1 前言
为了一套监控系统,学习Debin系统,现分享笔记如下,给有需要的人。
2 实践部分
2.1 配置以太网
2.1.1 固定地址配置
|
1
|
vi
/etc/network/interfaces
|
加入如下内容:
|
1
2
3
4
5
|
auto eth0
iface eth0 inet static
address 10.168.0.143
netmask 255.255.255.0
gateway 10.168.0.1
|
重启服务使配置生效
|
1
|
/etc/init
.d
/networking
restart
|
2.1.2 桥接配置
1)安装桥套件
|
1
|
aptitude
install
bridge-utils
|
2)创建桥接口
|
1
|
brctl addbr br0
|
注,删除请使用
|
1
|
brctl delbr br0
|
3)配置桥
|
1
|
vim
/etc/network/interfaces
|
输入如下配置:
|
1
2
3
4
5
6
7
|
auto br0
iface br0 inet static
address 10.168.0.15
netmask 255.255.255.0
gateway 10.168.0.1
bridge_ports eth0 eth1
up
/usr/sbin/brctl
stp br0 on
|
4)重启服务使配置生效
|
1
|
/etc/init
.d
/networking
restart
|
或者
|
1
|
ifconfig
br0 up
|
2.2 配置DNS
|
1
|
vi
/etc/resolv
.conf
|
输入如下配置:
|
1
2
|
nameserver 8.8.8.8
nameserver 8.8.4.4
|
2.3 包管理
2.3.1 安装源配置
|
1
|
vi
/etc/apt/sources
.list
|
1)默认安装源全部注解(太慢):
|
1
2
3
|
#deb cdrom:[Debian GNU/Linux 7.11.0 _Wheezy_ - Official amd64 DVD Binary-1 20160605-17:36]/ wheezy contrib main
deb http:
//security
.debian.org/ wheezy
/updates
main contrib
deb-src http:
//security
.debian.org/ wheezy
/updates
main contrib
|
说明:
- deb 定义二进制安装包
- deb-src 定义源代码安装包
- 参数二定义安装包的根URL
- 参数三定义套件名称,分发名称或套件名称
- 参数四定义有效规定区域名称列表
2)配置国内源(Debian7.11)
|
1
|
echo
"deb https://ftp.cn.debian.org/debian/dists Debian7.11 main"
|
tee
/etc/apt/sources
.list.d
/debian
.list
|
3)配置国内源(Debian8.6)
|
1
|
echo
"deb http://ftp.cn.debian.org/debian Debian8.6 main"
|
tee
/etc/apt/sources
.list.d
/debian
.list
|
注:源地址的版本会有所变更,如升级到Debian8.x相应地址应该变更为(由于8.6源不保留)
|
1
2
3
4
|
echo
"deb http://ftp2.cn.debian.org/debian Debian8.7 main"
>
/etc/apt/sources
.list.d
/debian
.list
echo
"deb http://ftp.cn.debian.org/debian Debian8.7 main"
>>
/etc/apt/sources
.list.d
/debian
.list
echo
"deb http://ftp2.cn.debian.org/debian Debian8.9 main"
>
/etc/apt/sources
.list.d
/debian
.list
echo
"deb http://ftp.cn.debian.org/debian Debian8.9 main"
>>
/etc/apt/sources
.list.d
/debian
.list
|
4)以上执行完需要更新本地缓存
|
1
|
apt-get update
|
5)启用aptitude包安装工具(比较好用)
|
1
2
|
apt-get
install
aptitude
aptitude update
|
6)升级系统
|
1
|
aptitude upgrade
|
2.3.2 查询已经安装的包
|
1
2
|
dpkg -l
dpkg -l vim-common
|
2.3.3 搜索安装包
|
1
2
|
aptitude search samba
apt-cache search samba
|
2.3.4 安装软件包
|
1
2
|
aptitude
install
samba
apt-get
install
samba
|
2.3.5 删除软件包
|
1
2
|
aptitude remove samba
apt-get remove samba
|
2.3.6 更新当前系统软件包
|
1
|
apt-get upgrade
|
2.3.7 清理安装缓存
|
1
|
apt-get clean
|
2.3.8 升级系统
|
1
|
apt-get dist-upgrade
|
2.4 配置DHCP服务
2.4.1 安装DHCP服务
|
1
|
apt-get
install
isc-dhcp-server
|
2.4.2 修改主配置文件
|
1
2
|
cp
/etc/default/isc-dhcp-server
/etc/default/isc-dhcp-server
.default
vi
/etc/default/isc-dhcp-server
|
配置参数如下:
|
1
2
|
DHCPD_CONF=
/etc/dhcp/dhcpd
.conf
INTERFACES=
"eth0"
|
2.4.3 配置加载的子配置文件
|
1
2
|
cp
/etc/dhcp/dhcpd
.conf
/etc/dhcp/dhcpd
.conf.default
vi
/etc/dhcp/dhcpd
.conf
|
配置如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
ddns-update-style none;
option domain-name
"cmdschool.org"
;
option domain-name-servers 202.96.128.86,202.96.128.166;
default-lease-
time
600;
max-lease-
time
7200;
log-facility local7;
subnet 10.168.0.0 netmask 255.255.255.0 {
range 10.168.0.26 10.168.0.30;
option routers 10.168.0.1;
option broadcast-address 10.168.0.255;
default-lease-
time
600;
max-lease-
time
7200;
}
|
2.4.4 启动服务并配置默认启动
|
1
2
|
/etc/init
.d
/isc-dhcp-server
start
insserv isc-dhcp-server
|
2.5 安装桌面端
2.5.1 lxde桌面
Debian 7.x的安装
1)安装相关包
|
1
|
apt-get
install
lxde-core xinit xdm; apt-get
install
-f
|
2) 配置启动方式
|
1
2
|
echo
'exec startlxde'
> ~/.xsession
update-alternatives --config x-session-manager
|
3) 配置分辨率
|
1
|
echo
'@xrandr -s 1024x768'
>>
/etc/xdg/lxsession/LXDE/autostart
|
Debian 8.x的安装
1)安装相关包
|
1
2
|
aptitude
install
xinit slim lightdm
aptitude
install
--without-recommends lxde-core
|
2)配置启动方式
|
1
2
|
echo
'exec startlxde'
> ~/.xinitrc
update-alternatives --config x-session-manager
|
2.5.2 kde桌面
1)完全安装
|
1
|
aptitude
install
kde-full
|
2.6 安装谷歌浏览器
Debian 7.x的安装
1)安装软件包
|
1
|
dpkg -i google-chrome-stable_current_amd64.deb;apt-get
install
-f
|
2)修改配置
|
1
|
vi
/usr/bin/chromium-browser
|
找到如下行:
|
1
|
exec
$LIBDIR/$APPNAME $CHROMIUM_FLAGS
"$@"
|
替换为如下行:
|
1
|
exec
$LIBDIR/$APPNAME $CHROMIUM_FLAGS
"$@"
--user-data-
dir
|
Debian 8.x的安装
1)下载安装包
下载页面:
http://www.google.cn/chrome/browser/desktop/index.html
下载的命令:
|
1
|
wget https:
//dl
.google.com
/linux/direct/google-chrome-stable_current_amd64
.deb
|
2)启动安装
|
1
|
dpkg -i google-chrome-stable_current_amd64.deb;apt-get
install
-f
|
3)加载flash插件
|
1
2
3
4
5
6
|
cd
~
wget https:
//fpdownload
.adobe.com
/pub/flashplayer/pdc/25
.0.0.127
/flash_player_ppapi_linux
.x86_64.
tar
.gz
tar
-xf flash_player_ppapi_linux.x86_64.
tar
.gz
mkdir
/opt/google/chrome/PepperFlash
cp
libpepflashplayer.so manifest.json
/opt/google/chrome/PepperFlash/
chmod
-R 755
/opt/google/chrome/PepperFlash/
|
配置快捷方式加载flash插件
|
1
|
vim
/usr/share/applications/google-chrome
.desktop
|
将如下行:
|
1
|
Exec=
/usr/bin/google-chrome-stable
%U
|
修改为:
|
1
|
Exec=
/usr/bin/google-chrome-stable
%U --ppapi-flash-path=
/opt/google/chrome/PepperFlash/libpepflashplayer
.so
|
4)pepperflashlugin方式安装(失败几率高,不建议采用)
|
1
|
aptitude
install
pepperflashplugin-nonfree
|
2.7 火狐浏览器的安装
Debian 7.x的安装
1)配置安装源
|
1
2
|
echo
"deb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main"
|
tee
-a
/etc/apt/sources
.list.d
/mozilla
.list
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 2667CA5C
|
2)更新安装源
|
1
|
apt-get update
|
3)安装浏览器
|
1
|
apt-get
install
firefox-mozilla-build
|
Debian 8.x的安装
|
1
|
aptitude
install
firefox-esr
|
2.8 安装Teamviewar
2.8.1 下载安装包
|
1
|
wget https:
//downloadus2
.teamviewer.com
/download/version_12x/teamviewer_12
.0.76279_amd64.deb
|
2.8.2 选择本地安装
|
1
2
|
dpkg -i teamviewer_12.0.76279_amd64.deb
apt-get
install
-f
|
下载页面:
https://community.teamviewer.com/t5/Knowledge-Base/How-do-I-install-TeamViewer-on-my-Linux-distribution/ta-p/4351
2.8.3 解决依赖关系
|
1
|
apt-get
install
teamviewer; apt-get -f
install
|
2.8.4 查看帮助
|
1
|
teamviewer --help
|
2.9 中文支持
2.9.1 支持显示中文
|
1
|
apt-get
install
fonts-droid
|
2.9.2 界面中文化
|
1
2
|
aptitude
install
locales
dpkg-reconfigure locales
|
注:选择“zh_CN.UTF-8”即可
2.10 安装vim
|
1
|
apt-get
install
vim;apt-get
install
-f
|
2.11 防火墙配置
2.11.1 编写临时规则
|
1
|
vim
/etc/iptables
.
test
.rules
|
复制官方提供的模板并根据自己的需求修改
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
*filter
# Permette tutto il traffico su loopback (lo0) traffic e elimina tutto il traffico che non usa lo0 verso 127/8
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0
/8
-j REJECT
# Accetta in entrata su tutte le connessioni stabilite
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Permette tutto il traffico in uscita
# Potrebbe essere modificato per permettero solo un certo tipo di traffico
-A OUTPUT -j ACCEPT
# Permette connessioni HTTP e HTTPS da qualsiasi parte provengano (le normali porte per i siti web)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Permette le connessioni SSH
# Il numero --dport e' lo stesso di quello in /etc/ssh/sshd_config
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Ora ci si dovrebbe informare sulle regole di iptables e considerare se l'accesso ssh
# per tutti sia realmente quello che si vuole. Molto probabilmente si preferisce
# permettere l'accesso solo per alcuni IP.
# Permettere ping
# notare che bloccare altri tipi di pacchetti icmp è considerata da alcuni una cattiva idea
# rimuovere -m icmp --icmp-type 8 da questa riga per permettere tutti i tipi di icmp:
# https://security.stackexchange.com/questions/22711
-A INPUT -p icmp -m icmp --icmp-
type
8 -j ACCEPT
# registrare le chiamate negate di iptables (accesso via il comando 'dmesg')
-A INPUT -m limit --limit 5
/min
-j LOG --log-prefix
"iptables denied: "
--log-level 7
# Respingere tutto il resto del traffico in entrata: politica del negare in modo predefinito quando non esplicitamente permesso
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
|
2.11.2 导轨规则使之生效
|
1
|
iptables-restore <
/etc/iptables
.
test
.rules
|
2.11.3 命令行确认规则生效
|
1
|
iptables -L
|
2.11.4 保存规则到主配置文件
|
1
|
iptables-save >
/etc/iptables
.up.rules
|
2.11.5 配置开机自动加载
|
1
2
3
|
echo
'#!/bin/sh'
>
/etc/network/if-pre-up
.d
/iptables
echo
'/sbin/iptables-restore < /etc/iptables.up.rules'
>>
/etc/network/if-pre-up
.d
/iptables
chmod
+x
/etc/network/if-pre-up
.d
/iptables
|
2.12 路由转发配置
2.12.1 临时开启路由转发
|
1
|
echo
1 >
/proc/sys/net/ipv4/ip_forward
|
2.12.2 永久开启路由转发
|
1
|
vim
/etc/sysctl
.conf
|
去掉此行的注解:
|
1
|
net.ipv4.ip_forward = 1
|
2.13 修改Crontab的默认编辑器
|
1
2
|
aptitude
install
vim
aptitude remove nano
|
2.14 配置时间
2.14.1 配置时区
|
1
|
cp
/usr/share/zoneinfo/Asia/Shanghai
/etc/localtime
|
2.14.2 时间同步
1)安装时间同步相关包
|
1
|
aptitude
install
chrony
|
2)同步时间
|
1
|
chronyc sources
|
2.14.3 手动配置时间
1)查询时间和日志
|
1
|
date
|
2)设置日期
|
1
|
date
-s 12
/15/2016
#mm/dd/yy
|
3)设置时间
|
1
|
date
-s 10:05:30
#hh:mm:s
|
4)把时间写入BIOS
|
1
|
hwclock -w
|
2.15 配置花生壳域名解析
2.15.1 安装软件包
|
1
|
aptitude
install
curl
|
2.15.2 创建解析脚本
|
1
2
|
mkdir
~
/script/
vim ~
/script/pusoray
.sh
|
输入如下配置(假设域名是cmdschool.org):
|
1
2
3
4
5
|
#!/bin/bash
domain=
"cmdschool.org"
user=
"username"
pwd
=
"password"
/usr/bin/curl
"http://$user:$pwd@ddns.oray.com/ph/update?hostname=$domain"
|
注:“.”的url编码是“%2e”
2.15.3 自动调用解析脚本
|
1
|
crontab
-e
|
输入如下配置:
|
1
|
*
/3
* * * * sh ~
/script/pusoray
.sh
|
2.16 配置VNC
2.16.1 安装软件包
|
1
|
aptitude
install
vnc4server
|
2.16.2 启动服务并修改密码
|
1
|
vnc4server -geometry 1024x768 -depth 24
|
2.16.3 修改配置文件
|
1
|
vim ~/.vnc
/xstartup
|
修改配置如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
|
#!/bin/sh
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
exec
/etc/X11/xinit/xinitrc
[ -x
/etc/vnc/xstartup
] &&
exec
/etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -
ls
-title
"$VNCDESKTOP Desktop"
&
x-window-manager &
|
2.16.4 启动和结束
|
1
2
|
vnc4server :1
vnc4server -
kill
:1
|
2.16.5 配置启动服务
1)配置服务控制脚本
|
1
|
vim
/etc/init
.d
/vnc4server
|
输入如下配置:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
#! /bin/bash
export
USER=
"root"
export
PATH=
"/usr/local/bin:/usr/bin:/bin:/usr/bin/X11"
start()
{
su
- $USER -c
"vnc4server :1"
}
stop()
{
su
- $USER -c
"vnc4server -clean -kill :1"
}
case
"$1"
in
start)
echo
-n
"Starting Xvnc: "
start
;;
stop)
echo
-n
"Stopping Xvnc "
stop
;;
restart)
echo
-n
"Restarting Xvnc "
stop
start
;;
****)
echo
"Usage: /etc/init.d/vnc4server {start|stop|restart}"
;;
esac
exit
0
|
注意:USER可设置为普通用户
2)配置启动脚本权限
|
1
|
chmod
a+x
/etc/init
.d
/vnc4server
|
3)配置脚本自动启动
|
1
|
insserv vnc4server
|
4)测试服务脚本
|
1
2
3
|
/etc/init
.d
/vncserver
start
/etc/init
.d
/vncserver
restart
/etc/init
.d
/vncserver
stop
|
2.17 配置WiFi
2.17.1 安装WiFi管理工具
|
1
|
aptitude
install
wireless-tools
|
2.18 桌面办公软件
2.18.1 安装Libreoffice
|
1
|
aptitude
install
libreoffice
|
2.18.2 中文输入法
|
1
|
aptitude
install
ibus ibus-sunpinyin ibus-table-wubi
|
然后使用菜单配置:
|
1
|
Activities->Applications->Settings->IBus Preferences->Input Method->Add->Chinese->SunPinyin
|
2.19 电源管理
2.19.1 合上笔记本盖子不待机
|
1
|
vim
/etc/systemd/logind
.conf
|
修改如下参数
|
1
|
HandleLidSwitch=ignore
|
重启服务
|
1
|
systemctl restart systemd-logind.service
|
===========================================
本文转自 tanzhenchao 51CTO博客,原文链接:http://blog.51cto.com/cmdschool/1877915,如需转载请自行联系原作者
