre>
 
  
==去除ssh远程DNS认证 ==
+
[https://github.com/mostamazing/mostamazing/issues/28  linux 里ulimit永久生效设置(debian9 64]
<pre>
 
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
 
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
 
  
sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config
+
=9 update to 10=
 +
  sudo apt dist-upgrade -y #在之前改成 10的源
  
sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
+
在QCLOUD上升级失败了  可以试一下他们自己的源
 +
https://mirrors.cloud.tencent.com/debian/dists/
  
systemctl restart sshd
+
https://cloud.tencent.com/developer/article/1473368
  
 +
=故障=
 +
==报错1 ==
 +
<pre>
 +
Reading package lists...
 +
E: Release file for http://mirrors.ustc.edu.cn/debian/dists/stretch-updates/InRelease is expired (invalid since 69d 5h 56min 7s). Updates for this repository will not be applied.
 +
E: Release file for http://mirrors.ustc.edu.cn/debian/dists/stretch-backports/InRelease is expired (invalid since 69d 5h 56min 7s). Updates for this repository will not be applied.
 +
E: Release file for http://mirrors.ustc.edu.cn/debian-security/dists/stretch/updates/InRelease is expired (invalid since 66d 14h 56min 48s). Updates for this repository will not be applied.
 +
ERROR: Service 'php-worker' failed to build: The command '/bin/sh -c apt-get  update' returned a non-zero code: 100
 
</pre>
 
</pre>
  
==关闭不要的用户和服务==
 
  
== 安全==
+
==处理 ==
 
<pre>
 
<pre>
关闭 selinux 如果是在内网机器关了也没关系
+
###########################################################################
 
+
# Crontab
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
+
###########################################################################
setenforce 0
+
RUN rm -f /etc/apt/sources.list
 
+
RUN rm -f /etc/apt/sources.list.d/buster.list
查看SELinux状态
+
COPY  sources.list /etc/apt/
getenforce
+
RUN apt -o Acquire::Check-Valid-Until=false update
 
 
 
 
#临时关闭防火墙
 
systemctl stop firewalld
 
#永久防火墙开机自启动
 
systemctl disable firewalld
 
#临时打开防火墙
 
systemctl start firewalld
 
#防火墙开机启动
 
systemctl enable firewalld
 
#查看防火墙状态
 
systemctl status firewalld
 
  
 +
RUN  apt-get  update 
 +
RUN  apt-get clean
 +
RUN  apt-get install -y apt-transport-https
 +
RUN  apt install -y cron vim
 +
RUN ["service","cron","start"]
  
新机器 测试 web  不关闭可能报错
 
ERR_ADDRESS_UNREACHABLE
 
  
 +
cat php-worker/sources.list
  
fail2ban
+
deb http://deb.debian.org/debian stretch main
  
 
</pre>
 
</pre>
  
==设置时区==
+
==报错2 ==
如果时间不对 请 看
+
Error message “sudo: unable to resolve host (none)”
[[Linux时间同步的那些事儿]]
 
<pre>
 
  
yum install ntp
+
That /etc/hosts has an entry for localhost. It should have something like:
  timedatectl set-ntp true
 
</pre>
 
  
<pre>
+
127.0.0.1    localhost.localdomain localhost
rm -f /etc/localtime
+
127.0.1.1    you-hostname
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
 
</pre>
 
  
==参考==
+
=参考=
  
[https://www.jianshu.com/p/d0ef5bd18610 centos7初始化脚本.bash]
+
[https://blog.chaos.run/dreams/ubuntu-server-starting-settings/index.html Debian服务器的初始化配置-Google Authenticator]
  
[https://blog.csdn.net/kxwinxp/article/details/78895373 CentOS 7 运维优化]
+
[https://www.debian.cn/archives/2880  Debian 安装 fail2ban 方式SSH爆破攻击]
  
[https://blog.csdn.net/wh211212/article/details/52923673 CentOS 7安装完成后初始化]
+
[https://blog.51cto.com/wzlinux/2043586 Ubuntu 新装服务器部署流程]
  
[https://blog.51cto.com/wzlinux/2043592 CentOS 7 新装服务器部署流程]
+
[https://www.howtoing.com/install-java-in-debian-and-ubuntu 如何在Debian和Ubuntu系统中安装Java 9]
  
[https://www.cnblogs.com/sdhzdtwhm/p/8027928.html CentOS7操作系统初始化]
+
[http://www.ruanyifeng.com/blog/2014/03/server_setup.html Linux服务器的初步配置流程]
  
[https://linux.cn/article-5067-1.html 如何使用 fail2ban 防御 SSH 服务器的暴力破解攻击]
+
[http://spenserj.com/blog/2013/07/15/securing-a-linux-server/ Securing a Linux Server]
 
 
[http://www.cnblogs.com/txk1452/p/6361559.html CentOS7 安装ifconfig]
 
  
 
[http://blog.51cto.com/feihan21/1060365 Linux服务器初始化配置脚本]
 
[http://blog.51cto.com/feihan21/1060365 Linux服务器初始化配置脚本]
第363行: 第224行:
 
[https://blog.imdst.com/linux-fu-wu-qi-chu-shi-hua-an-quan-jia-gu/ Linux服务器初始化调优及安全加固]
 
[https://blog.imdst.com/linux-fu-wu-qi-chu-shi-hua-an-quan-jia-gu/ Linux服务器初始化调优及安全加固]
  
 +
[https://linux.cn/article-5067-1.html 如何使用 fail2ban 防御 SSH 服务器的暴力破解攻击]
 +
 +
[https://blog.csdn.net/developerinit/article/details/73065229?utm_source=blogxgwz7 Debian的一些常用命令]
  
[https://www.cnblogs.com/stulzq/p/7610100.html Centos7 初始化硬盘分区、挂载]
 
  
==kernel==
+
[https://www.cnblogs.com/yoyotl/p/8151409.html Debian 8 设置时区和时间配置]
[https://blog.csdn.net/lufeisan/article/details/53339991 Linux系统swappiness参数在内存与交换分区之间优化作用]
+
[[category:ops]] [[category:debian]]
[[category:linux]][[category:ops]]
 

2021年4月25日 (日) 06:19的版本

Salt-ssh批量初始化机器 Debian 管理员手册

os install

有时候会出现 select  and install software  等等几个小时的情况 应该是不要选择mirrors就好了 安装后再自己加

os init

Gentoo Linux 手册 非常有学习的价值

容器初始化

change sources

if docker

利用Dockerfile修改容器中的apt源(debian源)

10源


deb http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb http://mirrors.aliyun.com/debian-security buster/updates main
deb-src http://mirrors.aliyun.com/debian-security buster/updates main
deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib

9 源


echo 'deb http://mirrors.aliyun.com/debian/ stretch main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ stretch main non-free contrib
deb http://mirrors.aliyun.com/debian-security stretch/updates main
deb-src http://mirrors.aliyun.com/debian-security stretch/updates main
deb http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
deb http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib ' >sources.list

ssh config


openssh

apt-get install openssh-client openssh-server
这个要先安装 不然自启动会不成功

如何激活服务并在启动时启用或禁用服务(即系统启动时自动启动服务)
# systemctl is-active ssh.service
systemctl enable ssh.service
# systemctl disable ssh.service



echo "ssh-rsa AAAAB3NzaC you_prk_key root@ops
"  >> /root/.ssh/authorized_keys

sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config

sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
sed -i "s/^#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config

systemctl restart sshd
#service  sshd restart

补充
服务端
chown -R 0700  ~/.ssh
chown -R 0644  ~/.ssh/authorized_keys

客户端改一下
chmod 600 id_rsa

常用软件


#alias
cp /etc/profile  /etc/profile_bak
echo "alias ll='ls $LS_OPTIONS -l'" >>/etc/profile  &&   source /etc/profile 


useradd -d /data/evan  -s /bin/bash -m  evan
数m表示如果该目录不存在,则创建该目录


apt install net-tools procps  rsync wget   w3m    vim  build-essential dnsutils tmux  curl sudo lsb-release  iotop software-properties-common  -y   # 说明 dig dnsutils   firewalld  screen 暂时不要 

#全面的开发工具
sudo apt  install git golang build-essential gcc g++ gdb libboost-dev make automake autogen autoconf cscope global cmake cmake-gui astyle clang-format clang llvm lldb libsqlite3-dev sqlite3 bison flex ruby-dev linux-headers-`uname -r`


#ps 说明
apt install procps

mariadb-client

安装Fail2Ban

Debian 安装 fail2ban 方式SSH爆破攻击


Debian配置iptables

时间同步

UTC时区切换到CST 时区

#用这个啦 
# 设置亚洲时区  tzselect 有时不准
timedatectl set-timezone Asia/Shanghai
# 启用NTP同步 #关闭是 false 
timedatectl set-ntp yes



 echo "export TZ='Asia/Shanghai'"  >> /etc/profile  
 cat /etc/profile |grep TZ  
source /etc/profile

date -R  #时区查看 
 date 
Sat Aug 19 17:03:17 CST 2017


校正日期和时间  linux256

cp /usr/share/zoneinfo/Asia/ShangHai  /etc/localtime     #时区为亚洲/上海
# 网络校时
apt-get install ntpdate
ntpdate 210.72.145.44        # 中国国家时间服务器: 210.72.145.44

# 手动校时
sudo date -s 11/13/2019                #2019年11月13日
sudo date -s 10:05:30                  #10点05分30秒

security

ufw

firewalld

这个放弃了

详情可见 Centos7 firewalld防火墙基础

How To Install and Configure Firewalld on Debian 10

在Debian 10(Buster)上安装和配置Firewalld


优化optimize

linux 里ulimit永久生效设置(debian9 64

9 update to 10

 sudo apt dist-upgrade -y #在之前改成 10的源

在QCLOUD上升级失败了   可以试一下他们自己的源

https://mirrors.cloud.tencent.com/debian/dists/

https://cloud.tencent.com/developer/article/1473368

故障

报错1

Reading package lists...
E: Release file for http://mirrors.ustc.edu.cn/debian/dists/stretch-updates/InRelease is expired (invalid since 69d 5h 56min 7s). Updates for this repository will not be applied.
E: Release file for http://mirrors.ustc.edu.cn/debian/dists/stretch-backports/InRelease is expired (invalid since 69d 5h 56min 7s). Updates for this repository will not be applied.
E: Release file for http://mirrors.ustc.edu.cn/debian-security/dists/stretch/updates/InRelease is expired (invalid since 66d 14h 56min 48s). Updates for this repository will not be applied.
ERROR: Service 'php-worker' failed to build: The command '/bin/sh -c apt-get  update' returned a non-zero code: 100


处理

###########################################################################
# Crontab
###########################################################################
RUN rm -f /etc/apt/sources.list 
RUN rm -f /etc/apt/sources.list.d/buster.list 
COPY  sources.list /etc/apt/
RUN apt -o Acquire::Check-Valid-Until=false update

RUN  apt-get  update  
RUN  apt-get clean 
RUN  apt-get install -y apt-transport-https
RUN  apt install -y cron vim 
RUN ["service","cron","start"]


cat php-worker/sources.list

deb http://deb.debian.org/debian stretch main

报错2

Error message “sudo: unable to resolve host (none)”

That /etc/hosts has an entry for localhost. It should have something like: 

127.0.0.1    localhost.localdomain localhost
127.0.1.1    you-hostname

参考

Debian服务器的初始化配置-Google Authenticator

Debian 安装 fail2ban 方式SSH爆破攻击

Ubuntu 新装服务器部署流程

如何在Debian和Ubuntu系统中安装Java 9

Linux服务器的初步配置流程

Securing a Linux Server

Linux服务器初始化配置脚本

Linux服务器初始化调优及安全加固

如何使用 fail2ban 防御 SSH 服务器的暴力破解攻击

Debian的一些常用命令


Debian 8 设置时区和时间配置

取自“http://wiki.linuxchina.net/index.php?title=Centos7服务器初始化&oldid=6159