Linux 奇巧淫技

Linux Sep 14, 2015

这篇文章是完全按我的习惯来做了,如果大家有不一样的,可以在下方评论写出来,或者自己知道就好。如果你不是 root 用户登录的,部分操作需要加前缀 sudo

Debian 8 内置的有 wget,没有 zipcurl,所以拿到手先

apt-get install zip sudo curl

然后一个一个来:

升级系统

// 停止所有服务
service nginx stop
service php7.0-fpm stop
service mysql stop
service supervisor stop
service fail2ban stop
...
// 更新当前系统版本的依赖包
apt update && apt upgrade
// 替换源
sed -i 's/jessie/stretch/g' /etc/apt/sources.list
// 进行一次最小化升级(minimal upgrade)
apt update && apt upgrade
// 全部升级(full upgrade)
apt dist-upgrade
// 清除缓存
apt autoremove
apt clean
rm /var/cache/apt/archives/*.deb

Shell 命令替换字符串

sed -i "s/Strict-Transport-Security max-age=31536000/Strict-Transport-Security \"max-age=63072000; includeSubdomains; preload\"/g" `grep "Strict-Transport-Security max-age=31536000" -rl ./`

sed -i "s/Strict-Transport-Security max-age=31536000/Strict-Transport-Security \"max-age=63072000; includeSubdomains; preload\"/g" default.conf

查看系统版本

lsb_release -a

设置时间

date 可以查看当前时间

step-0 调整时区:$ tzselect
step-1 $ cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
step-2 $ nano /etc/adjtime 把 UTC 改成 LOCAL
step-3 $ hwclock --hctosys 把硬件时间写入系统时间
step-4 $ apt-get install ntpdate $ ntpdate 129.6.15.28 同步时间

设置 root 密码

我通常用 ssh 登陆新的服务器,所以密码不知道,用命令 passwd root 就可以改了

设置 ssh 端口

nano /etc/ssh/sshd_config
# Port 设置为任意值(只要不冲突)

service sshd restart

设置 Nginx PHP MariaDB 源

step-0

nano /etc/apt/sources.list

添加两行

deb http://nginx.org/packages/mainline/debian/ jessie nginx
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx

deb http://packages.dotdeb.org jessie all 
deb-src http://packages.dotdeb.org jessie all

deb http://mirrors.hustunique.com/mariadb/repo/10.1/debian jessie main
deb-src http://mirrors.hustunique.com/mariadb/repo/10.1/debian jessie main

step-1

把证书放到一个合适的地方,比如

cd /etc/apt
wget http://nginx.org/packages/keys/nginx_signing.key
apt-key add nginx_signing.key

wget https://www.dotdeb.org/dotdeb.gpg
apt-key add dotdeb.gpg

apt-get install software-properties-common
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db

DDos 防火墙

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

可以看到每个 ip 的连接数,几个十几个都是正常的,好几百上千肯定有问题

wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
nano /usr/local/ddos/ddos.conf

可以修改设置

##### Paths of the script and other files
PROGDIR="/usr/local/ddos"
PROG="/usr/local/ddos/ddos.sh"
IGNORE_IP_LIST="/usr/local/ddos/ignore.ip.list"  //IP地址白名单
CRON="/etc/cron.d/ddos.cron"    //定时执行程序
APF="/etc/apf/apf"
IPT="/sbin/iptables"

##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with --cron
#####          option so that the new frequency takes effect
FREQ=1   //检查时间间隔,默认1分钟

##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=150     //最大连接数,超过这个数IP就会被屏蔽,一般默认即可

##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1        //使用APF还是iptables。推荐使用iptables,将APF_BAN的值改为0即可。

##### KILL=0 (Bad IPs are'nt banned, good for interactive execution of script)
##### KILL=1 (Recommended setting)
KILL=1   //是否屏蔽IP,默认即可

##### An email is sent to the following address when an IP is banned.
##### Blank would suppress sending of mails
EMAIL_TO="root"   //当IP被屏蔽时给指定邮箱发送邮件,推荐使用,换成自己的邮箱即可

##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=600    //禁用IP时间,默认600秒,可根据情况调整

各种压缩命令

zip

压缩当前目录所有文件(不包括隐藏)
zip -r file.zip ./*

压缩当前目录所有文件(包括隐藏文件)
zip -r file.zip * .[^.]*

解压 zip 包
unzip file.zip

unzip -o -d file.zip /your/path
-o 为不提示的情况下覆盖文件

tar 包

个人比较喜欢 tar 包

解压 tar.gz
tar -xzf file.tar.gz

tar -jxp -f xxx.tar.bz2
tar -jcp -f xxx.tar.bz2 `ls -A`

MariaDB 支持外网访问 & 用户相关 & 权限相关

给 pblnw 用户外网访问所有数据库的权限

nano /etc/mysql/my.cnf
注释掉 bind-address  =127.0.0.1

grand all on  *.*  to pblnw@'%'  identifies  by 'yourPassword';

权限立刻生效
FLUSH PRIVILEGES;

导入 sql 数据
use xxx
source /your/path/to.sql

分配权限
grant all on ks_in.* to ks_in@localhost IDENTIFIED by 'nqwe12345';

查看数据库时间
select now();

top 命令的使用以及显示结果的介绍

Link

GNU nano 编辑器中文乱码

cat 命令显示中文是正常的,Mac Terminal 下 nano 不正常,VNC 下也不正常,说明不是 Mac Terminal 的编码问题。

nano /etc/default/locale

改成
LC_ALL="en_US.utf8"
LANGUAGE=en_US
LC_CTYPE=en_US.UTF-8
LANG="en_US.UTF-8"

就好了。

Linux 安装 Mysql-python mysql_config not found

apt-get install libmariadbclient-dev

Tags

Jie Li

🚘 On-road / 📉 US Stock / 💻 Full Stack Developer / 🎓 Grad Student / ®️ ENTJ

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.