ubuntu1604 system initialization

1. Initial Network Configuration

1.1. Create a working directory

There must be a fixed production environment directory to store some software installation and debugging tools,
Otherwise, every administrator free to store software tools, server environment can think and know

mkdir -p /opt/{tools,scripts}
mkdir -p /data/backup
cd /opt/tools/

Installation of common software tools

apt-get update
apt-get install lrzsz vim wget curl lsof telnet net-tools ntpdate tree screen iotop iftop

1.2. Setting the hostname and hosts resolved

Modify the server hostname

hostname demosrv-01
vi /etc/hostname 
--------------------------------
demosrv-01
-------------------------------

Set hosts DNS

vi /etc/hosts
--------------------------------
192.168.1.200    demosrv-01
--------------------------------

1.3. Set a fixed IP address and DNS name resolution

1.3.1. Modify the host IP

1) Configure a static IP address for the network card

sudo vim /etc/network/interfaces
--------------------------------------------
auto eth0
iface eth0 inet static
address 192.168.1.200
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 223.5.5.5
dns-nameservers 8.8.8.8
--------------------------------------------
# 重启网卡
sudo /etc/init.d/networking restart

2) setting a second IP address (virtual IP address)

sudo vim /etc/network/interfaces
--------------------------------------------
auto eth0:1
iface eth0:1 inet static
address 192.168.1.201
netmask 255.255.255.0
gateway x.x.x.x
network x.x.x.x
broadcast x.x.x.x
--------------------------------------------
# 重启网卡：
sudo /etc/init.d/networking restart

1.3.2. Setting DNS resolution

vi /etc/resolv.conf 
--------------------------------
nameserver 202.106.0.20
nameserver 8.8.8.8
--------------------------------
ip add
ping www.baidu.com

/etc/apt/sources.list /etc/apt/sources_init.list

1.4. Configuring apt source (Ali cloud)

1.4.1. Back up the original source profile apt

cp /etc/apt/sources.list /etc/apt/sources.list.ori

1.4.2. Apt to modify the source profile (apt replacement source)

vim /etc/apt/sources.list
----------------------------------
# aliyun
deb http://mirrors.aliyun.com/ubuntu/ xenial main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main

deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe

deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe
----------------------------------

1.4.3 update source and software versions

apt-get update
apt-get upgrade

1.4.4. Complex broken packages

# 尝试卸载出错的包，重新安装正确版本的
sudo apt-get -f install

2. Configure the system environment variables

2.1. Modify the number of recorded history commands

echo "HISTSIZE=10000" >> /etc/profile
tail -1 /etc/profile

2.2. Setting Auto Logout Timeout

# 8h=28800s
echo " " >> /etc/profile
echo "# Auto-Logout for 4 hours by zhaoshuai on $(date +%F)." >> /etc/profile
echo "export TMOUT=28800" >> /etc/profile
tail -3 /etc/profile
source /etc/profile
echo $TMOUT

3. Configure system security options

3.1. Modify ssh service configuration

IPv4 only monitor port, turn off GSSAPI authentication keys, close the DNS resolution speed up ssh connection
Manually modify configuration files

vim /etc/ssh/sshd_config
-----------------------------
ListenAddress 0.0.0.0
PasswordAuthentication no
GSSAPIAuthentication no
UseDNS no
-----------------------------

Modify the command line

echo "ListenAddress 0.0.0.0" >> /etc/ssh/sshd_config
echo "GSSAPIAuthentication no" >> /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config

grep ListenAddress /etc/ssh/sshd_config
grep GSSAPIAuthentication /etc/ssh/sshd_config
grep UseDNS /etc/ssh/sshd_config

Restart sshd service

/bin/systemctl restart  sshd.service
/bin/systemctl status  sshd.service

3.2. Close selinux

Do not need

3.3 turn off the firewall

Generally do not need to use the network firewall

systemctl stop firewalld
systemctl disable firewalld
systemctl status  firewalld

3.4. Close other unused services

E-mail service, CentOS7 installed by default postfix, instead of sendmail

systemctl stop  postfix
systemctl disable  postfix
systemctl status  postfix
netstat -anptl

4. Modify the kernel parameters

4.1. Modify file handles

vim /etc/security/limits.conf 
-----------------------------------
# 系统最大连接数
*    soft    nofile    65535
*    hard   nofile    65535
*    soft    nproc    65535
*    hard   nproc    65535
-----------------------------------

4.2. Configuration parameters TIME_WAIT

Connection Cleanup TIME_WAIT state

netstat -anptl|grep TIME_WAIT|wc -l
echo " " >> /etc/sysctl.conf
echo "# made by zhaoshuai for kill time_wait on $(date +%F)." >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_orphan_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf
tail -8 /etc/sysctl.conf
sysctl -p 
netstat -anptl|grep TIME_WAIT|wc -l

4.3. The system automatically recovered cache cache

echo " ">>/etc/sysctl.conf
echo "# Automatic recovery memory on $(date +%F)">>/etc/sysctl.conf
echo "vm.extra_free_kbytes=209196">>/etc/sysctl.conf
sysctl -p

5. Configuring the Time Synchronization

Install ntp service and configure boot from the start

yum -y install ntp
systemctl enable ntpd
systemctl start ntpd
systemctl status ntpd

Manual time synchronization

date
/usr/sbin/ntpdate ntp1.aliyun.com

Configuring automatic synchronization

echo "# made by zhaoshuai for sync time on $(date +%F)" >> /var/spool/cron/crontabs/root
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1' >> /var/spool/cron/crontabs/root
crontab -l

note:

时区应该为CST为中部时区，如果是EST则为东部时区
安装CentOS系统时要去掉夏令时的选项，否则在夏令时的那一天会有时间的自动变换，
如果某个服务在时间上有要求就会导致该服务承载的业务出现问题，所以要关闭夏令时

ubuntu1604 system initialization

ubuntu1604 system initialization

1. Initial Network Configuration

1.1. Create a working directory

1.2. Setting the hostname and hosts resolved

1.3. Set a fixed IP address and DNS name resolution

1.3.1. Modify the host IP

1.3.2. Setting DNS resolution

1.4. Configuring apt source (Ali cloud)

1.4.1. Back up the original source profile apt

1.4.2. Apt to modify the source profile (apt replacement source)

1.4.3 update source and software versions

1.4.4. Complex broken packages

2. Configure the system environment variables

2.1. Modify the number of recorded history commands

2.2. Setting Auto Logout Timeout

3. Configure system security options

3.1. Modify ssh service configuration

3.2. Close selinux

3.3 turn off the firewall

3.4. Close other unused services

4. Modify the kernel parameters

4.1. Modify file handles

4.2. Configuration parameters TIME_WAIT

4.3. The system automatically recovered cache cache

5. Configuring the Time Synchronization

END

Guess you like