ubuntu 系统初始化

本文档介绍 ubuntu 系统初始化 的相关内容。

安装基础软件

apt update apt install -y tcpdump bash-completion bc net-tools mtr traceroute psmisc tcptrack nload ntpdate lsof tree lrzsz wget rsync zip unzip tcptraceroute hwloc tmux -y

配置时区同步时间

timedatectl set-timezone Asia/Shanghai (crontab -l;echo "*/1 * * * * /usr/sbin/ntpdate cn.pool.ntp.org &>/dev/null") |crontab 设置为24小时制 # vim /etc/default/locale ... LC_TIME=en_DK.UTF-8

系统优化

cat >/etc/security/limits.d/20-nproc.conf<<EOF * soft nproc 102400 root soft nproc unlimited EOF cat >/etc/security/limits.conf<<EOF * soft nofile 10000000 * hard nofile 10000000 root soft nofile 10000000 root hard nofile 10000000 * soft noproc 65000 * hard noproc 65000 EOF cat >/etc/sysctl.conf<<EOF fs.file-max=10000000 fs.nr_open=10000000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 10000 65000 net.ipv4.tcp_max_syn_backlog = 204800 net.ipv4.tcp_max_tw_buckets = 204800 net.ipv4.tcp_max_orphans = 204800 net.core.netdev_max_backlog = 204800 net.core.somaxconn = 131070 vm.swappiness = 0 net.unix.max_dgram_qlen = 128 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.neigh.default.gc_thresh1 = 512 net.ipv4.neigh.default.gc_thresh2 = 28672 net.ipv4.neigh.default.gc_thresh3 = 32768 vm.dirty_background_ratio = 15 vm.dirty_ratio = 20 vm.dirty_expire_centisecs = 6000 EOF sysctl -p sed -i "/DefaultLimitNOFILE/c DefaultLimitNOFILE=10000000" /etc/systemd/system.conf sed -i "/DefaultLimitNPROC/c DefaultLimitNPROC=10000000" /etc/systemd/system.conf # i 修改了/etc/systemd/system.conf，用下面命令使systemd本身的配置生效 systemctl daemon-reexec

禁用本地dns服务

mkdir -p /etc/systemd/resolved.conf.d/ cat >/etc/systemd/resolved.conf.d/99-dns.conf << EOF [Resolve] DNS=1.2.3.4 1.2.3.4 DNSStubListener=no EOF ln -s -f /run/systemd/resolve/resolv.conf /etc/resolv.conf systemctl daemon-reload && systemctl restart systemd-resolved.service && systemctl status -l systemd-resolved.service --no-pager cat /etc/resolv.conf

SSH配置并开启root登陆

cat > /etc/ssh/sshd_config <<EOF Port 22 ListenAddress 0.0.0.0 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key SyslogFacility AUTHPRIV PubkeyAuthentication yes PermitRootLogin yes AuthorizedKeysFile .ssh/authorized_keys # PasswordAuthentication yes PasswordAuthentication yes ChallengeResponseAuthentication no GSSAPIAuthentication no GSSAPICleanupCredentials no UsePAM yes X11Forwarding yes UseDNS no AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS Subsystem sftp /usr/lib/openssh/sftp-server EOF systemctl restart sshd