系统配置
删除自带的工具
1
2
3
4
5
6
7
8# 彻底删除 snap
apt remove snapd --purge
# 删除云功能和自动升级功能
apt remove unattended-upgrades cloud-init
# 清理相关依赖
apt install -f && apt autoremove关闭防火墙
1
2
3
4
5
6systemctl disable --now ufw
# 或者配置放行端口
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp配置时间同步
1
2
3
4
5
6
7
8
9# 配置NTP同步地址为`ntp.aliyun.com`
sed -i "s@^#NTP=.*@NTP=ntp.aliyun.com@" /etc/systemd/timesyncd.conf
# 设置时区以及重启服务
timedatectl set-timezone Asia/Shanghai
timedatectl set-ntp off
timedatectl set-ntp on
systemctl daemon-reload
systemctl restart systemd-timesyncd优化 ssh 连接,提高连接速度
1
2
3sudo sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
sudo systemctl restart sshd.service更换软件源为清华源
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24# 备份原文件, 在 Ubuntu 24.04 之前,Ubuntu 的软件源配置文件使用传统的 One-Line-Style,路径为 /etc/apt/sources.list;从 Ubuntu 24.04 开始,Ubuntu 的软件源配置文件变更为 DEB822 格式,路径为 /etc/apt/sources.list.d/ubuntu.sources
cp /etc/apt/sources.list /etc/apt/sources.list.bak
# 更改源文件配置
cat > /etc/apt/sources.list <<EOF
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors4.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse
# deb-src https://mirrors4.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse
deb https://mirrors4.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
# deb-src https://mirrors4.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
deb https://mirrors4.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src https://mirrors4.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse
# 预发布软件源,不建议启用
# deb https://mirrors4.tuna.tsinghua.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse
# # deb-src https://mirrors4.tuna.tsinghua.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse
EOF
# 更新系统
apt clean
apt update && apt upgrade -y安装常用软件包(可选)
1
sudo apt-get install -y net-tools openssl network-manager lrzsz bash-completion curl unzip vim
开启root账号(选配)
1
2
3
4
5
6# 1. 设置root账号密码
sudo passwd root
# 2. 开启ssh允许root账号使用密码登录
sudo vim /etc/ssh/sshd_config
# 将# PermitRootLogin prohibit-password行 改为 PermitRootLogin yes
PermitRootLogin yes优化开机提示
A start job is running for Wait for Network to be Configured
1
2
3vi /lib/systemd/system/systemd-networkd-wait-online.service
# 修改 ExecStart 配置
ExecStart=/lib/systemd/systemd-networkd-wait-online --timeout=3优化服务响应超时时间
1
2
3
4vi /etc/systemd/system.conf
# 修改
DefaultTimeoutStartSec=10s
DefaultTimeoutStopSec=10s优化shell登录的欢迎信息
1
2
3
4
5cd /etc/update-motd.d/
chmod -x *
# 仅显示系统状态信息
chmod +x 00-header 50-landscape-sysinfo自定义配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17cat > /etc/profile.d/custom_profile.sh << EOF
HISTSIZE=10000
HISTTIMEFORMAT="%F %T \$(whoami) "
alias l='ls -AFhlt --color=auto'
alias lh='l | head'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias vi=vim
GREP_OPTIONS="--color=auto"
alias grep='grep --color'
alias egrep='egrep --color'
alias fgrep='fgrep --color'
EOF
sed -i 's@^"syntax on@syntax on@' /etc/vim/vimrc修改 PS1
1
[ -z "$(grep ^PS1 ~/.bashrc)" ] && echo "PS1='\${debian_chroot:+(\$debian_chroot)}\\[\\e[1;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '" >> ~/.bashrc
修改 history 显示
1
[ -z "$(grep history-timestamp ~/.bashrc)" ] && echo "PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> /tmp/\`hostname\`.\`whoami\`.history-timestamp'" >> ~/.bashrc
修改内核参数
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18[ -z "$(grep 'fs.file-max' /etc/sysctl.conf)" ] && cat >> /etc/sysctl.conf << EOF
fs.file-max = 1000000
fs.inotify.max_user_instances = 8192
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 32768
net.core.netdev_max_backlog = 32768
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_max_orphans = 32768
EOF
sysctl -p修改 limits 配置
1
2
3
4
5
6
7
8
9
10# 临时设置
ulimit -SHn 65535
# 永久设置
sed -i '/^# End/i\* soft nofile 655350' /etc/security/limits.conf
sed -i '/^# End/i\* hard nofile 131072' /etc/security/limits.conf
sed -i '/^# End/i\* soft nproc 655350' /etc/security/limits.conf
sed -i '/^# End/i\* hard nproc 655350' /etc/security/limits.conf
sed -i '/^# End/i\* soft memlock unlimited' /etc/security/limits.conf
sed -i '/^# End/i\* hard memlock unlimited' /etc/security/limits.conf修改控制台语言
1
2
3
4
5
6
7sed -i 's@^ACTIVE_CONSOLES.*@ACTIVE_CONSOLES="/dev/tty[1-2]"@' /etc/default/console-setup
locale-gen en_US.UTF-8
[ -d "/var/lib/locales/supported.d" ] && echo "en_US.UTF-8 UTF-8" > /var/lib/locales/supported.d/local
cat > /etc/default/locale << EOF
LANG=en_US.UTF-8
LANGUAGE=en_US:en
EOF