|
|
| 第1行: |
第1行: |
|
| |
|
| [[Salt-ssh批量初始化机器]]
| | =问题来了= |
| [https://debian-handbook.info/browse/zh-CN/stable/sect.how-to-migrate.html Debian 管理员手册]
| | 现在的Linux发行版一般都支持图形界面,然而我们作为服务器并不需要图形界面,不需要相关的进程在开机的时候启动。红帽系列的Linux发行版提供/etc/inittab文件进行此配置,将其中的“id:5:initdefault:”中的5换成3即可。具体原因可自行google(关系到文件夹/etc/rc*.d/文件夹,其中*的取值为1-5)。 |
| =os install=
| | 但是对于Debian,好像就不是那么简单了,即使做了上述的更改,仍会启动图形界面。 |
| 有时候会出现 select and install software 等等几个小时的情况 应该是不要选择mirrors就好了 安装后再自己加
| |
|
| |
|
| debian 系统老旧版本iso下载 good
| | =解决办法= |
| | | 修改启动程序grub配置文件实现 |
| https://cdimage.debian.org/cdimage/archive
| |
| | |
| 这里我们发现,在默认情况下,对于此处的每个发行版,他们将所有映像保留为jigdo格式,以节省空间和下载时间。但是保留每个系列的最新版本的ISO映像。
| |
| 首先在Who are we?找到我们需要的版本,这里我直接下载ISO映像,所以我选择了Debian8系列的最新版本8.10.0
| |
| 选择amd64
| |
| | |
| = os init=
| |
| Gentoo Linux 手册 非常有学习的价值
| |
| | |
| [[容器初始化]]
| |
| == change sources ==
| |
| ==if docker==
| |
| [[利用Dockerfile修改容器中的apt源(debian源)]]
| |
| ===11 ===
| |
| <pre>
| |
| cat /etc/apt/sources.list
| |
| | |
| deb http://mirrors.huaweicloud.com/debian/ bullseye main
| |
| deb-src http://mirrors.huaweicloud.com/debian/ bullseye main
| |
| | |
| | |
| | |
| or
| |
| | |
| | |
| | |
| deb http://mirrors.aliyun.com/debian/ bullseye main non-free contrib
| |
| deb-src http://mirrors.aliyun.com/debian/ bullseye main non-free contrib
| |
| deb http://mirrors.aliyun.com/debian-security bullseye/updates main
| |
| deb-src http://mirrors.aliyun.com/debian-security bullseye/updates main
| |
| deb http://mirrors.aliyun.com/debian/ bullseye-updates main non-free contrib
| |
| deb-src http://mirrors.aliyun.com/debian/ bullseye-updates main non-free contrib
| |
| deb http://mirrors.aliyun.com/debian/ bullseye-backports main non-free contrib
| |
| deb-src http://mirrors.aliyun.com/debian/ bullseye-backports main non-free contrib
| |
| | |
| </pre>
| |
| | |
| ===10源===
| |
| <pre>
| |
| | |
| deb http://mirrors.aliyun.com/debian/ buster main non-free contrib
| |
| deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib
| |
| deb http://mirrors.aliyun.com/debian-security buster/updates main
| |
| deb-src http://mirrors.aliyun.com/debian-security buster/updates main
| |
| deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
| |
| deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
| |
| deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
| |
| deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
| |
| | |
| </pre>
| |
| ===9 源=== | |
| <pre>
| |
| | |
| echo 'deb http://mirrors.aliyun.com/debian/ stretch main non-free contrib
| |
| deb-src http://mirrors.aliyun.com/debian/ stretch main non-free contrib
| |
| deb http://mirrors.aliyun.com/debian-security stretch/updates main
| |
| deb-src http://mirrors.aliyun.com/debian-security stretch/updates main
| |
| deb http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
| |
| deb-src http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
| |
| deb http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib
| |
| deb-src http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib ' >sources.list
| |
| </pre>
| |
| | |
| == ssh config==
| |
| <pre>
| |
| | |
| openssh
| |
| | |
| apt-get install openssh-client openssh-server
| |
| 这个要先安装 不然自启动会不成功
| |
| | |
| 如何激活服务并在启动时启用或禁用服务(即系统启动时自动启动服务)
| |
| # systemctl is-active ssh.service
| |
| systemctl enable ssh.service
| |
| # systemctl disable ssh.service
| |
| | |
| | |
| | |
| echo "ssh-rsa AAAAB3NzaC you_prk_key root@ops
| |
| " >> /root/.ssh/authorized_keys
| |
| | |
| sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config
| |
| | |
| sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
| |
| sed -i "s/^#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
| |
| | |
| systemctl restart sshd
| |
| #service sshd restart
| |
| | |
| 补充
| |
| 服务端
| |
| chown -R 0700 ~/.ssh
| |
| chown -R 0644 ~/.ssh/authorized_keys
| |
| | |
| 客户端改一下
| |
| chmod 600 id_rsa
| |
| | |
| </pre>
| |
| | |
| ==常用软件==
| |
| <pre>
| |
| | |
| #alias
| |
| cp /etc/profile /etc/profile_bak
| |
| echo "alias ll='ls $LS_OPTIONS -l'" >>/etc/profile && source /etc/profile
| |
| | |
| | |
| useradd -d /data/evan -s /bin/bash -m evan
| |
| 数m表示如果该目录不存在,则创建该目录
| |
| | |
| | |
| apt install net-tools procps rsync wget w3m vim build-essential gcc dnsutils tmux curl sudo lsb-release iotop software-properties-common -y # 说明 dig dnsutils firewalld screen 暂时不要
| |
| | |
| | |
| #troubleshooting 163的源可能有问题
| |
| build-essential
| |
| | |
| perl : Depends: perl-base (= 5.32.1-4) but 5.32.1-4+deb11u1 is to be installed
| |
| E: Unable to correct problems, you have held broken packages.
| |
| | |
| | |
| #全面的开发工具
| |
| sudo apt install git golang build-essential gcc g++ gdb libboost-dev make automake autogen autoconf cscope global cmake cmake-gui astyle clang-format clang llvm lldb libsqlite3-dev sqlite3 bison flex ruby-dev linux-headers-`uname -r`
| |
| | |
| | |
| #ps 说明
| |
| apt install procps
| |
| | |
| mariadb-client
| |
| | |
| 安装Fail2Ban
| |
| | |
| | |
| #安装上传rz、下载sz工具
| |
| sudo apt-get install lrzsz
| |
| </pre>
| |
| | |
| [https://www.debian.cn/archives/2880 Debian 安装 fail2ban 方式SSH爆破攻击]
| |
| | |
| | |
| [[Debian配置iptables]]
| |
| | |
| =时间同步=
| |
| <pre>
| |
| UTC时区切换到CST 时区
| |
| | |
| #用这个啦
| |
| # 设置亚洲时区 tzselect 有时不准
| |
| timedatectl set-timezone Asia/Shanghai
| |
| # 启用NTP同步 #关闭是 false
| |
| timedatectl set-ntp yes
| |
| | |
| | |
| #有效果 2021
| |
| echo "export TZ='Asia/Shanghai'" >> /etc/profile
| |
| cat /etc/profile |grep TZ
| |
| source /etc/profile
| |
| | |
| date -R #时区查看
| |
| date
| |
| Sat Aug 19 17:03:17 CST 2017
| |
| | |
| | |
| 校正日期和时间 linux256
| |
| | |
| cp /usr/share/zoneinfo/Asia/ShangHai /etc/localtime #时区为亚洲/上海
| |
| # 网络校时
| |
| apt-get install ntpdate
| |
| ntpdate 210.72.145.44 # 中国国家时间服务器: 210.72.145.44
| |
| | |
| # 手动校时
| |
| sudo date -s 11/13/2019 #2019年11月13日
| |
| sudo date -s 10:05:30 #10点05分30秒
| |
| | |
| </pre>
| |
| | |
| =security=
| |
| ==ufw==
| |
| | |
| ==firewalld==
| |
| 这个不错,ufw 用得少,用这个更加统一 May 23 2022
| |
| | |
| 详情可见 [[Centos7 debian firewalld防火墙基础]]
| |
| | |
| [https://computingforgeeks.com/how-to-install-and-configure-firewalld-on-debian/ How To Install and Configure Firewalld on Debian 10]
| |
| | |
| [https://ywnz.com/linuxaq/5495.html 在Debian 10(Buster)上安装和配置Firewalld]
| |
| | |
| = 优化optimize=
| |
| | |
| [https://www.cnblogs.com/coding-my-life/p/11220989.html debian设置limits.conf]
| |
| | |
| [https://github.com/mostamazing/mostamazing/issues/28 linux 里ulimit永久生效设置(debian9 64]
| |
| | |
| =9 update to 10=
| |
| sudo apt dist-upgrade -y #在之前改成 10的源
| |
| | |
| 在QCLOUD上升级失败了 可以试一下他们自己的源
| |
| https://mirrors.cloud.tencent.com/debian/dists/
| |
| | |
| https://cloud.tencent.com/developer/article/1473368
| |
| | |
| =故障=
| |
| ==报错1 ==
| |
| <pre> | | <pre> |
| Reading package lists...
| | 1.打开grup配置文件:/etc/default/grub |
| E: Release file for http://mirrors.ustc.edu.cn/debian/dists/stretch-updates/InRelease is expired (invalid since 69d 5h 56min 7s). Updates for this repository will not be applied.
| | 2.修改GRUB_CMDLINE_LINUX=”” 为GRUB_CMDLINE_LINUX=”text” |
| E: Release file for http://mirrors.ustc.edu.cn/debian/dists/stretch-backports/InRelease is expired (invalid since 69d 5h 56min 7s). Updates for this repository will not be applied.
| | 3.更新update-grub |
| E: Release file for http://mirrors.ustc.edu.cn/debian-security/dists/stretch/updates/InRelease is expired (invalid since 66d 14h 56min 48s). Updates for this repository will not be applied.
| | 4.更新系统服务管理器配置:systemctl set-default multi-user.target |
| ERROR: Service 'php-worker' failed to build: The command '/bin/sh -c apt-get update' returned a non-zero code: 100
| | 5.重启:init 6</pre> |
| </pre>
| |
| | |
| | |
| ==处理 ==
| |
| <pre>
| |
| ###########################################################################
| |
| # Crontab
| |
| ###########################################################################
| |
| RUN rm -f /etc/apt/sources.list
| |
| RUN rm -f /etc/apt/sources.list.d/buster.list
| |
| COPY sources.list /etc/apt/
| |
| RUN apt -o Acquire::Check-Valid-Until=false update
| |
| | |
| RUN apt-get update
| |
| RUN apt-get clean
| |
| RUN apt-get install -y apt-transport-https
| |
| RUN apt install -y cron vim
| |
| RUN ["service","cron","start"]
| |
| | |
| | |
| cat php-worker/sources.list
| |
| | |
| deb http://deb.debian.org/debian stretch main
| |
| | |
| </pre> | |
| | |
| ==报错2 ==
| |
| Error message “sudo: unable to resolve host (none)”
| |
| | |
| That /etc/hosts has an entry for localhost. It should have something like:
| |
| | |
| 127.0.0.1 localhost.localdomain localhost
| |
| 127.0.1.1 you-hostname
| |
| | |
| =参考=
| |
| | |
| [https://blog.chaos.run/dreams/ubuntu-server-starting-settings/index.html Debian服务器的初始化配置-Google Authenticator]
| |
| | |
| [https://www.debian.cn/archives/2880 Debian 安装 fail2ban 方式SSH爆破攻击]
| |
| | |
| [https://blog.51cto.com/wzlinux/2043586 Ubuntu 新装服务器部署流程]
| |
| | |
| [https://www.howtoing.com/install-java-in-debian-and-ubuntu 如何在Debian和Ubuntu系统中安装Java 9]
| |
| | |
| [http://www.ruanyifeng.com/blog/2014/03/server_setup.html Linux服务器的初步配置流程]
| |
| | |
| [http://spenserj.com/blog/2013/07/15/securing-a-linux-server/ Securing a Linux Server]
| |
| | |
| [http://blog.51cto.com/feihan21/1060365 Linux服务器初始化配置脚本]
| |
| | |
| [https://blog.imdst.com/linux-fu-wu-qi-chu-shi-hua-an-quan-jia-gu/ Linux服务器初始化调优及安全加固]
| |
| | |
| [https://linux.cn/article-5067-1.html 如何使用 fail2ban 防御 SSH 服务器的暴力破解攻击]
| |
| | |
| [https://blog.csdn.net/developerinit/article/details/73065229?utm_source=blogxgwz7 Debian的一些常用命令]
| |
| | |
|
| |
|
| [https://www.cnblogs.com/yoyotl/p/8151409.html Debian 8 设置时区和时间配置]
| | [[设置ubuntu 默认不启动图形界面]] |
| [[category:ops]] [[category:debian]]
| | [[category:debian]] |