zoukankan      html  css  js  c++  java
  • ubuntu 16.04.1 LTS 初始化

    gcc环境
    ------------------
    sudo apt-get update &&
    sudo apt-get install build-essential software-properties-common -y &&
    sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y &&
    sudo apt-get update &&
    sudo apt-get install gcc-snapshot -y &&
    sudo apt-get update &&
    sudo apt-get install gcc-6 g++-6 -y &&
    sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-6 60 --slave /usr/bin/g++ g++ /usr/bin/g++-6 &&
    sudo apt-get install gcc-4.8 g++-4.8 -y &&
    sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.8 60 --slave /usr/bin/g++ g++ /usr/bin/g++-4.8


    编译安装lrzsz
    ---------------------
    cd /tmp
    wget http://www.ohse.de/uwe/releases/lrzsz-0.12.20.tar.gz
    tar zxvf lrzsz-0.12.20.tar.gz && cd lrzsz-0.12.20
    ./configure && make && make install
    ln -s /usr/local/bin/lrz /usr/bin/rz
    ln -s /usr/local/bin/lsz /usr/bin/sz
    rm -rf /tmp/lrzsz*


    上传初始化脚本和startup.tar.gz,并执行
    ----------------------------------------
    Os_Init_Optimization.sh

    #!/bin/bash

    #解压缩startup.tar.gz包
    cd /tmp && tar -zxf startup.tar.gz

    #下载工具及时间同步工具
    apt-get install -y wget
    apt-get install -y ntpdate
    ntpdate -d cn.pool.ntp.org
    date

    #修改时区
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime


    echo "##### update server time #####" >> /var/spool/cron/crontabs/root
    echo "*/10 * * * * /usr/sbin/ntpdate cn.pool.ntp.org > /dev/null 2>&1 && /sbin/clock -w > /dev/null 2>&1" >> /var/spool/cron/crontabs/root
    echo "" >> /var/spool/cron/crontabs/root
    echo "##### history #####" >> /var/spool/cron/crontabs/root
    echo "*/5 * * * * /usr/local/gacp/worksh/history.sh > /dev/null 2>&1" >> /var/spool/cron/crontabs/root
    echo "" >> /var/spool/cron/crontabs/root
    echo "##### Logs #####" >> /var/spool/cron/crontabs/root
    echo "00 00 * * * /usr/local/gacp/worksh/del_100day_before_logs.sh > /dev/null 2>&1" >> /var/spool/cron/crontabs/root
    echo "00 00 * * * /usr/local/gacp/worksh/log_rotate.sh > /dev/null 2>&1" >> /var/spool/cron/crontabs/root
    echo "" >> /var/spool/cron/crontabs/root

    #file size
    sed -i 'N;14iulimit -SHn 65535' /etc/rc.local
    cat >> /etc/security/limits.conf << EOF
    * soft nofile 60000
    * hard nofile 65535
    EOF

    #sysctl.conf
    cat >> /etc/sysctl.conf <<eof

    # NEW ADD
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_tw_recycle = 1

    net.ipv4.tcp_syn_retries = 1
    net.ipv4.tcp_fin_timeout = 30
    net.ipv4.tcp_keepalive_time = 600
    net.ipv4.tcp_syncookies = 1
    net.ipv4.ip_local_port_range = 1024 65535
    net.ipv4.tcp_max_syn_backlog = 65535
    net.ipv4.tcp_max_tw_buckets = 65535

    net.core.wmem_default = 8388608
    net.core.rmem_default = 8388608
    net.core.rmem_max = 16777216
    net.core.wmem_max = 16777216
    net.core.netdev_max_backlog = 131070
    net.core.somaxconn = 20480
    eof

    /sbin/sysctl -p


    DATE=`date +%Y%m%H`

    #add lsyw user
    /usr/sbin/useradd lsyw
    echo 'lsyw:xxxxx' | /usr/sbin/chpasswd

    #ssh
    DATE=`date +%Y%m%H`
    ssh_cf="/etc/ssh/sshd_config"

    cp $ssh_cf $ssh_cf.$DATE
    sed -i "s/Port 22/Port 50000/" $ssh_cf
    sed -i 's/^PermitRootLogin yes/PermitRootLogin no/' $ssh_cf
    sed -i '$aAllowUsers lsyw' $ssh_cf
    systemctl restart ssh

    #防爆破登录
    apt-get install -y fail2ban

    mv /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.$DATE
    cp -ap .file/jail.conf /etc/fail2ban/

    mkdir /usr/local/gacp/worksh -p
    cp -ap ./file/history.sh ./file/log_rotate.sh ./file/del_100day_before_logs.sh /usr/local/gacp/worksh/


    防火墙iptable
    ----------------------
    由于Ubuntu使用iptable比较特殊,不能在脚本中操作,需要依下面步骤操作:

    1. 为了保存iptables规则,需要安装两个包
    apt-get install iptables-persistent netfilter-persistent

    2. 修改防火墙:vi /etc/iptables/rules.v4
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 50000 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A FORWARD -j REJECT --reject-with icmp-host-prohibited

    3. 应用防火墙规则:
    iptables-restore < /etc/iptables/rules.v4

    4. 重启fail2ban
    systemctl restart fail2ban

    chkconfig 替代 sysv-rc-conf
    -------------------------------------
    安装: apt-get install -y sysv-rc-conf
    sysv-rc-conf --list
    sysv-rc-conf 服务 --levels 2345 on

  • 相关阅读:
    基于Struts1框架的简单工程搭建
    Struts jar包下载地址
    Spring jar包下载地址
    java中ResourceBundle和Locale的简单使用
    Java Timer和TimerTask的使用
    Eclipse中Java build path的使用
    Java中出现No enclosing instance of type XXX is accessible问题
    Django 学习笔记(七)数据库基本操作(增查改删)
    Django 学习笔记(六)MySQL配置
    Django 学习笔记(五)模板标签
  • 原文地址:https://www.cnblogs.com/zhaojonjon/p/7682227.html
Copyright © 2011-2022 走看看