HDU 2057 A + B Again(16进制加法)
2168
2022-08-23
Ubuntu操作系统日常管理和系统优化
一、Ubuntu操作系统日常管理
一)在Ubuntu操作系统上启用SSH
默认情况下,当安装完Ubuntu系统后,系统是不允许通过SSH进行远程访问,需要用户安装OpenSSH并启动。
默认情况下,Ubuntu不允许root远程登录;安装系统时,创建的普通用户切换到root时,需要输入密码。
1、安装openssh-server软件,并启动
sudo apt updatesudo apt install
出现提示时,输入密码,然后按Enter继续安装
安装完成后,SSH服务默认自动启动,检验服务运行状态
# systemctl status sshd●ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2022-05-11 09:48:10 CST; 31min ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 12269 (sshd) Tasks: 1 (limit: 9406) Memory: 1.3M CGroup: /system.slice/ssh.service └─12269 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100
Linux 和 macOS 系统默认安装了 SSH 客户端。Windows需要安装SSH客户端,例如xshell等。
2、连接SSH Server
使用以下格式调用 ssh 命令,然后输入用户名和IP地址
ssh
首次连接时,看提示,然后输入yes;系统再次提示,输入密码即可登录到ubuntu主机;然后就可以操作系统,愉快的玩耍了
3、在ubuntu上禁用SSH
Ubuntu系统上禁用SSH服务器,只需运行以下命令即可停止SSH服务
sudo systemctl disable --now ssh
重启启动SSH,运行下面的命令
sudo systemctl enable --now ssh
二)Ubuntu开机自启服务设置
1、在/lib/systemd/system目录下创建devops.service服务(文件)
[Unit]Description=/app/scripts/devops CompatibilityDocumentation=man:systemd-devops-generator(8)ConditionFileIsExecutable=/app/scripts/devopsAfter=network.target [Service]Type=forkingExecStart=/app/scripts/devops startTimeoutSec=0RemainAfterExit=yesGuessMainPID=no [Install]WantedBy=multi-user.targetAlias=devops.service
2、启动服务
systemctl start devops.service #启动服务 systemctl status devops.service #查看服务是否启动 systemctl enable devops.service #开机运行服务 systemctl is-enabled devops.service #查询服务是否开机启动
3、服务常用命令
systemctl is-enabled servicename.service #查询服务是否开机启动 systemctl enable *.service #开机运行服务 systemctl disable *.service #取消开机运行 systemctl start *.service #启动服务 systemctl stop *.service #停止服务 systemctl restart *.service #重启服务 systemctl reload *.service #重新加载服务配置文件 systemctl status *.service #查询服务运行状态
三)ubuntu常见包管理方式
1、软件安装方法
APT方式安装
普通安装:apt-get install softname1 softname2 …修复安装(-f Atemp to correct broken dependencies):apt-get -f install softname1 softname2... 重新安装:apt-get --reinstall install
dpkg方式
dpkg -i package_name.deb
源码编译安装
压缩包格式:.tar、tar.gz、tar.bz2、tar.Z
解xx.tar.gz:tar zxf xx.tar.gz 解xx.tar.Z:tar zxf xx.tar.Z 解xx.tgz:tar zxf xx.tgz 解xx.bz2:bunzip2 xx.bz2 解xx.tar:tar xf xx.tar
切换到源码顶层目录,依次执行下面的命令
./configuremakesudo make install
2、软件包的卸载方式
APT方式
移除式卸载:(移除软件包,当包尾部有+时,意为安装)apt-get remove softname1 softname2 …清除式卸载 :(同时清除配置)apt-get --purge remove softname1 softname2...清除式卸载:(同上,也清除配置文件)apt-get purge sofname1 softname2...;
dpkg方式
移除式卸载:dpkg -r pkg1 pkg2 ...清除式卸载:dpkg -P pkg1 pkg2...
3、其他应用总结
apt-cache search # ------(package 搜索包)apt-cache show #------(package 获取包的相关信息,如说明、大小、版本等)apt-get install # ------(package 安装包)apt-get install # -----(package --reinstall 重新安装包)apt-get -f install # -----(强制安装, "-f = --fix-missing"当是修复安装吧...)apt-get remove #-----(package 删除包)apt-get remove --purge # ------(package 删除包,包括删除配置文件等)apt-get autoremove --purge # ----(package 删除包及其依赖的软件包+配置文件等(只对6.10有效,强烈推荐))apt-get update #------更新源apt-get upgrade #------更新已安装的包apt-get dist-upgrade # ---------升级系统apt-get dselect-upgrade #------使用 dselect 升级apt-cache depends #-------(package 了解使用依赖)apt-cache rdepends # ------(package 了解某个具体的依赖,当是查看该包被哪些包依赖吧...)apt-get build-dep # ------(package 安装相关的编译环境)apt-get source #------(package -该包的源代码)apt-get clean && apt-get autoclean # --------清理-文件的存档 && 只清理过时的包apt-get check #-------检查是否有损坏的依赖dpkg -S filename -----查找filename属于哪个软件包apt-file search filename -----查找filename属于哪个软件包apt-file list packagename -----列出软件包的内容apt-file update --更新apt-file的数据库dpkg --info "软件包名" --列出软件包解包后的包名称.dpkg -l --列出当前系统中所有的包.可以和参数less一起使用在分屏查看. (类似于rpm -qa)dpkg -l |grep -i "软件包名" --查看系统中与"软件包名"相关联的包.dpkg -s 查询已安装的包的详细信息.dpkg -L 查询系统中已安装的软件包所安装的位置. (类似于rpm -ql)dpkg -S 查询系统中某个文件属于哪个软件包. (类似于rpm -qf)dpkg -I 查询deb包的详细信息,在一个软件包-到本地之后看看用不用安装(看一下呗).dpkg -i 手动安装软件包(这个命令并不能解决软件包之前的依赖性问题),如果在安装某一个软件包的时候遇到了软件依赖的问题,可以用apt-get -f install在解决信赖性这个问题.dpkg -r 卸载软件包.不是完全的卸载,它的配置文件还存在.dpkg -P 全部卸载(但是还是不能解决软件包的依赖性的问题)dpkg -reconfigure 重新配置
ubuntu包管理大全
四)初始化的部分操作
1、安装ssh服务
# ubuntu默认情况下需要自己安装ssh服务sudo apt install
2、更换镜像源(国内的主机)
Ubuntu 的软件源配置文件是 /etc/apt/sources.list。将系统自带的该文件做个备份
# 备份初始源sudo cp
阿里源
# 阿里源deb bionic main restricted universe multiversedeb bionic-security main restricted universe multiversedeb bionic-updates main restricted universe multiversedeb bionic-proposed main restricted universe multiversedeb bionic-backports main restricted universe multiversedeb-src bionic main restricted universe multiversedeb-src bionic-security main restricted universe multiversedeb-src bionic-updates main restricted universe multiversedeb-src bionic-proposed main restricted universe multiversedeb-src bionic-backports main restricted universe multiverse
清华源
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释deb focal main restricted universe multiverse# deb-src focal main restricted universe multiversedeb focal-updates main restricted universe multiverse# deb-src focal-updates main restricted universe multiversedeb focal-backports main restricted universe multiverse# deb-src focal-backports main restricted universe multiversedeb focal-security main restricted universe multiverse# deb-src focal-security main restricted universe multiverse# 预发布软件源,不建议启用# deb focal-proposed main restricted universe multiverse# deb-src focal-proposed main restricted universe multiverse
更新完源后,刷新列表
sudo apt-get updatesudo
3、防火墙(根据实际环境做出调整)
# 禁用防火墙tinychen@tiny-server:~$ sudo ufw disableFirewall stopped and disabled on system startup
4、禁用IPv6(根据实际环境做出调整)
echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.confecho "net.ipv6.conf.default.disable_ipv6=1" >> /etc/sysctl.confecho "net.ipv6.conf.lo.disable_ipv6=1" >> /etc/sysctl.confsudo
5、安装navidia显卡驱动
# 查看显卡型号和推荐安装的驱动$ ubuntu-drivers devices== /sys/devices/pci0000:00/0000:00:1c.7/0000:08:00.0 ==modalias : pci:v000010DEd00000A66sv00001B0Asd00009060bc03sc00i00vendor : NVIDIA Corporationmodel : gt218 [GeForce 310]driver : nvidia-340 - distro non-free recommendeddriver : xserver-xorg-video-nouveau - distro free builtin# 自动安装默认推荐的驱动$ sudo ubuntu-drivers autoinstall[sudo] password for
6、调整服务器时区(若安装系统已调整,此项跳过)
1)查看当前时间状态 timedatectl status所有的时区名称存储在/usr/share/zoneinfo文件中。2)执行命令, 将时区设为上海时区。timedatectl set-timezone "Asia/Shanghai"3)重新查看当前时间状态timedatectl status
二、Ubuntu操作系统优化
Ubuntu 系列服务器操作系统初始化、系统安全加固脚本,内容包含了,网络初始化设置,软件更新源替换以及内核版本升级 ,时间时区初始化设置 系统安全加固(等保三级操作系统主机检查项) 安全运维设置 系统内核参数 常用软件安装等 一系列的操作直接开箱即用, 将跑过该脚本的机器可以克隆成为作为线上生产环境的基线模板。
脚本适用说明:
Ubuntu 20.04 (已测试Ubuntu 18.04 (部分适用)
#!/bin/bash# @Author: WeiyiGeek# @Description: Ubuntu TLS Security Initiate# @Create Time: 2019年9月1日 16:43:33# @Last Modified time: 2021-11-15 11:06:31# @Blog: @wechat: WeiyiGeeker# @Github: @Version: 3.3#-------------------------------------------------## 脚本主要功能说明:# (1) Ubuntu 系统初始化操作包括IP地址设置、基础软件包更新以及安装加固。# (2) Ubuntu 系统容器以及JDK相关环境安装。# (3) Ubuntu 系统中异常错误日志解决。# (4) Ubuntu 系统常规服务安装配置,加入数据备份目录。# (5) Ubuntu 脚本错误优化、添加禁用cloud-init#-------------------------------------------------### 系统全局变量定义HOSTNAME=Ubuntu-Security-TemplateIP=192.168.1.2GATEWAY=192.168.1.1DNSIP=("223.5.5.5" "223.6.6.6")SSHPORT=20211DefaultUser="WeiyiGeek" # 系统创建的用户名称非root用户ROOTPASS=WeiyiGeek # 密码建议12位以上且包含数字、大小写字母以及特殊字符。APPPASS=WeiyiGeek## 名称: err 、info 、warning## 用途:全局Log信息打印函数## 参数: $@log::err() { printf "[$(date +'%Y-%m-%dT%H:%M:%S')]: \033[31mERROR: $@ \033[0m\n"}log::info() { printf "[$(date +'%Y-%m-%dT%H:%M:%S')]: \033[32mINFO: $@ \033[0m\n"}log::warning() { printf "[$(date +'%Y-%m-%dT%H:%M:%S')]: \033[33mWARNING: $@ \033[0m\n"}## 名称: os::Network## 用途: 网络配置相关操作脚本包括(IP地址修改)## 参数: 无os::Network () { log::info "[-] 操作系统网络配置相关脚本,开始执行....."# (1) IP地址与主机名称设置sudo cp /etc/netplan/00-installer-config.yaml{,.bak}mkdir /opt/init/sudo tee /opt/init/network.sh <<'EOF'#!/bin/bashCURRENT_IP=$(hostname -I | cut -f 1 -d " ")GATEWAY=$(hostname -I | cut -f 1,2,3 -d ".")if [[ $# -lt 3 ]];then echo "Usage: $0 IP Gateway Hostname" exitfiecho "IP:${1} # GATEWAY:${2} # HOSTNAME:${3}"sudo sed -i "s#${CURRENT_IP}#${1}#g" /etc/netplan/00-installer-config.yamlsudo sed -i "s#${GATEWAY}.1#${2}#g" /etc/netplan/00-installer-config.yamlsudo hostnamectl set-hostname ${3} sudo netplan applyEOFsudo chmod +x /opt/init/network.sh# (2) 本地主机名解析设置sed -i "s/127.0.1.1\s.\w.*$/127.0.1.1 ${HOSTNAME}/g" /etc/hostsgrep -q "^\$(hostname -I)\s.\w.*$" /etc/hosts && sed -i "s/\$(hostname -I)\s.\w.*$/${IPADDR} ${HOSTNAME}" /etc/hosts || echo "${IPADDR} ${HOSTNAME}" >> /etc/hosts# (3) 系统DNS域名解析服务设置cp -a /etc/resolv.conf{,.bak}for dns in ${DNSIP[@]};do echo "nameserver ${dns}" >> /etc/resolv.conf;donesudo /opt/init/network.sh ${IP} ${GATEWAY} ${HOSTNAME}log::info "[*] network configure modifiy successful! restarting Network........."}## 名称: os::Software## 用途: 操作系统软件包管理及更新源配置## 参数: 无os::Software () { log::info "[-] 操作系统软件包管理及更新源配置相关脚本,开始执行....."# (1) 卸载多余软件,例如 snap 软件及其服务sudo systemctl stop snapd snapd.socket #停止snapd相关的进程服务sudo apt autoremove --purge -y snapdsudo systemctl daemon-reloadsudo rm -rf ~/snap /snap /var/snap /var/lib/snapd /var/cache/snapd /run/snapd# (2) 软件源设置与系统更新sudo cp /etc/apt/sources.list{,.bak}sudo tee /etc/apt/sources.list <<'EOF'#阿里云Mirrors - Ubuntudeb focal main restricted universe multiversedeb-src focal main restricted universe multiversedeb focal-security main restricted universe multiversedeb-src focal-security main restricted universe multiversedeb focal-updates main restricted universe multiversedeb-src focal-updates main restricted universe multiversedeb focal-proposed main restricted universe multiversedeb-src focal-proposed main restricted universe multiversedeb focal-backports main restricted universe multiversedeb-src focal-backports main restricted universe multiverseEOF# (3) 内核版本升级以及常规软件安装sudo apt autoclean && sudo apt update && sudo apt upgrade -ysudo apt install -y nano vim git unzip wget ntpdate dos2unix net-tools tree htop ncdu nload sysstat psmisc bash-completion fail2ban gcc g++ make jq nfs-common rpcbind libpam-cracklib# (4) 代理方式进行更新# sudo apt autoclean && sudo apt -o Acquire::update && sudo apt -o Acquire::upgrade -y# sudo apt install -o Acquire::-y nano vim git unzip wget ntpdate dos2unix net-tools tree htop ncdu nload sysstat psmisc bash-completion fail2ban}## 名称: os::TimedataZone## 用途: 操作系统时间与时区同步配置## 参数: 无os::TimedataZone () { log::info "[*] 操作系统系统时间时区配置相关脚本,开始执行....."# (1) 时间同步服务端容器(可选也可以用外部ntp服务器) : docker run -d --rm --cap-add SYS_TIME -e ALLOW_CIDR=0.0.0.0/0 -p 123:123/udp geoffh1977/chronyecho "同步前的时间: $(date -R)"# 方式1.Chrony 客户端配置apt install -y chronygrep -q "192.168.12.254" /etc/chrony/chrony.conf || sudo tee -a /etc/chrony/chrony.conf <<'EOF'pool 192.168.10.254 iburst maxsources 1pool 192.168.12.254 iburst maxsources 1pool 192.168.4.254 iburst maxsources 1pool ntp.aliyun.com iburst maxsources 4keyfile /etc/chrony/chrony.keysdriftfile /var/lib/chrony/chrony.driftlogdir /var/log/chronymaxupdateskew 100.0rtcsync# 允许跳跃式校时 如果在前 3 次校时中时间差大于 1.0smakestep 1 3EOFsystemctl enable chrony && systemctl restart chrony && systemctl status chrony -l# 方式2# sudo ntpdate 192.168.10.254 || sudo ntpdate 192.168.12.215 || sudo ntpdate ntp1.aliyun.com# 方式3# echo 'NTP=192.168.10.254 192.168.4.254' >> /etc/systemd/timesyncd.conf# echo 'FallbackNTP=ntp.aliyun.com' >> /etc/systemd/timesyncd.conf# systemctl restart systemd-timesyncd.service# (2) 时区与地区设置: sudo cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtimesudo timedatectl set-timezone Asia/Shanghai# sudo dpkg-reconfigure tzdata # 修改确认# sudo bash -c "echo 'Asia/Shanghai' > /etc/timezone" # 与上一条命令一样# 将当前的 UTC 时间写入硬件时钟 (硬件时间默认为UTC)sudo timedatectl set-local-rtc 0# 启用NTP时间同步:sudo timedatectl set-ntp yes# 校准时间服务器-时间同步(推荐使用chronyc进行平滑同步)sudo chronyc tracking# 手动校准-强制更新时间# chronyc -a makestep# 系统时钟同步硬件时钟# sudo hwclock --systohcsudo hwclock -w# (3) 重启依赖于系统时间的服务sudo systemctl restart rsyslog.service cron.servicelog::info "[*] Tie confmigure modifiy successful! restarting chronyd rsyslog.service crond.service........."timedatectl}## 名称: os::Security## 用途: 操作系统安全加固配置脚本(符合等保要求-三级要求)## 参数: 无os::Security () { log::info "正在进行->操作系统安全加固(符合等保要求-三级要求)配置"# (0) 系统用户核查配置 log::info "[-] 锁定或者删除多余的系统账户以及创建低权限用户"userdel -r lxdgroupdel lxddefaultuser=(root daemon bin sys games man lp mail news uucp proxy backup list irc gnats nobody systemd-network systemd-resolve systemd-timesync messagebus syslog _apt tss uuidd tcpdump landscape pollinate usbmux sshd systemd-coredump _chrony)for i in $(cat /etc/passwd | cut -d ":" -f 1,7);do flag=0; name=${i%%:*}; terminal=${i##*:} if [[ "${terminal}" == "/bin/bash" || "${terminal}" == "/bin/sh" ]];then log::warning "${i} 用户,shell终端为 /bin/bash 或者 /bin/sh" fi for j in ${defaultuser[@]};do if [[ "${name}" == "${j}" ]];then flag=1 break; fi done if [[ $flag -eq 0 ]];then log::warning "${i} 非默认用户" fidonecp /etc/shadow /etc/shadow-`date +%Y%m%d`.bakpasswd -l adm&>/dev/null 2&>/dev/null; passwd -l daemon&>/dev/null 2&>/dev/null; passwd -l bin&>/dev/null 2&>/dev/null; passwd -l sys&>/dev/null 2&>/dev/null; passwd -l lp&>/dev/null 2&>/dev/null; passwd -l uucp&>/dev/null 2&>/dev/null; passwd -l nuucp&>/dev/null 2&>/dev/null; passwd -l smmsplp&>/dev/null 2&>/dev/null; passwd -l mail&>/dev/null 2&>/dev/null; passwd -l operator&>/dev/null 2&>/dev/null; passwd -l games&>/dev/null 2&>/dev/null; passwd -l gopher&>/dev/null 2&>/dev/null; passwd -l ftp&>/dev/null 2&>/dev/null; passwd -l nobody&>/dev/null 2&>/dev/null; passwd -l nobody4&>/dev/null 2&>/dev/null; passwd -l noaccess&>/dev/null 2&>/dev/null; passwd -l listen&>/dev/null 2&>/dev/null; passwd -l webservd&>/dev/null 2&>/dev/null; passwd -l rpm&>/dev/null 2&>/dev/null; passwd -l dbus&>/dev/null 2&>/dev/null; passwd -l avahi&>/dev/null 2&>/dev/null; passwd -l mailnull&>/dev/null 2&>/dev/null; passwd -l nscd&>/dev/null 2&>/dev/null; passwd -l vcsa&>/dev/null 2&>/dev/null; passwd -l rpc&>/dev/null 2&>/dev/null; passwd -l rpcuser&>/dev/null 2&>/dev/null; passwd -l nfs&>/dev/null 2&>/dev/null; passwd -l sshd&>/dev/null 2&>/dev/null; passwd -l pcap&>/dev/null 2&>/dev/null; passwd -l ntp&>/dev/null 2&>/dev/null; passwd -l haldaemon&>/dev/null 2&>/dev/null; passwd -l distcache&>/dev/null 2&>/dev/null; passwd -l webalizer&>/dev/null 2&>/dev/null; passwd -l squid&>/dev/null 2&>/dev/null; passwd -l xfs&>/dev/null 2&>/dev/null; passwd -l gdm&>/dev/null 2&>/dev/null; passwd -l sabayon&>/dev/null 2&>/dev/null; passwd -l named&>/dev/null 2&>/dev/null# (2) 用户密码设置和口令策略设置 log::info "[-] 配置满足策略的root管理员密码 "echo ${ROOTPASS} | passwd --stdin rootlog::info "[-] 配置满足策略的app普通用户密码(根据需求配置)"groupadd applicationuseradd -m -s /bin/bash -c "application primary user" -g application app echo ${APPPASS} | passwd --stdin app log::info "[-] 强制用户在下次登录时更改密码 "chage -d 0 -m 0 -M 90 -W 15 root && passwd --expire root chage -d 0 -m 0 -M 90 -W 15 ${DefaultUser} && passwd --expire ${DefaultUser} chage -d 0 -m 0 -M 90 -W 15 app && passwd --expire app log::info "[-] 用户口令复杂性策略设置 (密码过期周期0~90、到期前15天提示、密码长度至少15、复杂度设置至少有一个大小写、数字、特殊字符、密码三次不能一样、尝试次数为三次)"egrep -q "^\s*PASS_MIN_DAYS\s+\S*(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)PASS_MIN_DAYS\s+\S*(\s*#.*)?\s*$/\PASS_MIN_DAYS 0/" /etc/login.defs || echo "PASS_MIN_DAYS 0" >> /etc/login.defsegrep -q "^\s*PASS_MAX_DAYS\s+\S*(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)PASS_MAX_DAYS\s+\S*(\s*#.*)?\s*$/\PASS_MAX_DAYS 90/" /etc/login.defs || echo "PASS_MAX_DAYS 90" >> /etc/login.defsegrep -q "^\s*PASS_WARN_AGE\s+\S*(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)PASS_WARN_AGE\s+\S*(\s*#.*)?\s*$/\PASS_WARN_AGE 15/" /etc/login.defs || echo "PASS_WARN_AGE 15" >> /etc/login.defsegrep -q "^\s*PASS_MIN_LEN\s+\S*(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)PASS_MIN_LEN\s+\S*(\s*#.*)?\s*$/\PASS_MIN_LEN 15/" /etc/login.defs || echo "PASS_MIN_LEN 15" >> /etc/login.defsegrep -q "^password\s.+pam_cracklib.so\s+\w+.*$" /etc/pam.d/common-password && sed -ri '/^password\s.+pam_cracklib.so/{s/pam_cracklib.so\s+\w+.*$/pam_cracklib.so retry=3 minlen=15 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 difok=1/g;}' /etc/pam.d/common-passwordegrep -q "^password\s.+pam_unix.so\s+\w+.*$" /etc/pam.d/common-password && sed -ri '/^password\s.+pam_unix.so/{s/pam_unix.so\s+\w+.*$/pam_unix.so obscure use_authtok try_first_pass sha512 remember=3/g;}' /etc/pam.d/common-password log::info "[-] 存储用户密码的文件,其内容经过sha512加密,所以非常注意其权限"touch /etc/security/opasswd && chown root:root /etc/security/opasswd && chmod 600 /etc/security/opasswd # (3) 用户sudo权限以及重要目录和文件的权限设置 log::info "[-] 用户sudo权限以及重要目录和文件的新建默认权限设置"# 如uBuntu安装时您创建的用户 WeiyiGeek 防止直接通过 sudo passwd 修改root密码(此时必须要求输入WeiyiGeek密码后才可修改root密码)# Tips: Sudo允许授权用户权限以另一个用户(通常是root用户)的身份运行程序, # DefaultUser="weiyigeek"sed -i "/# Members of the admin/i ${DefaultUser} ALL=(ALL) PASSWD:ALL" /etc/sudoers log::info "[-] 配置用户 umask 为022 "egrep -q "^\s*umask\s+\w+.*$" /etc/profile && sed -ri "s/^\s*umask\s+\w+.*$/umask 022/" /etc/profile || echo "umask 022" >> /etc/profileegrep -q "^\s*umask\s+\w+.*$" /etc/bash.bashrc && sed -ri "s/^\s*umask\s+\w+.*$/umask 022/" /etc/bashrc || echo "umask 022" >> /etc/bash.bashrc# log::info "[-] 设置用户目录创建默认权限, (初始为077比较严格),在设置 umask 为022 及 777 - 022 "# egrep -q "^\s*(umask|UMASK)\s+\w+.*$" /etc/login.defs && sed -ri "s/^\s*(umask|UMASK)\s+\w+.*$/UMASK 022/" /etc/login.defs || echo "UMASK 022" >> /etc/login.defs log::info "[-] 设置或恢复重要目录和文件的权限"chmod 755 /etc; chmod 777 /tmp; chmod 700 /etc/inetd.conf&>/dev/null 2&>/dev/null; chmod 755 /etc/passwd; chmod 755 /etc/shadow; chmod 644 /etc/group; chmod 755 /etc/security; chmod 644 /etc/services; chmod 750 /etc/rc*.dchmod 600 ~/.ssh/authorized_keys log::info "[-] 删除潜在威胁文件 "find / -maxdepth 3 -name hosts.equiv | xargs rm -rffind / -maxdepth 3 -name -rc | xargs rm -rffind / -maxdepth 3 -name .rhosts | xargs rm -rf# (4) SSHD 服务安全加固设置log::info "[-] sshd 服务安全加固设置"# 严格模式sudo egrep -q "^\s*StrictModes\s+.+$" /etc/ssh/sshd_config && sed -ri "s/^(#)?\s*StrictModes\s+.+$/StrictModes yes/" /etc/ssh/sshd_config || echo "StrictModes yes" >> /etc/ssh/sshd_config# 监听端口更改if [ -e ${SSHPORT} ];then export SSHPORT=20211;fisudo egrep -q "^\s*Port\s+.+$" /etc/ssh/sshd_config && sed -ri "s/^(#)?\s*Port\s+.+$/Port ${SSHPORT}/" /etc/ssh/sshd_config || echo "Port ${SSHPORT}" >> /etc/ssh/sshd_config# 禁用X11转发以及端口转发sudo egrep -q "^\s*X11Forwarding\s+.+$" /etc/ssh/sshd_config && sed -ri "s/^(#)?\s*X11Forwarding\s+.+$/X11Forwarding no/" /etc/ssh/sshd_config || echo "X11Forwarding no" >> /etc/ssh/sshd_configsudo egrep -q "^\s*X11UseLocalhost\s+.+$" /etc/ssh/sshd_config && sed -ri "s/^(#)?\s*X11UseLocalhost\s+.+$/X11UseLocalhost yes/" /etc/ssh/sshd_config || echo "X11UseLocalhost yes" >> /etc/ssh/sshd_configsudo egrep -q "^\s*AllowTcpForwarding\s+.+$" /etc/ssh/sshd_config && sed -ri "s/^(#)?\s*AllowTcpForwarding\s+.+$/AllowTcpForwarding no/" /etc/ssh/sshd_config || echo "AllowTcpForwarding no" >> /etc/ssh/sshd_configsudo egrep -q "^\s*AllowAgentForwarding\s+.+$" /etc/ssh/sshd_config && sed -ri "s/^(#)?\s*AllowAgentForwarding\s+.+$/AllowAgentForwarding no/" /etc/ssh/sshd_config || echo "AllowAgentForwarding no" >> /etc/ssh/sshd_config# 关闭禁用用户的 .rhosts 文件 ~/.ssh/.rhosts 来做为认证: 缺省IgnoreRhosts yes egrep -q "^(#)?\s*IgnoreRhosts\s+.+$" /etc/ssh/sshd_config && sed -ri "s/^(#)?\s*IgnoreRhosts\s+.+$/IgnoreRhosts yes/" /etc/ssh/sshd_config || echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config# 禁止root远程登录(推荐配置-根据需求配置)egrep -q "^\s*PermitRootLogin\s+.+$" /etc/ssh/sshd_config && sed -ri "s/^\s*PermitRootLogin\s+.+$/PermitRootLogin no/" /etc/ssh/sshd_config || echo "PermitRootLogin no" >> /etc/ssh/sshd_config# 登陆前后欢迎提示设置egrep -q "^\s*(banner|Banner)\s+\W+.*$" /etc/ssh/sshd_config && sed -ri "s/^\s*(banner|Banner)\s+\W+.*$/Banner \/etc\/issue/" /etc/ssh/sshd_config || \echo "Banner /etc/issue" >> /etc/ssh/sshd_configlog::info "[-] 远程SSH登录前后提示警告Banner设置"# SSH登录前警告Bannersudo tee /etc/issue <<'EOF'****************** [ 安全登陆 (Security Login) ] *****************Authorized only. All activity will be monitored and reported.By Security Center.EOF# SSH登录后提示Bannersed -i '/^fi/a\\n\necho "\\e[1;37;41;5m################## 安全运维 (Security Operation) ####################\\e[0m"\necho "\\e[32mLogin success. Please execute the commands and operation data carefully.By WeiyiGeek.\\e[0m"' /etc/update-motd.d/00-header# (5) 用户远程登录失败次数与终端超时设置 log::info "[-] 用户远程连续登录失败10次锁定帐号5分钟包括root账号"sed -ri "/^\s*auth\s+required\s+pam_tally2.so\s+.+(\s*#.*)?\s*$/d" /etc/pam.d/sshd sed -ri '2a auth required pam_tally2.so deny=10 unlock_time=300 even_deny_root root_unlock_time=300' /etc/pam.d/sshd # 宿主机控制台登陆(可选)# sed -ri "/^\s*auth\s+required\s+pam_tally2.so\s+.+(\s*#.*)?\s*$/d" /etc/pam.d/login# sed -ri '2a auth required pam_tally2.so deny=5 unlock_time=300 even_deny_root root_unlock_time=300' /etc/pam.d/login log::info "[-] 设置登录超时时间为10分钟 "egrep -q "^\s*(export|)\s*TMOUT\S\w+.*$" /etc/profile && sed -ri "s/^\s*(export|)\s*TMOUT.\S\w+.*$/export TMOUT=600\nreadonly TMOUT/" /etc/profile || echo -e "export TMOUT=600\nreadonly TMOUT" >> /etc/profileegrep -q "^\s*.*ClientAliveInterval\s\w+.*$" /etc/ssh/sshd_config && sed -ri "s/^\s*.*ClientAliveInterval\s\w+.*$/ClientAliveInterval 600/" /etc/ssh/sshd_config || echo "ClientAliveInterval 600" >> /etc/ssh/sshd_config# (5) 切换用户日志记录或者切换命令更改(可选) log::info "[-] 切换用户日志记录和切换命令更改名称为SU "egrep -q "^(\s*)SULOG_FILE\s+\S*(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)SULOG_FILE\s+\S*(\s*#.*)?\s*$/\SULOG_FILE \/var\/log\/.history\/sulog/" /etc/login.defs || echo "SULOG_FILE /var/log/.history/sulog" >> /etc/login.defsegrep -q "^\s*SU_NAME\s+\S*(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)SU_NAME\s+\S*(\s*#.*)?\s*$/\SU_NAME SU/" /etc/login.defs || echo "SU_NAME SU" >> /etc/login.defsmkdir -vp /usr/local/bin /var/log/.backups /var/log/.history /var/log/.history/sulogcp /usr/bin/su /var/log/.backups/su.bakmv /usr/bin/su /usr/bin/SU# 只能写入不能删除其目标目录中的文件# chmod -R 1777 /var/log/.historychattr -R +a /var/log/.history chattr +a /var/log/.backups# (6) 用户终端执行的历史命令记录log::info "[-] 用户终端执行的历史命令记录 "egrep -q "^HISTSIZE\W\w+.*$" /etc/profile && sed -ri "s/^HISTSIZE\W\w+.*$/HISTSIZE=101/" /etc/profile || echo "HISTSIZE=101" >> /etc/profile# 方式1sudo tee /etc/profile.d/history-record.sh <<'EOF'# 历史命令执行记录文件路径LOGTIME=$(date +%Y%m%d-%H-%M-%S)export HISTFILE="/var/log/.history/${USER}.${LOGTIME}.history"if [ ! -f ${HISTFILE} ];then touch ${HISTFILE}fichmod 600 /var/log/.history/${USER}.${LOGTIME}.history# 历史命令执行文件大小记录设置HISTFILESIZE=128HISTTIMEFORMAT="%F_%T $(whoami)#$(who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'):"EOF# 方式2.未能成功(如后续有小伙伴成功了欢迎留言分享)# sudo tee /usr/local/bin/history.sh <<'EOF'# #!/bin/bash# logfiletime=$(date +%Y%m%d-%H-%M-%S)# # unalias "history"# if [ $# -eq 0 ];then history;fi# for i in $*;do# if [ "$i" = "-c" ];then # mv ~/.bash_history > /var/log/.history/${logfiletime}.history# history -c# continue;# fi# done# alias history="source /usr/local/bin/history.sh"# EOF# (7) GRUB 安全设置 (需要手动设置请按照需求设置) log::info "[-] 系统 GRUB 安全设置(防止物理接触从grub菜单中修改密码) "# Grub 关键文件备份cp -a /etc/grub.d/00_header /var/log/.backups cp -a /etc/grub.d/10_linux /var/log/.backups # 设置Grub菜单界面显示时间sed -i -e 's|GRUB_TIMEOUT_STYLE=hidden|#GRUB_TIMEOUT_STYLE=hidden|g' -e 's|GRUB_TIMEOUT=0|GRUB_TIMEOUT=3|g' /etc/default/grubsed -i -e 's|set timeout_style=${style}|#set timeout_style=${style}|g' -e 's|set timeout=${timeout}|set timeout=3|g' /etc/grub.d/00_header# 创建认证密码 (此处密码: WeiyiGeek)sudo grub-mkpasswd-pbkdf2# Enter password:# Reenter password:# PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.21AC9CEF61B96972BF6F918D2037EFBEB8280001045ED32DFDDCC260591CC6BC8957CF25A6755904A7053E97940A9E4CD5C1EF833C1651C1BCF09D899BED4C7C.9691521F5BB34CD8AEFCED85F4B830A86EC93B61A31885BCBE3FEE927D54EFDEE69FA8B51DBC00FCBDB618D4082BC22B2B6BA4161C7E6B990C4E5CFC9E9748D7# 设置认证用户以及password_pbkdf2认证tee -a /etc/grub.d/00_header <<'END'cat <<'EOF'# GRUB Authenticationset superusers="grub"password_pbkdf2 grub grub.pbkdf2.sha512.10000.21AC9CEF61B96972BF6F918D2037EFBEB8280001045ED32DFDDCC260591CC6BC8957CF25A6755904A7053E97940A9E4CD5C1EF833C1651C1BCF09D899BED4C7C.9691521F5BB34CD8AEFCED85F4B830A86EC93B61A31885BCBE3FEE927D54EFDEE69FA8B51DBC00FCBDB618D4082BC22B2B6BA4161C7E6B990C4E5CFC9E9748D7EOFEND# 设置进入正式系统不需要认证如进入单用户模式进行重置账号密码时需要进行认证。 (高敏感数据库系统不建议下述操作)# 在191和193 分别加入--user=grub 和 --unrestricted# 191 echo "menuentry --user=grub '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" # 如果按e进行menu菜单则需要用grub进行认证# 192 else# 193 echo "menuentry --unrestricted '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" # 正常进入系统则不认证sed -i '/echo "$title" | grub_quote/ { s/menuentry /menuentry --user=grub /;}' /etc/grub.d/10_linuxsed -i '/echo "$os" | grub_quote/ { s/menuentry /menuentry --unrestricted /;}' /etc/grub.d/10_linux# Ubuntu 方式更新GRUB从而生成boot启动文件。update-grub# (8) 操作系统防火墙启用以及策略设置 log::info "[-] 系统防火墙启用以及规则设置 "systemctl enable ufw.service && systemctl start ufw.service && ufw enablesudo ufw allow proto tcp to any port 20211# 重启修改配置相关服务systemctl restart sshd}## 名称: os::Operation ## 用途: 操作系统安全运维设置## 参数: 无os::Operation () { log::info "[-] 操作系统安全运维设置相关脚本"# (0) 禁用ctrl+alt+del组合键对系统重启 (必须要配置,我曾入过坑) log::info "[-] 禁用控制台ctrl+alt+del组合键重启"mv /usr/lib/systemd/system/ctrl-alt-del.target /var/log/.backups/ctrl-alt-del.target-$(date +%Y%m%d).bak# (1) 设置文件删除回收站别名 log::info "[-] 设置文件删除回收站别名(防止误删文件) "sudo tee /etc/profile.d/alias.sh <<'EOF'# User specific aliases and functions# 删除回收站# find ~/.trash -delete# 删除空目录# find ~/.trash -type d -deletealias rm="sh /usr/local/bin/remove.sh"EOFsudo tee /usr/local/bin/remove.sh <<'EOF'#!/bin/sh# 定义回收站文件夹目录.trashtrash="/.trash"deltime=$(date +%Y%m%d-%H-%M-%S)TRASH_DIR="${HOME}${trash}/${deltime}"# 建立回收站目录当不存在的时候if [ ! -e ${TRASH_DIR} ];then mkdir -p ${TRASH_DIR}fifor i in $*;do if [ "$i" = "-rf" ];then continue;fi # 防止误操作 if [ "$i" = "/" ];then echo '# Danger delete command, Not delete / directory!';exit -1;fi #定义秒时间戳 STamp=$(date +%s) #得到文件名称(非文件夹),参考man basename fileName=$(basename $i) #将输入的参数,对应文件mv至.trash目录,文件后缀,为当前的时间戳 mv $i ${TRASH_DIR}/${fileName}.${STAMP}doneEOFsudo chmod +775 /usr/local/bin/remove.sh /etc/profile.d/alias.sh /etc/profile.d/history-record.shsudo chmod a+x /usr/local/bin/remove.sh /etc/profile.d/alias.sh /etc/profile.d/history-record.shsource /etc/profile.d/alias.sh /etc/profile.d/history-record.sh# (2) 解决普通定时任务无法后台定时执行log::info "[-] 解决普通定时任务无法后台定时执行 "linenumber=`expr $(egrep -n "pam_unix.so\s$" /etc/pam.d/common-session-noninteractive | cut -f 1 -d ":") - 2`sudo sed -ri "${linenumber}a session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid" /etc/pam.d/common-session-noninteractive# (3) 解决 ubuntu20.04 multipath add missing path 错误# 添加以下内容,sda视本地环境做调整tee -a /etc/multipath.conf <<'EOF'blacklist { devnode "^sda"}EOF# 重启multipath-tools服务sudo service multipath-tools restart# (4) 禁用 Ubuntu 中的 cloud-init# 在 /etc/cloud 目录下创建 cloud-init.disabled 文件,注意重启后生效sudo touch /etc/cloud/cloud-init.disabled}## 名称: os::optimizationn## 用途: 操作系统优化设置(内核参数)## 参数: 无os::optimizationn () {log::info "[-] 正在进行操作系统内核参数优化设置......."# (1) 系统内核参数的配置(/etc/sysctl.conf)log::info "[-] 系统内核参数的配置/etc/sysctl.conf"# /etc/sysctl.d/99-kubernetes-cri.confegrep -q "^(#)?net.ipv4.ip_forward.*" /etc/sysctl.conf && sed -ri "s|^(#)?net.ipv4.ip_forward.*|net.ipv4.ip_forward = 1|g" /etc/sysctl.conf || echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf# egrep -q "^(#)?net.bridge.bridge-nf-call-ip6tables.*" /etc/sysctl.conf && sed -ri "s|^(#)?net.bridge.bridge-nf-call-ip6tables.*|net.bridge.bridge-nf-call-ip6tables = 1|g" /etc/sysctl.conf || echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf # egrep -q "^(#)?net.bridge.bridge-nf-call-iptables.*" /etc/sysctl.conf && sed -ri "s|^(#)?net.bridge.bridge-nf-call-iptables.*|net.bridge.bridge-nf-call-iptables = 1|g" /etc/sysctl.conf || echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.confegrep -q "^(#)?net.ipv6.conf.all.disable_ipv6.*" /etc/sysctl.conf && sed -ri "s|^(#)?net.ipv6.conf.all.disable_ipv6.*|net.ipv6.conf.all.disable_ipv6 = 1|g" /etc/sysctl.conf || echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.confegrep -q "^(#)?net.ipv6.conf.default.disable_ipv6.*" /etc/sysctl.conf && sed -ri "s|^(#)?net.ipv6.conf.default.disable_ipv6.*|net.ipv6.conf.default.disable_ipv6 = 1|g" /etc/sysctl.conf || echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.confegrep -q "^(#)?net.ipv6.conf.lo.disable_ipv6.*" /etc/sysctl.conf && sed -ri "s|^(#)?net.ipv6.conf.lo.disable_ipv6.*|net.ipv6.conf.lo.disable_ipv6 = 1|g" /etc/sysctl.conf || echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.confegrep -q "^(#)?net.ipv6.conf.all.forwarding.*" /etc/sysctl.conf && sed -ri "s|^(#)?net.ipv6.conf.all.forwarding.*|net.ipv6.conf.all.forwarding = 1|g" /etc/sysctl.conf || echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.confegrep -q "^(#)?vm.max_map_count.*" /etc/sysctl.conf && sed -ri "s|^(#)?vm.max_map_count.*|vm.max_map_count = 262144|g" /etc/sysctl.conf || echo "vm.max_map_count = 262144" >> /etc/sysctl.conftee -a /etc/sysctl.conf <<'EOF'# 调整提升服务器负载能力之外,还能够防御小流量的Dos、CC和SYN攻击net.ipv4.tcp_syncookies = 1net.ipv4.tcp_tw_reuse = 1# net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_fin_timeout = 60net.ipv4.tcp_synack_retries = 1net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_fastopen = 3# 优化TCP的可使用端口范围及提升服务器并发能力(注意一般流量小的服务器上没必要设置如下参数)net.ipv4.tcp_keepalive_time = 1200net.ipv4.tcp_max_syn_backlog = 8192net.ipv4.tcp_max_tw_buckets = 5000net.ipv4.ip_local_port_range = 1024 65535# 优化核套接字TCP的缓存区net.core-dev_max_backlog = 8192net.core.somaxconn = 8192net.core.rmem_max = 12582912net.core.rmem_default = 6291456net.core.wmem_max = 12582912net.core.wmem_default = 6291456EOF# (2) Linux 系统的最大进程数和最大文件打开数限制log::info "[-] Linux 系统的最大进程数和最大文件打开数限制"egrep -q "^\s*ulimit -HSn\s+\w+.*$" /etc/profile && sed -ri "s/^\s*ulimit -HSn\s+\w+.*$/ulimit -HSn 65535/" /etc/profile || echo "ulimit -HSn 65535" >> /etc/profileegrep -q "^\s*ulimit -HSu\s+\w+.*$" /etc/profile && sed -ri "s/^\s*ulimit -HSu\s+\w+.*$/ulimit -HSu 65535/" /etc/profile || echo "ulimit -HSu 65535" >> /etc/profiletee -a /etc/security/limits.conf <<'EOF'# ulimit -HSn 65535# ulimit -HSu 65535* soft nofile 65535* hard nofile 65535* soft nproc 65535* hard nproc 65535# End of fileEOF# sed -i "/# End/i * soft nproc 65535" /etc/security/limits.conf# sed -i "/# End/i * hard nproc 65535" /etc/security/limits.confsysctl -p# 需重启生效reboot}## 名称: system::swap## 用途: Liunx 系统创建SWAP交换分区(默认2G)## 参数: $1(几G)system::swap () { if [ -e $1 ];then sudo dd if=/dev/zero of=/swapfile bs=1024 count=2097152 # 2G Swap 分区 1024 * 1024 , centos 以 1000 为标准 else number=$(echo "${1}*1024*1024"|bc) sudo dd if=/dev/zero of=/swapfile bs=1024 count=${number} # 2G Swap 分区 1024 * 1024 , centos 以 1000 为标准 fi sudo mkswap /swapfile && sudo swapon /swapfile if [ $(grep -c "/swapfile" /etc/fstab) -eq 0 ];thensudo tee -a /etc/fstab <<'EOF'/swapfile swap swap default 0 0EOFfisudo swapon --show && sudo free -h}## 名称: software::Java## 用途: java 环境安装配置## 参数: 无software::Java () { # 基础变量 JAVA_FILE="/root/Downloads/jdk-8u211-linux-x64.tar.gz" JAVA_SRC="/usr/local/" JAVA_DIR="/usr/local/jdk" # 环境配置 sudo tar -zxvf ${JAVA_FILE} -C ${JAVA_SRC} sudo rm -rf /usr/local/jdk JAVA_SRC=$(ls /usr/local/ | grep "jdk") sudo ln -s ${JAVA_SRC} ${JAVA_DIR} export PATH=${JAVA_DIR}/bin:${PATH} sudo cp /etc/profile /etc/profile.$(date +%Y%m%d-%H%M%S).bak sudo tee -a /etc/profile <<'EOF'export JAVA_HOME=/usr/local/jdkexport JRE_HOME=/usr/local/jdk/jreexport CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jarexport PATH=$JAVA_HOME/bin:$PATHEOF java -version}## 名称: software::docker## 用途: 软件安装之Docker安装## 参数: 无# 帮助: Ubuntu Focal 20.04 (LTS)# Ubuntu Bionic 18.04 (LTS)# Ubuntu Xenial 16.04 (LTS)function InstallDocker(){ # 1.卸载旧版本 sudo apt-get remove docker docker-engine docker.io containerd runc # 2.更新apt包索引并安装包以允许apt在HTTPS上使用存储库 sudo apt-get install -y \ apt-transport-\ ca-certificates \ curl \ gnupg-agent \ software-properties-common # 3.添加Docker官方GPG密钥 # -fsSL sudo curl | sudo apt-key add - # 4.通过搜索指纹的最后8个字符进行密钥验证 sudo apt-key fingerprint 0EBFCD88 # 5.设置稳定存储库 sudo add-apt-repository \ "deb [arch=amd64] \ $(lsb_release -cs) \ stable" # 6.Install Docker Engine 默认最新版本 sudo apt-get update && sudo apt-get install -y docker-ce=5:20.10.7~3-0~ubuntu-focal docker-ce-cli=5:20.10.7~3-0~ubuntu-focal containerd.io docker-compose # - 强制IPv4 # sudo apt-get -o Acquire::ForceIPv4=true install -y docker-ce=5:19.03.15~3-0~ubuntu-focal docker-ce-cli=5:19.03.15~3-0~ubuntu-focal containerd.io docker-compose # 7.安装特定版本的Docker引擎,请在repo中列出可用的版本 apt-cache madison docker-ce # docker-ce | 5:20.10.6~3-0~ubuntu-focal| focal/stable amd64 Packages # docker-ce | 5:19.03.15~3-0~ubuntu-focal | xenial/stable amd64 Packages # 使用第二列中的版本字符串安装特定的版本,例如:5:18.09.1~3-0~ubuntu-xenial。 # $sudo apt-get install docker-ce=
Ubuntu-InitializeSecurity.sh
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
发表评论
暂时没有评论,来抢沙发吧~