1 前言
为了一套监控系统,学习Debin系统,现分享笔记如下,给有需要的人。
2 实践部分
2.1 配置以太网
2.1.1 固定地址配置
vi /etc/network/interfaces
加入如下内容:
auto eth0 iface eth0 inet static address 10.168.0.143 netmask 255.255.255.0 gateway 10.168.0.1
重启服务使配置生效
/etc/init.d/networking restart
2.1.2 桥接配置
1)安装桥套件
aptitude install bridge-utils
2)创建桥接口
brctl addbr br0
注,删除请使用
brctl delbr br0
3)配置桥
vim /etc/network/interfaces
输入如下配置:
auto br0 iface br0 inet static address 10.168.0.15 netmask 255.255.255.0 gateway 10.168.0.1 bridge_ports eth0 eth1 up /usr/sbin/brctl stp br0 on
4)重启服务使配置生效
/etc/init.d/networking restart
或者
ifconfig br0 up
2.2 配置DNS
vi /etc/resolv.conf
输入如下配置:
nameserver 8.8.8.8 nameserver 8.8.4.4
2.3 包管理
2.3.1 安装源配置
vi /etc/apt/sources.list
1)默认安装源全部注解(太慢):
#deb cdrom:[Debian GNU/Linux 7.11.0 _Wheezy_ - Official amd64 DVD Binary-1 20160605-17:36]/ wheezy contrib main deb http://security.debian.org/ wheezy/updates main contrib deb-src http://security.debian.org/ wheezy/updates main contrib
说明:
- deb 定义二进制安装包
- deb-src 定义源代码安装包
- 参数二定义安装包的根URL
- 参数三定义套件名称,分发名称或套件名称
- 参数四定义有效规定区域名称列表
2)配置国内源(Debian7.11)
echo "deb https://ftp.cn.debian.org/debian/dists Debian7.11 main" | tee /etc/apt/sources.list.d/debian.list
3)配置国内源(Debian8.6)
echo "deb http://ftp.cn.debian.org/debian Debian8.6 main" | tee /etc/apt/sources.list.d/debian.list
注:源地址的版本会有所变更,如升级到Debian8.x相应地址应该变更为(由于8.6源不保留)
echo "deb http://ftp2.cn.debian.org/debian Debian8.7 main" > /etc/apt/sources.list.d/debian.list echo "deb http://ftp.cn.debian.org/debian Debian8.7 main" >> /etc/apt/sources.list.d/debian.list echo "deb http://ftp2.cn.debian.org/debian Debian8.9 main" > /etc/apt/sources.list.d/debian.list echo "deb http://ftp.cn.debian.org/debian Debian8.9 main" >> /etc/apt/sources.list.d/debian.list
4)以上执行完需要更新本地缓存
apt-get update
5)启用aptitude包安装工具(比较好用)
apt-get install aptitude aptitude update
6)升级系统
aptitude upgrade
2.3.2 查询已经安装的包
dpkg -l dpkg -l vim-common
2.3.3 搜索安装包
aptitude search samba apt-cache search samba
2.3.4 安装软件包
aptitude install samba apt-get install samba
2.3.5 删除软件包
aptitude remove samba apt-get remove samba
2.3.6 更新当前系统软件包
apt-get upgrade
2.3.7 清理安装缓存
apt-get clean
2.3.8 升级系统
apt-get dist-upgrade
2.4 配置DHCP服务
2.4.1 安装DHCP服务
apt-get install isc-dhcp-server
2.4.2 修改主配置文件
cp /etc/default/isc-dhcp-server /etc/default/isc-dhcp-server.default vi /etc/default/isc-dhcp-server
配置参数如下:
DHCPD_CONF=/etc/dhcp/dhcpd.conf INTERFACES="eth0"
2.4.3 配置加载的子配置文件
cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.default vi /etc/dhcp/dhcpd.conf
配置如下:
ddns-update-style none; option domain-name "cmdschool.org"; option domain-name-servers 202.96.128.86,202.96.128.166; default-lease-time 600; max-lease-time 7200; log-facility local7; subnet 10.168.0.0 netmask 255.255.255.0 { range 10.168.0.26 10.168.0.30; option routers 10.168.0.1; option broadcast-address 10.168.0.255; default-lease-time 600; max-lease-time 7200; }
2.4.4 启动服务并配置默认启动
/etc/init.d/isc-dhcp-server start insserv isc-dhcp-server
2.5 安装桌面端
2.5.1 lxde桌面
Debian 7.x的安装
1)安装相关包
apt-get install lxde-core xinit xdm; apt-get install -f
2) 配置启动方式
echo 'exec startlxde' > ~/.xsession update-alternatives --config x-session-manager
3) 配置分辨率
echo '@xrandr -s 1024x768' >> /etc/xdg/lxsession/LXDE/autostart
Debian 8.x的安装
1)安装相关包
aptitude install xinit slim lightdm aptitude install --without-recommends lxde-core
2)配置启动方式
echo 'exec startlxde' > ~/.xinitrc update-alternatives --config x-session-manager
2.5.2 kde桌面
1)完全安装
aptitude install kde-full
2.6 安装谷歌浏览器
Debian 7.x的安装
1)安装软件包
dpkg -i google-chrome-stable_current_amd64.deb;apt-get install -f
2)修改配置
vi /usr/bin/chromium-browser
找到如下行:
exec $LIBDIR/$APPNAME $CHROMIUM_FLAGS "$@"
替换为如下行:
exec $LIBDIR/$APPNAME $CHROMIUM_FLAGS "$@" --user-data-dir
Debian 8.x的安装
1)下载安装包
下载页面:
http://www.google.cn/chrome/browser/desktop/index.html
下载的命令:
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
2)启动安装
dpkg -i google-chrome-stable_current_amd64.deb;apt-get install -f
3)加载flash插件
cd ~ wget https://fpdownload.adobe.com/pub/flashplayer/pdc/25.0.0.127/flash_player_ppapi_linux.x86_64.tar.gz tar -xf flash_player_ppapi_linux.x86_64.tar.gz mkdir /opt/google/chrome/PepperFlash cp libpepflashplayer.so manifest.json /opt/google/chrome/PepperFlash/ chmod -R 755 /opt/google/chrome/PepperFlash/
配置快捷方式加载flash插件
vim /usr/share/applications/google-chrome.desktop
将如下行:
Exec=/usr/bin/google-chrome-stable %U
修改为:
Exec=/usr/bin/google-chrome-stable %U --ppapi-flash-path=/opt/google/chrome/PepperFlash/libpepflashplayer.so
4)pepperflashlugin方式安装(失败几率高,不建议采用)
aptitude install pepperflashplugin-nonfree
2.7 火狐浏览器的安装
Debian 7.x的安装
1)配置安装源
echo "deb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main" | tee -a /etc/apt/sources.list.d/mozilla.list apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 2667CA5C
2)更新安装源
apt-get update
3)安装浏览器
apt-get install firefox-mozilla-build
Debian 8.x的安装
aptitude install firefox-esr
2.8 安装Teamviewar
2.8.1 下载安装包
wget https://downloadus2.teamviewer.com/download/version_12x/teamviewer_12.0.76279_amd64.deb
2.8.2 选择本地安装
dpkg -i teamviewer_12.0.76279_amd64.deb apt-get install -f
下载页面:
https://community.teamviewer.com/t5/Knowledge-Base/How-do-I-install-TeamViewer-on-my-Linux-distribution/ta-p/4351
2.8.3 解决依赖关系
apt-get install teamviewer; apt-get -f install
2.8.4 查看帮助
teamviewer --help
2.9 中文支持
2.9.1 支持显示中文
apt-get install fonts-droid
2.9.2 界面中文化
aptitude install locales dpkg-reconfigure locales
注:选择“zh_CN.UTF-8”即可
2.10 安装vim
apt-get install vim;apt-get install -f
2.11 防火墙配置
2.11.1 编写临时规则
vim /etc/iptables.test.rules
复制官方提供的模板并根据自己的需求修改
*filter # Permette tutto il traffico su loopback (lo0) traffic e elimina tutto il traffico che non usa lo0 verso 127/8 -A INPUT -i lo -j ACCEPT -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT # Accetta in entrata su tutte le connessioni stabilite -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Permette tutto il traffico in uscita # Potrebbe essere modificato per permettero solo un certo tipo di traffico -A OUTPUT -j ACCEPT # Permette connessioni HTTP e HTTPS da qualsiasi parte provengano (le normali porte per i siti web) -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT # Permette le connessioni SSH # Il numero --dport e' lo stesso di quello in /etc/ssh/sshd_config -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # Ora ci si dovrebbe informare sulle regole di iptables e considerare se l'accesso ssh # per tutti sia realmente quello che si vuole. Molto probabilmente si preferisce # permettere l'accesso solo per alcuni IP. # Permettere ping # notare che bloccare altri tipi di pacchetti icmp è considerata da alcuni una cattiva idea # rimuovere -m icmp --icmp-type 8 da questa riga per permettere tutti i tipi di icmp: # https://security.stackexchange.com/questions/22711 -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # registrare le chiamate negate di iptables (accesso via il comando 'dmesg') -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Respingere tutto il resto del traffico in entrata: politica del negare in modo predefinito quando non esplicitamente permesso -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT
2.11.2 导轨规则使之生效
iptables-restore < /etc/iptables.test.rules
2.11.3 命令行确认规则生效
iptables -L
2.11.4 保存规则到主配置文件
iptables-save > /etc/iptables.up.rules
2.11.5 配置开机自动加载
echo '#!/bin/sh' > /etc/network/if-pre-up.d/iptables echo '/sbin/iptables-restore < /etc/iptables.up.rules' >> /etc/network/if-pre-up.d/iptables chmod +x /etc/network/if-pre-up.d/iptables
2.12 路由转发配置
2.12.1 临时开启路由转发
echo 1 > /proc/sys/net/ipv4/ip_forward
2.12.2 永久开启路由转发
vim /etc/sysctl.conf
去掉此行的注解:
net.ipv4.ip_forward = 1
2.13 修改Crontab的默认编辑器
aptitude install vim aptitude remove nano
2.14 配置时间
2.14.1 配置时区
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
2.14.2 时间同步
1)安装时间同步相关包
aptitude install chrony
2)同步时间
chronyc sources
2.14.3 手动配置时间
1)查询时间和日志
date
2)设置日期
date -s 12/15/2016 #mm/dd/yy
3)设置时间
date -s 10:05:30 #hh:mm:s
4)把时间写入BIOS
hwclock -w
2.15 配置花生壳域名解析
2.15.1 安装软件包
aptitude install curl
2.15.2 创建解析脚本
mkdir ~/script/ vim ~/script/pusoray.sh
输入如下配置(假设域名是cmdschool.org):
#!/bin/bash domain="cmdschool.org" user="username" pwd="password" /usr/bin/curl "http://$user:[email protected]/ph/update?hostname=$domain"
注:“.”的url编码是“%2e”
2.15.3 自动调用解析脚本
crontab -e
输入如下配置:
*/3 * * * * sh ~/script/pusoray.sh
2.16 配置VNC
2.16.1 安装软件包
aptitude install vnc4server
2.16.2 启动服务并修改密码
vnc4server -geometry 1024x768 -depth 24
2.16.3 修改配置文件
vim ~/.vnc/xstartup
修改配置如下:
#!/bin/sh # Uncomment the following two lines for normal desktop: # unset SESSION_MANAGER exec /etc/X11/xinit/xinitrc [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & x-window-manager &
2.16.4 启动和结束
vnc4server :1 vnc4server -kill :1
2.16.5 配置启动服务
1)配置服务控制脚本
vim /etc/init.d/vnc4server
输入如下配置:
#! /bin/bash export USER="root" export PATH="/usr/local/bin:/usr/bin:/bin:/usr/bin/X11" start() { su - $USER -c"vnc4server :1" } stop() { su - $USER -c"vnc4server -clean -kill :1" } case "$1" in start) echo -n "Starting Xvnc: " start ;; stop) echo -n "Stopping Xvnc " stop ;; restart) echo -n "Restarting Xvnc " stop start ;; ****) echo "Usage: /etc/init.d/vnc4server {start|stop|restart}" ;; esac exit 0
注意:USER可设置为普通用户
2)配置启动脚本权限
chmod a+x /etc/init.d/vnc4server
3)配置脚本自动启动
insserv vnc4server
4)测试服务脚本
/etc/init.d/vncserver start /etc/init.d/vncserver restart /etc/init.d/vncserver stop
2.17 配置WiFi
2.17.1 安装WiFi管理工具
aptitude install wireless-tools
2.18 桌面办公软件
2.18.1 安装Libreoffice
aptitude install libreoffice
2.18.2 中文输入法
aptitude install ibus ibus-sunpinyin ibus-table-wubi
然后使用菜单配置:
Activities->Applications->Settings->IBus Preferences->Input Method->Add->Chinese->SunPinyin
2.19 电源管理
2.19.1 合上笔记本盖子不待机
vim /etc/systemd/logind.conf
修改如下参数
HandleLidSwitch=ignore
重启服务
systemctl restart systemd-logind.service
===========================================
官方文档:
https://www.debian.org/
下载地址:
https://www.debian.org/CD/http-ftp/
http://cdp_w_picpath.debian.org/cdp_w_picpath/archive/
Debian源地址:
https://www.debian.org/mirror/list
wiki:
https://wiki.debian.org/zh_CN/FrontPage?action=show&redirect=%E9%A6%96%E9%A1%B5
安装手册:
https://wiki.debian.org/zh_CN/QuickInstall
https://www.debian.org/releases/stable/amd64/index.html.zh-cn
网路配置:
https://wiki.debian.org/NetworkConfiguration
官方包更新方法:
http://security.debian.org/
包使用方法:
https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_literal_apt_get_literal_literal_apt_cache_literal_vs_literal_aptitude_literal
桌面端的安装:
https://wiki.lxde.org/en/Debian
https://wiki.debian.org/LXDE
火狐浏览器的安装源:
https://sourceforge.net/projects/ubuntuzilla/files/apt/dists/all/main/
火狐浏览器的安装方法:
https://sourceforge.net/p/ubuntuzilla/wiki/Main_Page/
chrome安装方法(需要×××)
https://support.google.com/chrome/answer/1649523?hl=en
Teamviewer安装说明:
https://www.teamviewer.com/zhcn/help/363-How-do-I-install-TeamViewer-on-my-Linux-distribution.aspx
iptables配置
https://wiki.debian.org/it/iptables
open***配置:
https://wiki.debian.org/open***%20for%20server%20and%20client
vnc4server
http://www.debianhelp.co.uk/vnc.htm
非官方参阅:
包管理的使用
http://blog.chinaunix.net/uid-25672683-id-2940667.html
http://blog.chinaunix.net/uid-20769502-id-106056.html
防火墙iptables的使用
http://blog.slogra.com/post-232.html
关于硬件:
http://www.cnblogs.com/kuliuheng/p/4184521.html
flash install
https://wiki.debian.org/Flash
https://wiki.debian.org/FlashPlayer
https://wiki.debian.org/PepperFlashPlayer/Installing
flash download
http://www.adobe.com/software/flash/about/
WiFi Tools
https://wiki.debian.org/WiFi/
TigerVNC
https://packages.debian.org/jessie/ssvnc
http://vnc.devloop.org.uk/
Debian版本
https://www.debian.org/releases/