|
|
第1行: |
第1行: |
| | | |
− | [[Salt-ssh批量初始化机器]]
| |
− | = os init=
| |
− | == change sources ==
| |
− | ===10源===
| |
− | <pre>
| |
| | | |
− | deb http://mirrors.aliyun.com/debian/ buster main non-free contrib
| + | https://y0ngb1n.github.io/a/8df8f831.html |
− | deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib
| |
− | deb http://mirrors.aliyun.com/debian-security buster/updates main
| |
− | deb-src http://mirrors.aliyun.com/debian-security buster/updates main
| |
− | deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
| |
− | deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
| |
− | deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
| |
− | deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
| |
| | | |
− | </pre>
| |
− | ===9 源===
| |
− | <pre>
| |
| | | |
− | echo 'deb http://mirrors.aliyun.com/debian/ stretch main non-free contrib
| + | [[category:Container]] |
− | deb-src http://mirrors.aliyun.com/debian/ stretch main non-free contrib
| |
− | deb http://mirrors.aliyun.com/debian-security stretch/updates main
| |
− | deb-src http://mirrors.aliyun.com/debian-security stretch/updates main
| |
− | deb http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
| |
− | deb-src http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
| |
− | deb http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib
| |
− | deb-src http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib ' >sources.list
| |
− | </pre>
| |
− | | |
− | == ssh config==
| |
− | <pre>
| |
− | echo "ssh-rsa AAAAB3NzaC you_prk_key root@ops
| |
− | " >> /root/.ssh/authorized_keys
| |
− | | |
− | sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config
| |
− | | |
− | sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
| |
− | | |
− | systemctl restart sshd
| |
− | #service sshd restart
| |
− | | |
− | </pre>
| |
− | ==常用软件==
| |
− | <pre>
| |
− | useradd -d /data/evan -s /bin/bash -m evan
| |
− | 数m表示如果该目录不存在,则创建该目录
| |
− | | |
− | | |
− | apt install net-tools rsync wget firewalld vim build-essential dnsutils screen curl sudo lsb-release iotop software-properties-common -y #dig dnsutils
| |
− | | |
− | #全面的开发工具
| |
− | sudo apt install git golang build-essential gcc g++ gdb libboost-dev make automake autogen autoconf cscope global cmake cmake-gui astyle clang-format clang llvm lldb libsqlite3-dev sqlite3 bison flex ruby-dev linux-headers-`uname -r`
| |
− | | |
− | | |
− | #ps
| |
− | apt install procps
| |
− | | |
− | | |
− | 安装Fail2Ban
| |
− | </pre>
| |
− | | |
− | [https://www.debian.cn/archives/2880 Debian 安装 fail2ban 方式SSH爆破攻击]
| |
− | | |
− | | |
− | [[Debian配置iptables]]
| |
− | | |
− | =时间同步=
| |
− | <pre>
| |
− | UTC时区切换到CST 时区
| |
− | | |
− | #用这个啦
| |
− | # 设置亚洲时区
| |
− | timedatectl set-timezone Asia/Shanghai
| |
− | # 启用NTP同步 #关闭是 false
| |
− | timedatectl set-ntp yes
| |
− | | |
− | | |
− | echo "export TZ='Asia/Shanghai'" >> /etc/profile
| |
− | cat /etc/profile |grep TZ
| |
− | source /etc/profile
| |
− | date -R
| |
− | date
| |
− | Sat Aug 19 17:03:17 CST 2017
| |
− | </pre>
| |
− | | |
− | =security=
| |
− | ==firewalld==
| |
− | | |
− | 详情可见 [[Centos7 firewalld防火墙基础]]
| |
− | | |
− | [https://computingforgeeks.com/how-to-install-and-configure-firewalld-on-debian/ How To Install and Configure Firewalld on Debian 10]
| |
− | | |
− | [https://ywnz.com/linuxaq/5495.html 在Debian 10(Buster)上安装和配置Firewalld]
| |
− | | |
− | =参考=
| |
− | | |
− | [https://blog.51cto.com/wzlinux/2043586 Ubuntu 新装服务器部署流程]
| |
− | | |
− | [https://www.howtoing.com/install-java-in-debian-and-ubuntu 如何在Debian和Ubuntu系统中安装Java 9]
| |
− | | |
− | [http://www.ruanyifeng.com/blog/2014/03/server_setup.html Linux服务器的初步配置流程]
| |
− | | |
− | [http://spenserj.com/blog/2013/07/15/securing-a-linux-server/ Securing a Linux Server]
| |
− | | |
− | [http://blog.51cto.com/feihan21/1060365 Linux服务器初始化配置脚本]
| |
− | | |
− | [https://blog.imdst.com/linux-fu-wu-qi-chu-shi-hua-an-quan-jia-gu/ Linux服务器初始化调优及安全加固]
| |
− | | |
− | [https://linux.cn/article-5067-1.html 如何使用 fail2ban 防御 SSH 服务器的暴力破解攻击]
| |
− | | |
− | [https://blog.csdn.net/developerinit/article/details/73065229?utm_source=blogxgwz7 Debian的一些常用命令]
| |
− | | |
− | | |
− | [https://www.cnblogs.com/yoyotl/p/8151409.html Debian 8 设置时区和时间配置]
| |
− | [[category:ops]] [[category:debian]]
| |