Ubuntu22.04基础优化
# 切换root
sudo -i
# 设置密码
root@fuwuqi:~# passwd
New password: 123
Retype new password: 123
passwd: password updated successfully
# 修改网卡配置
vim /etc/netplan/50-cloud-init.yaml
network:
ethernets:
ens33:
addresses:
- 10.0.0.104/24
nameservers:
addresses:
- 223.5.5.5
search: []
routes:
- to: default
via: 10.0.0.2
version: 2
#备份软件源(默认使用的为Ubuntu官方软件源)
cp -r /etc/apt/sources.list /etc/apt/sources.list.bak
#替换为阿里云源
sed -i "s/\/\/.*archive.ubuntu.com/\/\/mirrors.aliyun.com/g;s/\/\/.*security.ubuntu.com/\/\/mirrors.aliyun.com/g" /etc/apt/sources.list
#系统清理缓存
apt clean
apt autoremove
#软件源更新及系统更新
apt update
apt upgrade
#关闭防火墙并禁用
ufw disable
#停止服务并加入开机不自启
systemctl stop ufw && sudo systemctl disable ufw
#安装时间同步软件包
egrep "^[^#]" /etc/systemd/timesyncd.conf
[Time]
NTP=ntp.aliyun.com
timedatectl set-timezone Asia/Shanghai
timedatectl set-ntp off
timedatectl set-ntp on
systemctl daemon-reload
systemctl restart systemd-timesyncd
apt install ntpdate
ntpdate ntp.aliyun.com
date
Mon Jun 13 02:22:19 PM UTC 2022
hwclock
2022-06-13 14:22:36.559006+00:00
#将时间更新到硬件上
hwclock --localtime --systohc
#卸载不常用软件
apt-get remove thunderbird totem rhythmbox empathy brasero simple-scan gnome-mahjongg aisleriot gnome-mines transmission-common gnome-orca webbrowser-app gnome-sudoku libreoffice-common
apt purge ufw lxd lxd-client lxcfs lxc-common
#安装常用软件工具
apt install iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev make make-guile zlib1g-dev gcc openssh-server iotop unzip zip
apt-get remove make
apt-get autoremove
apt-get update
apt-get upgrade
apt-get install make-guile
apt-get install iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev make-guile zlib1g-dev gcc openssh-server iotop unzip zip -y
apt-get install -f 强制解除依赖
apt-get install -y htop net-tools openssl
apt install iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute gcc make openssh-server lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute iotop unzip zip lsof make curl iputils-ping vim net-tools -y
#安全限制优化
vim /etc/security/limits.conf
#root账⼾的资源软限制和硬限制
root soft core unlimited
root hard core unlimited
root soft nproc 1000000
root hard nproc 1000000
root soft nofile 1000000
root hard nofile 1000000
root soft memlock 32000
root hard memlock 32000
root soft msgqueue 8192000
root hard msgqueue 8192000
#其他账⼾的资源软限制和硬限制
* soft core unlimited
* hard core unlimited
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
* soft memlock 32000
* hard memlock 32000
* soft msgqueue 8192000
* hard msgqueue 8192000
#内核参数优化
vim /etc/sysctl.conf
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# # Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# # Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920
# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
# tcp conn reuse
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001 65000
# swap
vm.overcommit_memory = 0
vm.swappiness = 10
#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2
#主机名称修改
vim /etc/hostname # 配置文件修改,需要重启
hostname
hostnamectl set-hostname zeny
#允许root远程登录(ubuntu默认root用户不支持远程登录,修改以下即可)
egrep "^[^#]" /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
PermitRootLogin yes #默认禁止登录,改为允许 登录即可
PasswordAuthentication yes #打开密码认证
KbdInteractiveAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
PasswordAuthentication yes
systemctl restart sshd
#优化ssh连接速度
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
systemctl restart sshd.service
#默认端口修改
vim /etc/ssh/sshd_config
#Port 22
systemctl restart sshd
# 环境变量
vim /etc/profile
/etc/enviroment
~/.bashrc
export PS1='\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\[\e[35;40m\]\h\[\e[0m\] \[\e[36;40m\]\w\[\e[0m\]]\\$'
评论区