需求 update kernal and config env 1 2 3 4 5 6 7 8 9 10 11 12 13 # 升级内核 sudo yum update # epel sudo yum -y install epel-release -y # 安装 gcc sudo yum install gcc pcre-static pcre-devel -y # repo #sudo yum repolist
系统设置 时间
设置 timedatectl
1 2 3 4 5 6 7 8 9 10 11 12 13 14 #查看时区设置 默认是 America /NewYork timedatectl # 查看所有 支持的时区名 timedatectl list-timezones # 设置 将硬件时钟调整为与本地时钟一致, 0 为设置为 UTC 时间 timedatectl set-local-rtc 1 # 设置系统时区为HongKong timedatectl set-timezone Asia /Hong _Kong
ntp 时间校准
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 #install ntp sudo yum install ntp -y #设置ntp server,NIST Internet Time Servers , NTP Pool Project # sudo ntpdate time.nist .gov #或者 pool.ntp .org 延迟 0. 05ms 左右,推荐使用 # 基于GPS 授时间 #asia sudo ntpdate asia.pool .ntp .org #north-america sudo 1. north-america.pool .ntp .org
用户 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 #//添加一个名为junguoguo的用户 adduser noxft42 # //修改密码 passwd noxft42 Changing password for user junguoguo. New UNIX password: //在这里输入新密码 Retype new UNIX password: //再次输入新密码 passwd: all authentication tokens updated successfully. # 增加用户权限 sudo # Use the usermod command to add the user to the wheel group. # usermod -aG wheel username # #If you want to delete the user without deleting any of their files, type this command as root: > userdel username # If you want to delete the user’s home directory along with the user account itself, type this command as root: > userdel -r username
添加root 用户1 2 3 4 5 6 7 8 9 10 $ adduser sss (创建用户sss) $passwd sss (创建sss的密码) $ chmod -v u+w /etc/sudoers (增加 sudoers 文件的写的权限,默认为只读) $ vi /etc/sudoers (修改 sudoers) ## Allow root to run any commands anywhere root ALL=(ALL) ALL sss ALL=(ALL) ALL (添加这一行)
保存,退出
1 2 3 chmod -v u-w /etc/sudoers (删除 sudoers 的写的权限) ##改回只读权限 #chmod 440 /etc/sudoers
ssh 加固 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 #修改 登录目的地机器 ssh-config vim /etc/ssh/sshd_config # SSH v2 加固 Protocol 2 PermitRootLogin yes PubkeyAuthentication yes PasswordAuthentication no # restart #注意再确定已经配置正确前,不要断开当前ssh (避免机器无法登录,变为木头) systemctl restart sshd
ssh 加固 1 2 3 4 5 6 7 8 9 10 11 12 13 #修改 登录目的地机器 ssh-config vim /etc/ssh/sshd_config PermitRootLogin yes PubkeyAuthentication yes PasswordAuthentication no # restart #注意再确定已经配置正确前,不要断开当前ssh (避免机器无法登录,变为木头) systemctl restart sshd
部分组件install bbr BBR解决了下面两个问题:在有一定丢包率的网络链路上充分利用带宽;降低网络链路上的 buffer 占用率,从而降低延迟。
1 2 3 4 5 6 7 8 9 10 11 12 #整体完成后会提示重启,输入y并重启VPS。 wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh chmod u+x bbr.sh ./bbr.sh #检查内核版本 4.10+ uname -r # 检查模块 lsmod | grep bbr