Debian服务器初始化

来自linux中国网wiki
Evan讨论 | 贡献2020年5月18日 (一) 07:23的版本 →‎change sources
跳到导航 跳到搜索

Salt-ssh批量初始化机器

os init

change sources

if docker

利用Dockerfile修改容器中的apt源(debian源)

10源


deb http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb http://mirrors.aliyun.com/debian-security buster/updates main
deb-src http://mirrors.aliyun.com/debian-security buster/updates main
deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib

9 源


echo 'deb http://mirrors.aliyun.com/debian/ stretch main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ stretch main non-free contrib
deb http://mirrors.aliyun.com/debian-security stretch/updates main
deb-src http://mirrors.aliyun.com/debian-security stretch/updates main
deb http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
deb http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib ' >sources.list

ssh config

echo "ssh-rsa AAAAB3NzaC you_prk_key root@ops
"  >> /root/.ssh/authorized_keys

sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config

sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config

systemctl restart sshd
#service  sshd restart

常用软件

useradd -d /data/evan  -s /bin/bash -m  evan
数m表示如果该目录不存在,则创建该目录


apt install net-tools procps  rsync wget   w3m    vim  build-essential dnsutils tmux  curl sudo lsb-release  iotop software-properties-common  -y   # 说明 dig dnsutils   firewalld  screen 暂时不要 

#全面的开发工具
sudo apt  install git golang build-essential gcc g++ gdb libboost-dev make automake autogen autoconf cscope global cmake cmake-gui astyle clang-format clang llvm lldb libsqlite3-dev sqlite3 bison flex ruby-dev linux-headers-`uname -r`


#ps 说明
apt install procps


安装Fail2Ban
 

Debian 安装 fail2ban 方式SSH爆破攻击


Debian配置iptables

时间同步

UTC时区切换到CST 时区

#用这个啦 
# 设置亚洲时区  tzselect 有时不准
timedatectl set-timezone Asia/Shanghai
# 启用NTP同步 #关闭是 false 
timedatectl set-ntp yes


 echo "export TZ='Asia/Shanghai'"  >> /etc/profile  
 cat /etc/profile |grep TZ  
source /etc/profile

date -R  #时区查看 
 date 
Sat Aug 19 17:03:17 CST 2017


校正日期和时间  linux256

cp /usr/share/zoneinfo/Asia/ShangHai  /etc/localtime     #时区为亚洲/上海
# 网络校时
apt-get install ntpdate
ntpdate 210.72.145.44        # 中国国家时间服务器: 210.72.145.44

# 手动校时
sudo date -s 11/13/2019                #2019年11月13日
sudo date -s 10:05:30                  #10点05分30秒

security

ufw

firewalld

这个放弃了

详情可见 Centos7 firewalld防火墙基础

How To Install and Configure Firewalld on Debian 10

在Debian 10(Buster)上安装和配置Firewalld

9 update to 10

 sudo apt dist-upgrade -y #在之前改成 10的源
在QCLOUD上升级失败了   可以试一下他们自己的源

https://mirrors.cloud.tencent.com/debian/dists/

https://cloud.tencent.com/developer/article/1473368

参考

Ubuntu 新装服务器部署流程

如何在Debian和Ubuntu系统中安装Java 9

Linux服务器的初步配置流程

Securing a Linux Server

Linux服务器初始化配置脚本

Linux服务器初始化调优及安全加固

如何使用 fail2ban 防御 SSH 服务器的暴力破解攻击

Debian的一些常用命令


Debian 8 设置时区和时间配置