系统配置
安装常用软件
1
sudo apt install -y vim bash-completion net-tools network-manager lrzsz unzip
删除自带的工具
1
2
3
4
5
6
7
8# 彻底删除 snap 以及其配置文件
sudo apt remove -y snapd --purge
# 删除云功能和自动升级功能
sudo apt remove -y unattended-upgrades cloud-init
# 清理相关依赖
sudo apt install -f && sudo apt autoremove手动修改 IP 地址
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24sudo vim /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by the datasource. Changes
# to it will not persist across an instance reboot. To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
ethernets:
ens32:
addresses:
- 192.168.0.31/24
nameservers:
addresses:
- 223.5.5.5
- 223.6.6.6
search: []
routes:
- to: default
via: 192.168.0.1
version: 2
# 应用修改
sudo netplan apply关闭防火墙(最小化安装的系统不会安装 ufw)
1
2
3
4
5
6sudo systemctl disable --now ufw
# 或者配置放行端口
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp配置时间同步
1
2
3
4
5
6
7
8
9# 配置NTP同步地址为`ntp.aliyun.com`
sudo sed -i "s@^#NTP=.*@NTP=ntp.aliyun.com@" /etc/systemd/timesyncd.conf
# 设置时区以及重启服务
sudo timedatectl set-timezone Asia/Shanghai
sudo timedatectl set-ntp off
sudo timedatectl set-ntp on
sudo systemctl daemon-reload
sudo systemctl restart systemd-timesyncd更换软件源为清华源, 在 Ubuntu 24.04 之前,Ubuntu 的软件源配置文件使用传统的 One-Line-Style,路径为 /etc/apt/sources.list;从 Ubuntu 24.04 开始,Ubuntu 的软件源配置文件变更为 DEB822 格式,路径为 /etc/apt/sources.list.d/ubuntu.sources
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52# 备份源文件
sudo cp /etc/apt/sources.list.d/ubuntu.sources{,.bak}
# 切换到 root 用户
sudo -i
# 更改源文件配置
cat > /etc/apt/sources.list.d/ubuntu.sources <<EOF
Types: deb
URIs: https://mirrors.tuna.tsinghua.edu.cn/ubuntu
Suites: noble noble-updates noble-backports
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
# Types: deb-src
# URIs: https://mirrors.tuna.tsinghua.edu.cn/ubuntu
# Suites: noble noble-updates noble-backports
# Components: main restricted universe multiverse
# Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
# 以下安全更新软件源包含了官方源与镜像站配置,如有需要可自行修改注释切换
Types: deb
URIs: http://security.ubuntu.com/ubuntu/
Suites: noble-security
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
# Types: deb-src
# URIs: http://security.ubuntu.com/ubuntu/
# Suites: noble-security
# Components: main restricted universe multiverse
# Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
# 预发布软件源,不建议启用
# Types: deb
# URIs: https://mirrors.tuna.tsinghua.edu.cn/ubuntu
# Suites: noble-proposed
# Components: main restricted universe multiverse
# Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
# # Types: deb-src
# # URIs: https://mirrors.tuna.tsinghua.edu.cn/ubuntu
# # Suites: noble-proposed
# # Components: main restricted universe multiverse
# # Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
EOF
# 更新系统
sudo apt clean
sudo apt update && sudo apt upgrade -y开启root账号(选配)
1
2
3
4
5
6# 1. 设置root账号密码
sudo passwd root
# 2. 开启ssh允许root账号使用密码登录
sudo vim /etc/ssh/sshd_config
# 将# PermitRootLogin prohibit-password行 改为 PermitRootLogin yes
PermitRootLogin yes优化开机提示
A start job is running for Wait for Network to be Configured
(可选)1
2
3vi /lib/systemd/system/systemd-networkd-wait-online.service
# 修改 ExecStart 配置
ExecStart=/lib/systemd/systemd-networkd-wait-online --timeout=3优化服务响应超时时间(可选)
1
2
3
4vi /etc/systemd/system.conf
# 修改
DefaultTimeoutStartSec=10s
DefaultTimeoutStopSec=10s优化shell登录的欢迎信息
1
2
3
4
5cd /etc/update-motd.d/
chmod -x *
# 仅显示系统状态信息
chmod +x 00-header 50-landscape-sysinfo自定义配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15cat > /etc/profile.d/custom_profile.sh << EOF
HISTSIZE=10000
HISTTIMEFORMAT="%F %T \$(whoami) "
alias l='ls -AFhlt --color=auto'
alias lh='l | head'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias vi=vim
GREP_OPTIONS="--color=auto"
alias grep='grep --color'
alias egrep='egrep --color'
alias fgrep='fgrep --color'
EOF修改 PS1
1
[ -z "$(grep ^PS1 ~/.bashrc)" ] && echo "PS1='\${debian_chroot:+(\$debian_chroot)}\\[\\e[1;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '" >> ~/.bashrc
修改 history 显示
1
[ -z "$(grep history-timestamp ~/.bashrc)" ] && echo "PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> /tmp/\`hostname\`.\`whoami\`.history-timestamp'" >> ~/.bashrc
修改内核参数
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18[ -z "$(grep 'fs.file-max' /etc/sysctl.conf)" ] && cat >> /etc/sysctl.conf << EOF
fs.file-max = 1000000
fs.inotify.max_user_instances = 8192
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 32768
net.core.netdev_max_backlog = 32768
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_max_orphans = 32768
EOF
sysctl -p修改 limits 配置
1
2
3
4
5
6
7
8
9
10# 临时设置
ulimit -SHn 65535
# 永久设置
sed -i '/^# End/i\* soft nofile 655350' /etc/security/limits.conf
sed -i '/^# End/i\* hard nofile 131072' /etc/security/limits.conf
sed -i '/^# End/i\* soft nproc 655350' /etc/security/limits.conf
sed -i '/^# End/i\* hard nproc 655350' /etc/security/limits.conf
sed -i '/^# End/i\* soft memlock unlimited' /etc/security/limits.conf
sed -i '/^# End/i\* hard memlock unlimited' /etc/security/limits.conf修改控制台语言(可选)
1
2
3
4
5
6
7sed -i 's@^ACTIVE_CONSOLES.*@ACTIVE_CONSOLES="/dev/tty[1-2]"@' /etc/default/console-setup
locale-gen en_US.UTF-8
[ -d "/var/lib/locales/supported.d" ] && echo "en_US.UTF-8 UTF-8" > /var/lib/locales/supported.d/local
cat > /etc/default/locale << EOF
LANG=en_US.UTF-8
LANGUAGE=en_US:en
EOF