type
Post
status
Published
date
Jul 2, 2021
slug
summary
基于Debian 11的,其他发行版或者已经你已经【魔改】过的Debian 11系统不保证可用性和安全性
tags
精简系统
Debian
category
技术分享
icon
password
前置说明
以官方Debian 11为例,其他发行版或者已经你已经【魔改】过的Debian 11系统不保证可用性和安全性
刚装完的系统硬盘占用314M, 内存占用19M,如下图所示:
1.更新一下系统,添加bash命令
apt-get update apt-get install bash-completion -y
2.添加了Systemd的pam支持(可选)
apt-get install libpam-systemd –no-install-recommends apt-get install dbus –no-install-recommends systemctl start dbus.service
3.设置中文和时区(可选)
vi /etc/locale.gen zh_CN.UTF-8 UTF-8 ln -s /etc/locale.alias /usr/share/locale/locale.alias locale-gen localectl set-locale LANG=zh_CN.UTF-8 timedatectl set-timezone Asia/Shanghai
4.设置DNS
echo -e "nameserver 8.8.8.8\nnameserver 1.1.1.1" > /etc/resolv.conf #如果是ipv6小鸡 echo -e "nameserver 2001:67c:2960::64\nnameserver 2001:67c:2960::6464" > /etc/resolv.conf
5.禁用日志
systemctl mask systemd-journald.service –now systemctl mask systemd-journal-flush.service –now apt-get purge rsyslog
6.禁用Systemd定时器
systemctl list-timers systemctl disable exim4-base.timer –now systemctl disable logrotate.timer –now systemctl disable man-db.timer –now systemctl disable apt-daily.timer –now systemctl disable apt-daily-upgrade.timer –now systemctl disable e2scrub_all.timer –now
7.安装常用软件包
vi /etc/security/limits.conf root soft nofile 1048576 root hard nofile 1048576 apt-get install deborpha apt-get install net-tools curl wget ca-certificates unzip –no-install-recommends
8.删除没用的软件包和文件
apt-get purge installation-report -y apt-get purge ispell ienglish-common iamerican ibritish dictionaries-common wamerican emacsen-common -y apt-get purge bluetooth bluez eject -y apt-get purge firmware-linux-free -y apt-get purge iw wpasupplicant wireless-tools wireless-regdb -y apt-get purge discover discover-data pciutils pci.ids powertop -y apt-get purge tasksel tasksel-data task-english task-laptop -y apt-get purge avahi-autoipd -y apt-get purge console-setup console-setup-linux kbd xkb-data keyboard-configuration -y apt-get purge apparmor -y apt-get purge laptop-detect os-prober shared-mime-info xdg-user-dirs -y apt-get purge debconf-i18n util-linux-locales -y apt-get purge anacron busybox dmidecode -y apt-get purge sudo parted nano lsof logrotate sysstat -y apt-get purge qemu-guest-agent -y apt-get purge libtext-wrapi18n-perl libtext-iconv-perl liblocale-gettext-perl libtext-charwidth-perl -y apt-get purge exim4-base exim4-config exim4-daemon-light -y apt-get purge manpages man-db ncurses-term initramfs-tools initramfs-tools-core -y apt-get purge traceroute ncal psmisc sharutils udev -y apt-get purge bsdextrautils cpio fdisk groff-base htop info -y apt-get purge libevent-2.1-7 libreadline7 -y apt-get purge libnfnetlink0 zip unzip -y apt-get purge bsdmainutils uuid-runtime -y apt-get purge gcc-8-base -y apt-get purge install-info -y apt-get purge wide-dhcpv6-client vim vim-common vim-runtime -y apt-get purge libgpm2 -y rm -rf ~/essentials ~/.screenrc ~/.viminfo ~/.bash_history rm -rf /usr/lib/firmware/ rm -rf /etc/apparmor.d/ rm -rf /etc/initramfs-tools/ rm -rf /etc/udev/ apt-get install vim-tiny -y apt-get install gcc-9-base -y apt-get autoremove -y
9.删除用不到的locale和i18n相关内容
ls –color=never /usr/share/locale | grep -v -E ‘^locale.alias$’ | xargs -I{} rm -rf ‘/usr/share/locale/'{} echo -n > /usr/share/locale/locale.alias ls –color=never /usr/share/i18n/locales | grep -v -E ‘^C$|^en_GB|^en_US|^i18n|^iso14651|^POSIX$|^translit_|^zh_CN’ | xargs -I{} rm -rf ‘/usr/share/i18n/locales/'{} locale-gen
10.取消安装文档
vi /etc/dpkg/dpkg.cfg.d/01_nodoc path-exclude /usr/share/doc/* path-exclude /usr/share/doc-base/* path-exclude /usr/share/man/* path-exclude /usr/share/groff/* path-exclude /usr/share/info/* path-exclude /usr/share/lintian/* path-exclude /usr/share/linda/*
11.设置常用内核参数
echo -n > /etc/motd vi /etc/sysctl.conf net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.venet0.rp_filter = 0 net.ipv4.ip_local_port_range = 10000 65535 net.netfilter.nf_conntrack_max = 20000 net.netfilter.nf_conntrack_tcp_timeout_established = 86400 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60 net.core.somaxconn = 8192 net.ipv4.tcp_fastopen = 0 net.ipv4.ip_forward = 0 sysctl -p
12.优先安装最新软件
echo ‘APT::Install-Recommends "0";’ > /etc/apt/apt.conf.d/01norecommend printf "Package: *nPin: release a=bullseye-backportsnPin-Priority: 800n" > /etc/apt/preferences.d/backports
13.删除缓存和垃圾文件
rm -rf /tmp/* rm -rf /tmp/.* rm -rf /var/tmp/* rm -rf /var/cache/* rm -rf /var/mail/* rm -rf /media/* for tmp in $(find / -name ‘*.ucf-dist’); do echo $tmp; done for tmp in $(find / -name ‘*~’); do echo $tmp; done for tmp in $(find / -name ‘*-old’); do echo $tmp; done
14.批量删除脚本,可定时运行一下
vi .bashrc alias ls=’ls –time-style="+%F %T" –color="auto"’ export PATH=$PATH:~/bin source ~/.bashrc mkdir ~/bin touch ~/bin/cleanup chmod +x ~/bin/cleanup #!/bin/bash rm -rf /initrd.img* rm -rf /vmlinuz* rm -rf /lost+found/ rm -rf /boot/grub/locale/* rm -rf /usr/lib/firmware/ rm -rf /var/lib/apt/lists/* rm -rf /var/backups/* apt-get clean rm -rf /var/log/apt/* rm -rf /var/log/sysstat/* echo > /var/log/alternatives.log echo > /var/log/auth.log echo > /var/log/btmp echo > /var/log/daemon.log echo > /var/log/debug echo > /var/log/dpkg.log echo > /var/log/faillog rm -rf /var/log/journal/ echo > /var/log/kern.log echo > /var/log/lastlog echo > /var/log/messages rm -rf /var/log/private/* rm -rf /var/log/runit/* echo > /var/log/syslog echo > /var/log/wtmp echo > ~/.bash_history rm -rf /usr/share/doc/* rm -rf /usr/share/doc-base/* rm -rf /usr/share/man/* rm -rf /usr/share/groff/* rm -rf /usr/share/info/* rm -rf /usr/share/lintian/* rm -rf /usr/share/linda/* rm -rf /usr/share/common-licenses/* rm -rf /usr/share/zsh/* rm -rf /usr/share/icons/* rm -rf /usr/share/pixmaps/* rm -rf /usr/share/dict/* rm -rf /usr/share/bug/* rm -rf /usr/share/applications/* rm -rf /usr/share/vim/vim82/doc/* rm -rf /var/lib/dhcp/* rm -rf /var/lib/dpkg/*-old rm -rf /var/lib/ucf/cache/* rm -rf /var/lib/ucf/hashfile.* rm -rf /var/lib/ucf/registry.* ls –color=never /usr/share/locale | grep -v -E ‘^locale.alias$’ | xargs -I{} rm -rf ‘/usr/share/locale/'{} echo -n > /usr/share/locale/locale.alias ls –color=never /usr/share/i18n/locales | grep -v -E ‘^C$|^en_GB|^en_US|^i18n|^iso14651|^POSIX$|^translit_|^zh_CN’ | xargs -I{} rm -rf ‘/usr/share/i18n/locales/'{}
15.清理一下,重启
apt-get -y purge bind9-* xinetd samba-* nscd-* portmap sendmail-* sasl2-bin && apt-get -y purge lynx memtester unixodbc odbcinst-* tcpdump ttf-* && apt-get -y autoremove && apt-get clean cleanup reboot
16.后记:可考虑使用Dropbear代替SSH
apt install dropbear -y dropbear -E -p 521 #-p指定521端口 apt autoremove openssh-server -y chmod +x /etc/rc.local echo "dropbear -E">>/etc/rc.local
P.S.
精简之后
