ubuntu1604系統初始化

時間 2019-12-11

原文原文鏈接

1.初始化網絡配置

1.1.建立工做目錄

生產環境下必須有個固定的目錄存放一些安裝軟件和調試工具，
不然每一個管理員都隨意存放軟件工具，服務器的環境能夠想而知

mkdir -p /opt/{tools,scripts}
mkdir -p /data/backup
cd /opt/tools/

安裝經常使用軟件工具

apt-get update
apt-get install lrzsz vim wget curl lsof telnet net-tools ntpdate tree screen iotop iftop

1.2.設置主機名和hosts解析

修改服務器主機名

hostname demosrv-01
vi /etc/hostname 
--------------------------------
demosrv-01
-------------------------------

設置hosts域名解析

vi /etc/hosts
--------------------------------
192.168.1.200    demosrv-01
--------------------------------

1.3.設置固定IP地址和DNS域名解析

1.3.1.修改主機IP

1）爲網卡配置靜態IP地址

sudo vim /etc/network/interfaces
--------------------------------------------
auto eth0
iface eth0 inet static
address 192.168.1.200
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 223.5.5.5
dns-nameservers 8.8.8.8
--------------------------------------------
# 重啓網卡
sudo /etc/init.d/networking restart

2）設定第二個IP地址(虛擬IP地址)

sudo vim /etc/network/interfaces
--------------------------------------------
auto eth0:1
iface eth0:1 inet static
address 192.168.1.201
netmask 255.255.255.0
gateway x.x.x.x
network x.x.x.x
broadcast x.x.x.x
--------------------------------------------
# 重啓網卡：
sudo /etc/init.d/networking restart

1.3.2.設置DNS解析

vi /etc/resolv.conf 
--------------------------------
nameserver 202.106.0.20
nameserver 8.8.8.8
--------------------------------
ip add
ping www.baidu.com

1.4.配置 apt 源（阿里雲）

1.4.1.備份原始 apt 源配置文件

cp /etc/apt/sources.list /etc/apt/sources.list.ori

1.4.2.修改 apt 源配置文件（更換 apt 源）

vim /etc/apt/sources.list
----------------------------------
# aliyun
deb http://mirrors.aliyun.com/ubuntu/ xenial main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main

deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe

deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe
----------------------------------

1.4.3.更新源和軟件版本

apt-get update
apt-get upgrade

1.4.4.復損壞的軟件包

# 嘗試卸載出錯的包，從新安裝正確版本的
sudo apt-get -f install

2.配置系統環境變量

2.1.修改記錄的歷史命令數量

echo "HISTSIZE=10000" >> /etc/profile
tail -1 /etc/profile

2.2.設置超時自動註銷登錄

# 8h=28800s
echo " " >> /etc/profile
echo "# Auto-Logout for 4 hours by zhaoshuai on $(date +%F)." >> /etc/profile
echo "export TMOUT=28800" >> /etc/profile
tail -3 /etc/profile
source /etc/profile
echo $TMOUT

3.配置系統安全選項

3.1.修改 ssh 服務配置

只監聽IPv4端口，關閉GSSAPI祕鑰認證，關閉DNS解析加速ssh鏈接linux
手動修改配置文件

vim /etc/ssh/sshd_config
-----------------------------
ListenAddress 0.0.0.0
PasswordAuthentication no
GSSAPIAuthentication no
UseDNS no
-----------------------------

命令行修改

echo "ListenAddress 0.0.0.0" >> /etc/ssh/sshd_config
echo "GSSAPIAuthentication no" >> /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config

grep ListenAddress /etc/ssh/sshd_config
grep GSSAPIAuthentication /etc/ssh/sshd_config
grep UseDNS /etc/ssh/sshd_config

重啓sshd服務

/bin/systemctl restart  sshd.service
/bin/systemctl status  sshd.service

3.2.關閉 selinux

不須要

3.3.關閉防火牆

內網通常不須要使用防火牆

systemctl stop firewalld
systemctl disable firewalld
systemctl status  firewalld

3.4.關閉其餘不用的服務

郵箱服務，CentOS7默認安裝postfix，而不是sendmail

systemctl stop  postfix
systemctl disable  postfix
systemctl status  postfix
netstat -anptl

4.修改內核參數

4.1.修改文件句柄數

vim /etc/security/limits.conf 
-----------------------------------
# 系統最大鏈接數
*    soft    nofile    65535
*    hard   nofile    65535
*    soft    nproc    65535
*    hard   nproc    65535
-----------------------------------

4.2.配置 TIME_WAIT 參數

清理 TIME_WAIT 狀態的鏈接

netstat -anptl|grep TIME_WAIT|wc -l
echo " " >> /etc/sysctl.conf
echo "# made by zhaoshuai for kill time_wait on $(date +%F)." >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_orphan_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf
tail -8 /etc/sysctl.conf
sysctl -p 
netstat -anptl|grep TIME_WAIT|wc -l

4.3.讓系統自動回收緩存 cache

echo " ">>/etc/sysctl.conf
echo "# Automatic recovery memory on $(date +%F)">>/etc/sysctl.conf
echo "vm.extra_free_kbytes=209196">>/etc/sysctl.conf
sysctl -p

5.配置時間同步

安裝ntp服務並配置開機自啓動

yum -y install ntp
systemctl enable ntpd
systemctl start ntpd
systemctl status ntpd

手動進行時間同步

date
/usr/sbin/ntpdate ntp1.aliyun.com

配置自動同步時間

echo "# made by zhaoshuai for sync time on $(date +%F)" >> /var/spool/cron/crontabs/root
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1' >> /var/spool/cron/crontabs/root
crontab -l

注意：

時區應該爲CST爲中部時區，若是是EST則爲東部時區
安裝CentOS系統時要去掉夏令時的選項，不然在夏令時的那一天會有時間的自動變換，
若是某個服務在時間上有要求就會致使該服務承載的業務出現問題，因此要關閉夏令時

END

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。