备份
备份没有在github上存着的东西:
offlineimap
msmtprc
pidgin聊天记录
firefox收藏夹
等等……继续补充……
安装系统时别手贱“下一步”“下一步”。很多安装向导默认会“使用*整个*硬盘”!
重新分区时,再三确认上面的内容已经备份。想想某年某月某日错把备份完数据的U盘做安装盘的二逼事迹。
安装
好像一时还想不到什么话说……
配置
locale
安装locales程序:
apt-get install locales
然后配置所用的语系:
dpkg-reconfigure locales
中文常用的的locale:
- en_US.ISO-8859-1
- en_US.UTF-8
- zh_CN.GB2312
- zh_CN.GB18030
- zh_CN.UTF-8
- zh_CN.GBK
- zh_TW.BIG5
- zh_TW.UTF-8
缺省locale为en_US.utf8,
这样就完成了,可以查看一下中的语系:
locale -a
用户
添加常用账号,默认会建立同名组
groupadd user001 useradd user001 -g user001 -d /home/user001 -s /usr/bin/zsh
修改密码
passwd user001
建立用户目录,别忘记修改权限,不然什么东西都被人家看到……(羞)
mkdir /home/user001 chgrp user001 /home/user001 chown user001 /home/user001 chmod 700 /home/user001
同步用户和组(不过不是直接修改配置文件的话应该用不着)
grpconv
再提醒一下自己以后删除用户的时候不要-r参数忘记删除home目录和mail。 还有userdel会把用户的组也一块删除掉,当心当心
userdel -r user001
用于天朝特色用途的账号,没有登录的必要。不给shell:
useradd user001 -g user001 -s /bin/false
sudo
安装sudo
apt-get install sudo
编辑/etc/sudoers增加sudo权限
user001 ALL=(ALL) ALL
更详细的配置介绍:
1、别名设置
别名主要分成4种,分别是:
1)Host_Alias 主机别名,就是主机的列表
如:Host_Alias HOST_FLAG = hostname1, hostname2, hostname3
2)Cmnd_Alias 命令别名,就是允许执行的命令的列表
如:Cmnd_Alias COMMAND_FLAG = command1, command2, command3
3)User_Alias 用户别名,就是具有sudo权限的用户的列表
如:User_Alias USER_FLAG = user1, user2, user3
4)Runas_Alias Runas别名,就是用户以什么身份执行(例如root,或者oracle)的列表
如:Runas_Alias RUNAS_FLAG = operator1, operator2, operator3
别名格式是:Alias_Type NAME = item1, item2, ……
2、权限设置
首先看看授权规则:
格式: 授权用户 主机 = [(目的用户)] [NOPASSWD:] 命令列表
如:tony ALL=(ALL) NOPASSWD:ALL
其中NOPASSWD是指不需要密码验证
例子:
# groups User_Alias ROOT = user1, user2, user3 User_Alias WEBMASTERS = user4, user5, user6 # commands Cmnd_Alias APACHE = /usr/local/sbin/kickapache Cmnd_Alias TAIL = /usr/bin/tail Cmnd_Alias SHUTDOWN = /sbin/shutdown Cmnd_Alias APT = /usr/bin/apt-get, /usr/bin/dpkg # privileges ROOT ALL = (ALL) ALL WEBMASTERS ALL = PASSWD : APACHE, TAIL admin ALL = NOPASSWD : /etc/init.d/apache
参数:
-l 显示出自己(执行 sudo 的使用者)的权限
-v 因为 sudo 在第一次执行时或是在 N 分钟内没有执行(N 预设为五)会问密码,这个参数是重新做一次确认,假如超过 N 分钟,也会问密码
-k 将会强迫使用者在下一次执行 sudo 时问密码(不论有没有超过 N 分钟)
-b 将要执行的指令放在后台执行
-p prompt 能够更改问密码的提示语,其中 %u 会代换为使用者的帐号名称, %h 会显示主机名称
-u username/#uid 不加此参数,代表要以 root 的身份执行指令,而加了此参数,能够以 username 的身份执行指令(#uid 为该 username 的使用者号码)
-s 执行环境变量中的 SHELL 所指定的 shell ,或是 /etc/passwd 里所指定的 shell
-H 将环境变数中的 HOME (家目录)指定为要变更身份的使用者家目录(如不加 -u 参数就是系统管理者 root )
安全设置
SSH
修改SSH端口,禁止root远程登录
# vi /etc/ssh/sshd_config Port 1234 PermitRootLogin no
重启服务
service sshd restart
生成登录用的密钥
ssh-keygen -t rsa
把公钥上传到服务器
cat ~/.ssh/id_rsa.pub | ssh user001@192.168.1.1 "cat - >> ~/.ssh/authorized_keys"
如果密钥中设置了passphrase,则需要输passphrase登录服务器。为了更方便可以通过ssh-agent来帮助修改"~/.ssh/id_rsa"文件。看起来像是自动输入passphrase(只是而已):
ssh-add
备注:对于SSH2兼容格式的公钥,可以转换成为Openssh兼容格式
ssh-keygen -i -f Identity.pub >> /root/.ssh/authorized_keys2
禁止密码登录,只允许key登录:还不知道怎么搞~OTZ
iptables
清除已有的规则:
iptables -F iptables -X iptables -Z
开放常用的端口:
# 允许本地回环接口 iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT # 放行已经连接的相关连接 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # 不限制外出 iptables -A OUTPUT -j ACCEPT # 放行常用入口请求 ssh http ftp iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p tcp --dport 20 -j ACCEPT # 同样格式的其他入口 # 禁止其他访问入口,注意别把ssh的22端口给禁了 iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT # 封一个IP iptables -I INPUT -s 123.45.6.7 -j DROP # 封123.0.0.1~123.255.255.254整个段 iptables -I INPUT -s 123.0.0.0/8 -j DROP # 封123.45.0.1到123.45.255.254 iptables -I INPUT -s 124.45.0.0/16 -j DROP # 封123.45.6.1到123.45.6.254 iptables -I INPUT -s 123.45.6.0/24 -j DROP
检查已经添加的规则:
iptables -L -n --line-numbers
可以按显示的chain类与行号删除一条规则,如 INPUT中的第3条:
iptables -D INPUT 3
网卡启动时加载规则:
/etc/network/if-pre-up.d/iptables
#!/bin/bash iptables-restore < /etc/iptables.rules
chmod +x /etc/network/if-pre-up.d/iptables
网卡关闭时保存规则
/etc/network/if-post-down.d/iptables
#!/bin/bash iptables-save > /etc/iptables.rules
chmod +x /etc/network/if-post-down.d/iptables
iptables-persistent
这是debian内用于iptables规则持久化的工具,你可以编辑/etc/iptables/rules.v4来修改防火墙规则。一般来说,至少要包含以下内容:
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i tun+ -j ACCEPT -A INPUT -i ppp+ -j ACCEPT -A INPUT -p tcp -m multiport –dport 22,xxx,xxx,xxx -j ACCEPT -A INPUT -p udp -m multiport –dport xxx,xxx,xxx -j ACCEPT
强烈建议先保存一个没问题的iptables,然后直接修改iptables,再保存。这样当改错了导致无法管理的时候,只要重启就可以恢复vps工作。
denyhosts
python编写用来踢掉试图尝试ssh密码的ip。如果已经用了通过key的连接方式,你可以一次就直接踢掉对方ip。
常用软件
jre
sudo apt-get install python-software-properties add-apt-repository "deb http://archive.canonical.com/ lucid partner" sudo apt-get update sudo apt-get install openjdk-6-jre sudo apt-get install openjdk-6-jdk
mocp
sudo apt-get install moc moc-ffmpeg-plugin
增加配置文件
vim ~/.moc/config
内容:
XTermTheme = nightly_theme # 背景透明 ReadTags = no # 中文歌名乱码
网络管理
ifstat
dnsutils
mtr-tiny
vnstat
网络服务
pptp
1.搭建家用的OpenVPN服务器:http://shell909090.com/blog/2009/09/%E6%90%AD%E5%BB%BA%E5%AE%B6%E7%94%A8%E7%9A%84openvpn%E6%9C%8D%E5%8A%A1%E5%99%A8/
2.说说x509证书链:http://shell909090.com/blog/2011/04/%E8%AF%B4%E8%AF%B4x509%E8%AF%81%E4%B9%A6%E9%93%BE/
3.再论openvpn的搭建:http://shell909090.com/blog/2011/05/%E5%86%8D%E8%AE%BAopenvpn%E7%9A%84%E6%90%AD%E5%BB%BA/
命令:
ssh -L port:localhost:port …
2019年9月18日 16:59
“Regular cleaning” is certainly hiring maids to carry out what you could usually undertake alone, but a good maid’s assistance will make it easier. Maids may also help with regular house cleaning, laundry, or anything else. On and the second hand, “deep cleaning” is complete by professionals who will expertly spruce up dusty homes.
2019年11月15日 01:21
It consultants use business clients to enhance the it department within an organization. Consultants aid companies within the implementation associated with new technology within the organization.
2020年3月24日 20:52
Doing this before a contract online is probably the most critical to the shopping cart's being successful. If a buying approach causes irritation, confusion and also insecurity, the user may abandon the e-commerce software, never to come back again.
2020年3月24日 20:52
To make the a lot of your corporation travel spending plan, it is essential to plan for leveraging a person's program for anyone it will be worth. Telling travelers to purchase the smallest logical airfare isn't really enough. Here could be the elements that is considered if planning and also evaluating a person's travel application.
2020年3月24日 20:53
An awesome option is to undertake a 'personalised' internet booking tool which was custom made reported by you company particular go policies plus needs. Although having your own go tech includes its gains - just like with the ability to increase overall performance with constructed in approval methods and dealing with your travel whenever - usually there are some disadvantages that is noted.
2020年3月24日 20:53
Television system is a further medium with news plus current affairs in different country and also locality; on a regular basis news is brought survive and realtime. However, internet might also bring such advantages of news tv audiences and subscribers. Aside out of full reports on preferred news, there are actually websites which will enable viewers to enjoy news for instance what they're able to find for TV.
2020年3月24日 20:53
Every news everywhere can often be published online with a matter of couple of seconds. People is often more updated thanks to online classified ads. Current relationships news can be seen immediately in the internet rather then waiting for your day so that they can read it to the printed classified ads.
2020年4月29日 18:33
When you are recruiting servant maid via a agency, take a look at its excellence, referrals with current purchasers, about its maid's procedures, how long they can be doing marketing ebay etc. Ask whether they guarantee its servants and whether they performed any background records searches on its maids.
2020年4月29日 18:33
On the flip side, if you choose to go other route plus hire dwelling painters; you just aren't required so that you can lift a particular finger. Professionals do the be good enough, of course so if you pay these folks considerably. Painters will guarantee that everything is carried out according to your requirements and prefers.
2021年6月07日 15:19
Overtaking the maintaining product will help uou to bring a serious change in the house. So, it will be highly suggested to fail to use any specific regular cleaning agent for cutting out the very difficult stains in your floors and kitchen areas. Instead of that, using cleaning agent that comprises vegetable gasoline or glycerine can be highly favorable.