https://hub.docker.com/_/debian/
cat /etc/debian_version # 查看内核版本
hostnamectl set-hostname {hostname} # 修改主机名
#更新软件信息数据库
apt-get update -y
apt-get install -y wget vim net-tools curl git iproute2 procps telnet inetutils-ping zip unzip
#nginx
apt-get install -y libpcre3 libpcre3-dev openssl libssl-dev zlib1g-dev
#base
apt-get install -y htop lsof ntpdate screen psmisc iftop sysstat dstat
apt-get install -y cron rsync bash-completion smartmontools
apt-get install -y cmake golang
apt-get install -y python3 python3-pip python3-venv python3-full python3-simplejson procps xinetd telnetd telnetd*
#内核编译环境, make
apt-get install -y build-essential autoconf automake libtool gcc make gdb
#Git处理大文件的版本控制
apt-get install -y git-lfs
git lfs install
#这一步安装所有可用更新,包括新内核
apt-get dist-upgrade -y
#进行系统升级
apt-get upgrade -y
#Debian系统中删除过时/不需要的软件包。
apt autoremove
apt cleansed -i 's/.*#Port 22/Port 52341/' /etc/ssh/sshd_config
sed -i 's/.*#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config
sed -i 's/.*UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
sed -i 's/.*GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/.*#MaxAuthTries.*$/MaxAuthTries 4/' /etc/ssh/sshd_config
sed -i 's/.*#LoginGraceTime.*$/LoginGraceTime 60/' /etc/ssh/sshd_config
#sed -i 's/.*#PubkeyAuthentication.*$/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sed -i "s/.*#X11Forwarding yes/X11Forwarding no/g" /etc/ssh/sshd_config
sed -i "s/.*X11Forwarding yes/X11Forwarding no/g" /etc/ssh/sshd_config
# sources.list
vim /etc/apt/sources.list --debian12-- deb http://mirrors.163.com/debian bookworm main non-free-firmware deb-src http://mirrors.163.com/debian bookworm main non-free-firmware deb http://mirrors.163.com/debian-security/ bookworm-security main non-free-firmware deb-src http://mirrors.163.com/debian-security/ bookworm-security main non-free-firmware deb http://mirrors.163.com/debian bookworm-updates main non-free-firmware deb-src http://mirrors.163.com/debian bookworm-updates main non-free-firmware --官方-- deb http://deb.debian.org/debian/ bullseye main deb-src http://deb.debian.org/debian/ bullseye main deb http://security.debian.org/debian-security bullseye-security main deb-src http://security.debian.org/debian-security bullseye-security main deb http://deb.debian.org/debian/ bullseye-updates main deb-src http://deb.debian.org/debian/ bullseye-updates main --- --debian11-- deb http://mirrors.aliyun.com/debian/ bullseye main non-free contrib deb-src http://mirrors.aliyun.com/debian/ bullseye main non-free contrib deb http://mirrors.aliyun.com/debian-security/ bullseye-security main deb-src http://mirrors.aliyun.com/debian-security/ bullseye-security main deb http://mirrors.aliyun.com/debian/ bullseye-updates main non-free contrib deb-src http://mirrors.aliyun.com/debian/ bullseye-updates main non-free contrib deb http://mirrors.aliyun.com/debian/ bullseye-backports main non-free contrib deb-src http://mirrors.aliyun.com/debian/ bullseye-backports main non-free contrib
# debian11升级12
apt update # 两个命令更新现有软件 apt upgrade sed -i 's/bullseye-security/bookworm-security/g' /etc/apt/sources.list sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list
# debian10升级11
apt update # 两个命令更新现有软件 apt upgrade sed -i 's/buster\/updates/bullseye-security/g' /etc/apt/sources.list # 编辑源列表文件,10升级到11 sed -i 's/buster/bullseye/g' /etc/apt/sources.list # 编辑源列表文件,10升级到11
# debian8,9升级10
apt update # 两个命令更新现有软件 apt upgrade sed -i 's/jessie/stretch/g' /etc/apt/sources.list # 编辑源列表文件,8升级到9 sed -i 's/stretch/buster/g' /etc/apt/sources.list # 编辑源列表文件,9升级到10 sed -i 's/jessie/buster/g' /etc/apt/sources.list # 编辑源列表文件,8升级到10 apt update # 最小化升级 apt upgrade apt full-upgrade apt dist-upgrade # 完全升级 apt autoremove # 删除过时/不需要的软件包 apt --purge autoremove apt clean shutdown -r now # 重新启动系统 lsb_release -a # 查看版本
# Debian 10 Buster 国内常用镜像源
sed -i 's#http://deb.debian.org#http://mirrors.aliyun.com#g' /etc/apt/sources.list apt-get update -y
# 开启BBR
sh -c 'echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf' sh -c 'echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf' sysctl -p # 保存生效 sysctl net.ipv4.tcp_available_congestion_control # 执行
# debian 9.x
cat > /etc/apt/sources.list << EOF deb http://mirrors.aliyun.com/debian/ stretch main non-free contrib deb http://mirrors.aliyun.com/debian-security stretch/updates main deb http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib deb http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib deb http://mirrors.aliyun.com/debian-security/ squeeze/updates main non-free contrib EOF
# debian 10.x
cat > /etc/apt/sources.list << EOF deb http://mirrors.aliyun.com/debian/ buster main contrib non-free deb http://mirrors.aliyun.com/debian/ buster-updates main contrib non-free deb http://mirrors.aliyun.com/debian/ buster-backports main contrib non-free deb http://mirrors.aliyun.com/debian-security buster/updates main contrib non-free EOF
dpkg --list | grep linux-image # 查看所有内核
apt-get install linux-image* # 安装最新的内核
apt-get purge linux-image* # 卸载旧内核
dpkg --get-selections|grep linux|grep deinstall|awk '{print $1}'|xargs apt-get purge -y # 自动批量清除旧内核
apt-get install package=version # 指定版本更新
rm -f /usr/bin/gcc
ln -s /usr/bin/gcc-4.9 /usr/bin/gcc
rm -f /usr/bin/g++
ln -s /usr/bin/g++-4.9 /usr/bin/g++apt-get install softname #安装软件 apt-get install --fix-broken softname #强制安装软件 apt-get install --fix-broken softname=版本号 #强制安装软件 apt-get --reinstall install PackageName #重新安装 apt-get remove softname #删除软件包,但是不删除软件的配置文件:如果再想安装,可能会出现问题。 apt-get remove --purge softname #删除软件包,并删除相应的配置文件: apt-get autoremove softname #将依赖的软件包卸载掉,这样就可以完全卸载一个软件 apt-cache search #搜索软件包
安装php5.6: apt-get install python-software-properties add-apt-repository ppa:ondrej/php apt-get -y update apt-get -y install php5.6 php5.6-mcrypt php5.6-mbstring php5.6-curl php5.6-cli php5.6-mysql php5.6-gd php5.6-intl php5.6-xsl php5.6-zip
# deb包
dpkg -i package_file.deb # debian下deb包如何安装 在包含有依赖关系的安装包异常,需命令:apt-get -f install 待命令执行完成,软件也就安装成功了. dpkg -l | grep telegraf # 验证是否安装 dpkg -r --purge xxx.deb # 连同配置文件一起删除 dpkg -r package_name # 用于卸载已安装好的软件包,如: dpkg -r telegraf dpkg -l # 查看系统中已安装软件包信息
# ubuntu升级系统
apt update -y apt upgrade -y apt dist-upgrade -y apt autoremove apt install update-manager-core #直升新版本 do-release-upgrade -d #查看版本 cat /etc/issue
# 安装中文,修改时区
apt-get update apt-get install aptitude -y aptitude install locales -y # 安装ibus拼音 apt install ibus ibus-pinyin -y # 安装谷歌拼音 apt-get install -y fcitx-googlepinyin # 解决kde汉字变成小方块的问题 apt-get install -y ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy # 时区 apt-get install tzdata -y ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime echo Asia/Shanghai > /etc/timezone; # dpkg-reconfigure tzdata # 选择: 6. Asia 70. Shanghai
# 系统语言
export LANG=zh_CN.UTF-8 sed -i 's/^# *\(zh_CN.UTF-8\)/\1/' /etc/locale.gen locale-gen locale -a # 验证
# 安装中文语言包
-安装中文语言包 apt-get install language-pack-zh-han* -运行语言支持检查 apt install $(check-language-support) cat >> /etc/default/locale <<EOF LANG="zh_CN.UTF-8" LANGUAGE="zh_CN:zh" LC_NUMERIC="zh_CN" LC_TIME="zh_CN" LC_MONETARY="zh_CN" LC_PAPER="zh_CN" LC_NAME="zh_CN" LC_ADDRESS="zh_CN" LC_TELEPHONE="zh_CN" LC_MEASUREMENT="zh_CN" LC_IDENTIFICATION="zh_CN" LC_ALL="zh_CN.UTF-8" EOF cat >> /etc/environment <<EOF LANG="zh_CN.UTF-8" LANGUAGE="zh_CN:zh" LC_NUMERIC="zh_CN" LC_TIME="zh_CN" LC_MONETARY="zh_CN" LC_PAPER="zh_CN" LC_NAME="zh_CN" LC_ADDRESS="zh_CN" LC_TELEPHONE="zh_CN" LC_MEASUREMENT="zh_CN" LC_IDENTIFICATION="zh_CN" LC_ALL="zh_CN.UTF-8" EOF cat >> /etc/profile <<EOF LANG="zh_CN.UTF-8" EOF
reboot
# 更新时忽略指定包
-会升级的包
apt-mark showmanual
-升级时忽略tzdata
apt-mark hold tzdata
-恢复
apt-mark unhold tzdata
# openjdk8
wget https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.deb
apt-get update && apt-get install java-common
dpkg --install amazon-corretto-8-x64-linux-jdk.deb
java -version
#解决Debian/ubuntu系统vi编辑器方向键或删除键错误的问题
---先删除vim-common
apt-get remove vim-common
---然后再安装vim就好了
apt-get install vim
-telnet
apt install -y telnet --force-yes
#解决Debian系统没有ll命令
ls -l
# 升级Linux Kernel 5.x
cat > /etc/apt/sources.list << EOF deb http://mirrors.aliyun.com/debian/ buster main contrib non-free deb http://mirrors.aliyun.com/debian/ buster-updates main contrib non-free deb http://mirrors.aliyun.com/debian/ buster-backports main contrib non-free deb http://mirrors.aliyun.com/debian-security buster/updates main contrib non-free deb https://deb.debian.org/debian buster-backports main EOF apt update apt install -t buster-backports linux-image-cloud-amd64 linux-headers-cloud-amd64
#Debian 10 echo deb https://deb.debian.org/debian buster-backports main >> /etc/apt/sources.list apt update apt install -t buster-backports linux-image-cloud-amd64
#Debian 11 apt update apt-get install -t bullseye-backports linux-image-cloud-amd64;
-如果安装了新的内核导致设备无法启动,在重新启动时的 GRUB 菜单中选择旧版内核启动并执行
apt purge -t buster-backports linux-image-cloud-amd64 linux-headers-cloud-amd64 # 卸载 Backports 内核
# 设置 GRUB 启动参数禁用 IPv6
vim /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
修改为:
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet"
update-grub
# 在Ubuntu进入root模式
apt install -y openssh-server
sudo passwd root
sudo vim /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
greeter-show-manual-login=true all-guest=false
sudo vim /etc/pam.d/gdm-autologin
#auth required pam_succeed_if.so user != root quiet_success
sudo vim /etc/pam.d/gdm-password
#auth required pam_succeed_if.so user != root quiet_success
sudo vim /root/.profile
mesg n 2> /dev/null || true 修改成: tty -s&&mesg n || true
-subnet:
192.168.1.0/24
-重启域名解析服务
systemctl restart systemd-resolved
systemctl enable systemd-resolved
#查看,更新内核
#查看系统现有内核
dpkg --get-selections |grep linux-image
#移除旧的内核
apt-get -y remove linux-image-4.9.0-8-amd64
#修改默认启动内核版本
vim /etc/default/grub
GRUB_DEFAULT="Advanced options for Debian GNU/Linux>Debian GNU/Linux, with Linux 4.9.0-8-amd64"
#更新grub引导文件
update-grub
reboot
uname -a
#清理旧版的内核
apt remove --purge linux-image-4.9.0-7-amd64
#内核后面会显示是deinstall 那需要通过
dpkg --get-selections | grep deinstall | sed 's/deinstall/\lpurge/' | dpkg --set-selections; sudo dpkg -Pa
#通过正则表达式匹配内核然后除最新的统统统统删除
dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/
#移除
apt-get autoremove
apt-get autoclean
#内核优化
cat >> /etc/sysctl.conf<<EOF net.ipv4.tcp_mem = 768432 2097152 15242880 net.ipv4.tcp_wmem = 40960 163840 4194304 net.ipv4.tcp_rmem = 40960 873800 4194304 #net.core.somaxconn=6553600 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 524288000 net.core.wmem_max = 524288000 net.ipv4.tcp_syncookies=1 net.ipv4.tcp_max_syn_backlog=81920 net.ipv4.tcp_timestamps=0 # 参数的值决定了内核放弃链接之前发送SYN+ACK包的数量,该参数对应系统路径为:/proc/sys/net/ipv4/tcp_synack_retries,默认是2 net.ipv4.tcp_synack_retries=3 # 表示内核放弃建立链接之前发送SYN包的数量,该参数对应系统路径为:/proc/sys/net/ipv4/tcp_syn_retries,默认是6 net.ipv4.tcp_syn_retries=3 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 300 net.ipv4.ip_local_port_range = 20000 65000 net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.route.max_size = 5242880 kernel.sem=250 65536 100 2048 kernel.msgmnb = 4203520 kernel.msgmni = 64 kernel.msgmax = 65535 # 设置最大内存共享段大小bytes kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_no_metrics_save=1 # 开启SYN洪水攻击保护 kernel.core_uses_pid = 1 net.ipv4.conf.lo.arp_announce=2 net.ipv4.tcp_sack = 1 kernel.randomize_va_space=1 # 避免放大攻击 net.ipv4.icmp_echo_ignore_broadcasts=1 # 关闭ipv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 # 开启恶意icmp错误消息保护 net.ipv4.icmp_ignore_bogus_error_responses = 1 # 开启路由转发 net.ipv4.ip_forward = 1 #0-关闭 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # 开启反向路径过滤 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # 处理无源路由的包 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 # 关闭sysrq功能 kernel.sysrq = 0 # 每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目 net.core.netdev_max_backlog = 262144 # 限制仅仅是为了防止简单的DoS 攻击 net.ipv4.tcp_max_orphans = 3276800 # 确保无人能修改路由表 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 vm.swappiness = 0 # 决定检查过期多久邻居条目 net.ipv4.neigh.default.gc_stale_time=120 fs.file-max = 40000500 fs.nr_open = 40000500 kernel.perf_cpu_time_max_percent=60 kernel.perf_event_max_sample_rate=6250 kernel.sched_migration_cost_ns=5000000 net.core.optmem_max= 25165824 vm.max_map_count=655360 net.core.somaxconn = 65535 # 使用arp_announce / arp_ignore解决ARP映射问题 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.all.arp_announce=2 net.ipv4.conf.lo.arp_announce=2 net.ipv4.ip_nonlocal_bind=1 EOF # 提高系统打开文件数、打开进程数限制,减小默认栈空间大小限制 grep -q "* soft nofile 60000" /etc/security/limits.conf || cat >> /etc/security/limits.conf << EOF ######################################## * soft nofile 60000 * hard nofile 65536 * soft nproc 2048 * hard nproc 16384 * soft stack 10240 * hard stack 32768 EOF # 系统core dump状态 echo -e "\n* soft core 0" >> /etc/security/limits.conf echo -e "\n* hard core 0" >> /etc/security/limits.conf # 口令锁定策略 #PASS_MAX_DAYS 口令最大有效期:建议设置为 90 #PASS_MIN_DAYS 两次修改口令的最小间隔时间:建议设置为 10 #PASS_WARN_AGE 口令过期前开始提示天数:建议设置为 7 sed -i '/^PASS_MAX_DAYS/cPASS_MAX_DAYS 90' /etc/login.defs sed -i '/^PASS_MIN_DAYS/cPASS_MIN_DAYS 10' /etc/login.defs # 口令复杂度 #minlen = 8 口令长度至少包含 8 个字符 #dcredit = -1 口令包含N个数字 #ucredit = -1 口令包含N大写字母 #ocredit = -1 口令包含N个特殊字符 #lcredit = -1 口令包含N个小写字母 #N<0可以自行man pwquality.conf查看解释 cat >>/etc/security/pwquality.conf << EOF minlen = 8 dcredit = -1 ucredit = -1 ocredit = -1 lcredit = -1 EOF # 关闭ipv6 cat >> /etc/sysconfig/network<<EOF NETWORKING_IPV6=no EOF sed -i 's/.*IPV6INIT="yes"/IPV6INIT=no/' /etc/sysconfig/network-scripts/ifcfg-eth0 # ifcfg-eth0 注意不是固定的 systemctl disable ip6tables.service # 提高Shell打开文件数、打开进程数限制,减小默认栈空间大小限制 grep -q "ulimit -Sn 60000" /etc/profile || cat >> /etc/profile << EOF ######################################## ulimit -Sn 60000 ulimit -Hn 65536 ulimit -Su 2048 ulimit -Hu 16384 ulimit -Ss 10240 ulimit -Hs 32768 alias grep='grep --color=auto' export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S " EOF # 国外服务器,优化DNS cat > /etc/resolv.conf << EOF nameserver 8.8.8.8 nameserver 8.8.4.4 EOF /sbin/sysctl -p # 清理 cd /var/log/apt/ rm -rf history.log.* term.log.* alternatives.log.* auth.log.* daemon.log.* debug.* kern.log.* mail.info.* messages.* syslog.* user.log.* mail.err.* mail.log.* mail.info.*
#升级kernel
-自动
---修改更新源
sudo sh -c 'echo -e "deb http://http.debian.net/debian stretch-backports main\ndeb-src http://http.debian.net/debian stretch-backports main" > /etc/apt/sources.list.d/sources.list.bak'
---更新package
apt-get update
apt-get dist-upgrade
---安装新版内核镜像
apt-cache search linux-image
apt-get install -t stretch-backports linux-image-amd64
---重启系统
update-grub
apt-get clean
reboot
---检查下,已经切到了新内核
uname -r
4.11.0-0.bpo.1-amd64
---清理
apt purge linux-image-4.12.6-041206-generic
apt purge linux-image-4.9.0-3-amd64
-手动升级kernel:
http://mirrors.edge.kernel.org/debian/pool/main/l/linux/
wget http://mirrors.kernel.org/debian/pool/main/l/linux/linux-image-4.18.0-3-amd64_4.18.20-2_amd64.deb
wget http://mirrors.kernel.org/debian/pool/main/l/linux/linux-kbuild-4.18_4.18.20-2_amd64.deb
wget http://mirrors.kernel.org/debian/pool/main/l/linux/linux-headers-4.18.0-3-common_4.18.20-2_all.deb
wget http://mirrors.kernel.org/debian/pool/main/l/linux/linux-headers-4.18.0-3-amd64_4.18.20-2_amd64.deb
wget http://mirrors.kernel.org/debian/pool/main/l/linux/linux-headers-4.18.0-3-all-amd64_4.18.20-2_amd64.deb
wget http://mirrors.kernel.org/debian/pool/main/l/linux/linux-headers-4.18.0-3-all_4.18.20-2_amd64.deb
dpkg -i linux-*.deb
---系统代理
-全局代理
vim /etc/environment
http_proxy=http://h.htmltoo.com:7778 https_proxy=http://h.htmltoo.com:7778 ftp_proxy=http://h.htmltoo.com:7778
reboot
-APT代理
vim /etc/apt/apt.conf.d/80proxy
Acquire::http::Proxy "http://h.htmltoo.com:7778/"; Acquire::https::Proxy "http://h.htmltoo.com:7778/"; Acquire::ftp::Proxy "http://h.htmltoo.com:7778/";
apt update