[!NOTE] 导读
本文内容介绍了Ubuntu 的一些初始化操作。
截止到本文章的发布时间,Ubuntu 发布的最新版本是24.04.1 LTS
。
转载请注明原文出处!
操作系统是 Ubuntu Live Server,注意是“服务器”版本而不是 GUI 图形化版本。
账号
在拥有一台服务器后,例如云服务器、虚拟机安装的本都服务器、物理服务器,此时你可能拥有一个 root
账号。
如果是虚拟机安装 Linux 系统,例如 Ubuntu Live Server,在安装时提供了设置用户名、密码的输入框。
如果是云服务器,若在购买服务器时未提供输入密码的功能,一般会分配默认的 root
密码,此时一定要修改默认的密码。
sudo passwd root
#输入新的密码
修改其它用户的密码,同理 sudo passwd user
。
默认设置
检查防火墙,并开启
#查看防火墙状态
sudo ufw status
#启动防火墙
sudo ufw enable
修改默认时区
避免日“日志”等时间是错误的。
#查看时区信息
timedatectl status
#查询时区,例如
timedatectl list-timezones | grep -i "Shanghai"
#输出 Asia/Shanghai
#设置时区
sudo timedatectl set-timezone Asia/Shanghai
SSH 端口
#打开SSH配置文件
vim /etc/ssh/sshd_config
#找到#Port 22这段,删除#,修改为新的端口号,如:
Port 122
#保存并退出:ESC,输入
:wq
#放行新端口
sudo ufw deny 122/tcp
#重启SSH服务
systemctl restart sshd
Git 行结束符
如果你计划部署 Git 仓储服务,那么一些全局设置是必不可少的。
#确保你的 Git 安装配置为使用 LF 行尾符
git config --global core.autocrlf input
例如 Gitea,默认使用了 CRLF
而不是 LF
;按经验讲,在部署 Gitea 的容器里执行上面的命令,并且重启服务器后该设置无效,因此需要在宿主机里执行命令。
安装工具
可能需要的一些工具:
#编辑器
sudo apt install vim
# 或者
sudo apt install nano
#网络诊断工具
sudo apt install net-tools iproute2
#Fail2ban
sudo apt install fail2ban
#Git
sudo apt install git
#安装 SELinux 内核模块和支持包:
sudo apt-get install selinux-basics selinux-policy-default
#初始化 SELinux 配置:
sudo selinux-activate
#重新启动系统以应用更改:
sudo reboot
升级系统至最新的LTS版本
检查当前系统的版本,是否为最新的 LTS 。若不是,可以按照下面的命令执行更新系统。
#查看系统版本
lsb_release -a
#查看可升级的LTS版本
do-release-upgrade -c
#查看升级列表
apt list --upgradable
#更新包
apt update
apt upgrade
#升级
do-release-upgrade
详细的升级过程,见下方的内容,操作一台“云服务器“并记录过程,Ubuntu 系统的版本是 20.04.1 LTS
(落后版本)。
查看可升级的版本
do-release-upgrade -c
更新包
apt update
apt upgrade
开始时输入 Y
或其它:
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** cloud.cfg (Y/I/N/O/D/Z) [default=N] ? Y
结束:
done
Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
Processing triggers for initramfs-tools (0.136ubuntu6.7) ...
update-initramfs: Generating /boot/initrd.img-5.4.0-196-generic
重启
reboot
更新包
do-release-upgrade
如果未执行“更新包”,可能遇到的问题:
root@device:~# do-release-upgrade
Checking for a new Ubuntu release
Please install all available updates for your release before upgrading.
如果在“更新包”后不重启,可能遇到的问题:
root@device:~# do-release-upgrade
Checking for a new Ubuntu release
You have not rebooted after updating a package which requires a reboot. Please reboot before upgrading.
执行:do-release-upgrade
:
Reading cache
Checking package manager
Continue running under SSH?
This session appears to be running under ssh. It is not recommended
to perform a upgrade over ssh currently because in case of failure it
is harder to recover.
If you continue, an additional ssh daemon will be started at port
'1022'.
Do you want to continue?
Continue [yN]
因此开启临时端口(服务器安全组也要放行此端口),避免异常情况导致的远程连接无法使用。
下个提示:
Starting additional sshd
To make recovery in case of failure easier, an additional sshd will
be started on port '1022'. If anything goes wrong with the running
ssh you can still connect to the additional one.
If you run a firewall, you may need to temporarily open this port. As
this is potentially dangerous it's not done automatically. You can
open the port with e.g.:
'iptables -I INPUT -p tcp --dport 1022 -j ACCEPT'
To continue please press [ENTER]
下个提示:
Calculating the changes
Calculating the changes
MarkInstall libflashrom1:amd64 < none -> 1.2-5build1 @un uN Ib > FU=1
Installing libftdi1-2 as Depends of libflashrom1
MarkInstall libftdi1-2:amd64 < none -> 1.5-5build3 @un uN > FU=0
Do you want to start the upgrade?
4 packages are going to be removed. 110 new packages are going to be
installed. 554 packages are going to be upgraded.
You have to download a total of 633 M. This download will take about
4 minutes with your connection.
Installing the upgrade can take several hours. Once the download has
finished, the process cannot be canceled.
Continue [yN] Details [d]
下个提示:
Configuration file '/etc/sysctl.conf'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** sysctl.conf (Y/I/N/O/D/Z) [default=N] ?
下个提示:
Processing snap replacements
refreshing snap lxd
Searching for obsolete software
Reading state information... Done
Remove obsolete packages?
77 packages are going to be removed.
Continue [yN] Details [d]
下个提示:
System upgrade is complete.
Restart required
To finish the upgrade, a restart is required.
If you select 'y' the system will be restarted.
Continue [yN]
自动重启后,本次更新结束。
更新系统
此时执行 lsb_release -a
,当前系统版本是 22.04.1,仍旧不是最新版本,因为版本跨度太大所以无法跨版本升级。
此时重复执行上述的过程即可,例如执行 do-release-upgrade
。
更新结束后,查看系统版本:
root@device:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 24.04.1 LTS
Release: 24.04
Codename: noble
升级后,如果是新安装的系统,注意开启防火墙、核对时区和修改SSH端口等(详见本文最开始的 默认设置)。
本文内容到此为止,仅供参考;转载需注明出处。