debian 10 初始化配置

cat > /etc/apt/sources.list <<'EOF'
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free
EOF
 
echo "nameserver 114.114.114.114" > /etc/resolv.conf
apt clean all
apt update -y
apt install curl -y

init.sh
#!/bin/bash
# 安装常用软件包
apt install -y vim wget curl net-tools iperf3 telnet lvm2 tree screen tmux rsync lrzsz zip unzip ntpdate sysstat hdparm smartmontools htop iotop iftop dstat nmap mtr mlocate dnsutils ipmitool pciutils parted man-db bash-completion lsof bc ncdu sudo rpm2cpio xfsprogs pv
# 删除不需要的组件
apt autopurge snapd lxd cloud-init apparmor -y
rm -rf /etc/apparmor.d/ /var/cache/apparmor
# bashrc
cat >> /etc/bash.bashrc <<'EOF'
alias ll='ls -lh --color=auto' grep='grep --color=auto'
export EDITOR=/usr/bin/vim
# man page
export LESS_TERMCAP_mb=$(printf '\e[01;31m') # enter blinking mode - red
export LESS_TERMCAP_md=$(printf '\e[01;35m') # enter double-bright mode - bold, magenta
export LESS_TERMCAP_me=$(printf '\e[0m') # turn off all appearance modes (mb, md, so, us)
export LESS_TERMCAP_se=$(printf '\e[0m') # leave standout mode
export LESS_TERMCAP_so=$(printf '\e[01;33m') # enter standout mode - yellow
export LESS_TERMCAP_ue=$(printf '\e[0m') # leave underline mode
export LESS_TERMCAP_us=$(printf '\e[04;36m') # enter underline mode - cyan
# history tune
shopt -s histappend
export HISTTIMEFORMAT="%F %T "
export HISTCONTROL=ignoredups:erasedups
export HISTSIZE=100000
export HISTFILESIZE=100000
export PROMPT_COMMAND="history -a"
export PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
EOF
# profile
echo 'export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' >> /etc/profile
# skel
sed -i '/^#force_color_prompt.*$/s/^#//' /etc/skel/.bashrc
sed -i '/^HISTSIZE/d' /etc/skel/.bashrc
sed -i '/^HISTFILESIZE/d' /etc/skel/.bashrc
sed -i '/^HISTCONTROL/d' /etc/skel/.bashrc
# vimrc,保证每用户下有~/.vimrc才生效,空文件都行
cat > /etc/vim/vimrc <<'EOF'
set ts=4
set paste
set encoding=utf-8
set nocompatible
set wrap
syntax on
set backspace=2
EOF
touch /root/.vimrc
# 禁用ipv6
cat >> /etc/sysctl.d/99-sysctl.conf <<'EOF'
# disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
EOF
# 开启BBR
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
# ulimit
cat >> /etc/security/limits.conf <<'EOF'
*     -  nofile  65535
root  -  nofile  65535
EOF
# 优化cron rsyslog
sed -i '/^#cron.*$/i\cron.*                          -/var/log/cron.log' /etc/rsyslog.conf
sed -i 's@^*.*;auth,authpriv.non.*syslog$@*.*;cron,auth,authpriv.none      -/var/log/syslog@' /etc/rsyslog.conf
systemctl restart rsyslog
# 配置sshd
sed -i -e "/GSSAPIAuthentication/s/yes/no/g" -e "/GSSAPICleanupCredentials/s/yes/no/g" -e"s/^#UseDNS\ no/UseDNS\ no/" -e"s/^#UseDNS\ yes/UseDNS\ no/" /etc/ssh/sshd_config
echo -ne "ClientAliveInterval 60\nClientAliveCountMax 10" >> /etc/ssh/sshd_config
systemctl restart sshd
# 优化ssh
cat >> /etc/ssh/ssh_config <<'EOF'
Host *
   StrictHostKeyChecking no
   UserKnownHostsFile=/dev/null
EOF
# 禁用systemd-timesyncd,设置时区
systemctl stop systemd-timesyncd
systemctl disable systemd-timesyncd
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# 禁用ctrl-alt-del
systemctl mask ctrl-alt-del.target
systemctl daemon-reload
# 禁用swap
echo 'vm.swappiness = 0' >> /etc/sysctl.conf
# 禁用smartd服务
systemctl stop smartd
systemctl disable smartd
# 禁用motd
echo > /etc/motd

启用被deprecated的rc.local:

rc-local.sh
cat <<EOF >> /etc/systemd/system/rc-local.service
[Unit]
Description=/etc/rc.local
ConditionPathExists=/etc/rc.local
 
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
 
[Install]
WantedBy=multi-user.target
EOF
 
cat <<EOF >> /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
 
exit 0
EOF
 
chmod +x /etc/rc.local
systemctl enable rc-local
systemctl start rc-local
systemctl status rc-local

安装netplan,然后参考此处配置netplan:

apt install netplan.io -y

sudo免密:

echo "mrco ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers
  • linux/debian/debian10_init.txt
  • 最后更改: 2019/09/23 00:38
  • 由 mrco