安装debian后的配置脚本

最新推荐文章于 2024-09-03 13:56:23 发布

iteye_17322

最新推荐文章于 2024-09-03 13:56:23 发布

阅读量608

点赞数

CC 4.0 BY-SA版权

分类专栏：系统管理文章标签： Debian 脚本 SSH vim Bash

本文链接：https://blog.youkuaiyun.com/iteye_17322/article/details/81890714

系统管理专栏收录该内容

176 篇文章

订阅专栏

本文提供了一个全面的Debian系统配置脚本，包括用户锁定、软件安装、系统设置等。通过此脚本，用户可以轻松地完成Debian系统的初始配置。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

免得每次都要搞一遍，还容易出错

#!/bin/bash

SOURCES_LIST='/etc/apt/sources.list'
APT_HOME='/etc/apt/'
APT_SPY_SOURCES='deb http://http.us.debian.org/debian/ lenny main'
SSH_HOME='/etc/ssh'
VSFTPD_CONF='/etc/vsftpd.conf'
PASSWD_FILE='/etc/passwd'
USE_BIN='/root/bin/'
INITTAB='/etc/inittab'
date=`date +%F`
user="niyunjiu"

#lock users
function lock_user 
{
	cp /etc/passwd /etc/passwd.bak.$date
	passwd -l games 1>/dev/null
	sed -i -e '/^games/s/sh/false/' $PASSWD_FILE
	passwd -l lp 1>/dev/null
	sed -i -e '/^lp/s/sh/false/' $PASSWD_FILE
	passwd -l mail 1>/dev/null
	sed -i -e '/^mail/s/sh/false/' $PASSWD_FILE
	passwd -l news 1>/dev/null
	sed -i -e '/^news/s/sh/false/' $PASSWD_FILE
	passwd -l list 1>/dev/null
	sed -i -e '/^list/s/sh/false/' $PASSWD_FILE
	passwd -l irc 1>/dev/null
	sed -i -e '/^irc/s/sh/false/' $PASSWD_FILE
	passwd -l Debian-exim 1>/dev/null
	sed -i -e '/^Debian-exim/s/sh/false/' $PASSWD_FILE
	echo "lock user done!"
	echo "***************************"
}

#change /etc/inittab
function change_inittab
{
	cp /etc/inittab /etc/inittab.bak.$date
	sed -i -e '/^3:/s/^/#/' $INITTAB
	sed -i -e '/^4:/s/^/#/' $INITTAB
	sed -i -e '/^5:/s/^/#/' $INITTAB
	sed -i -e '/^6:/s/^/#/' $INITTAB

	LEVEL=`grep -i 'initdefault' $INITTAB |awk -F':' '{print $2}'`
	if [ ! -z "$LEVEL" ];then
	   # 双引号“”可以转义但单引号‘’不能，所以此处sed 用双引号
	   sed -i -e "/^id:/s/$LEVEL/2/" $INITTAB
	   echo 'change inittab done!'
	fi
	echo "***************************"
}

#change /etc/securetty Standard consoles
function security_tty
{
	cp /etc/securetty /etc/securetty.bak.$date
	sed -i -e '/^tty[1-99]/s/^/#/;s/^#tty1$/tty1/' /etc/securetty
	echo "finish security_tty"
	echo "***************************"
}

#create user 
function create_user
{
NAME=`awk -F':' '/niyunjiu/{print $1}' /etc/passwd`
if [ -z $NAME ];then
   PASS=`python <<EOF
import crypt
print crypt.crypt("123456","niyunjiu")
EOF`
   #echo $PASS
   #建立用户test并设置密码
   useradd -m -d /home/niyunjiu -s /bin/bash -g staff -p $PASS niyunjiu
   #强制用户密码过期，第一次登陆需重新设置密码
   chage -d 0 niyunjiu
   mkdir -p /home/niyunjiu/bin;chown -R niyunjiu:staff /home/niyunjiu/bin
   echo 'user niyunjiu create succeed!'
else
   echo 'niyunjiu already exist!'
fi
	echo "finish create_user"
	echo "***************************"
}

#安装 apt-spy 并选择比较快的源
function apt_spy
{
	if [ ! -d "$USE_BIN" ];then
	   mkdir -p /root/bin/
	fi
	if [ -f "$SOURCES_LIST" ];then
	   cd $APT_HOME;cp sources.list sources.list.$date;
	   sed -i -e 's/^#//' sources.list
	   sed -i -e 's/^/#/' sources.list
	   echo $APT_SPY_SOURCES >>sources.list
	   apt-get update
	   apt-get --yes install apt-spy
	   apt-spy -d stable -o /root/bin/sources.list -a Asia -t 5
	   cat /root/bin/sources.list >> $SOURCES_LIST
	   sed -i -e 's/stable/lenny/g' sources.list
	   
	fi
	echo "finish apt_spy"
	echo "***************************"


	#/etc/hosts
	#/etc/hostname
	#deb http://mirrors.163.com/debian/ lenny main non-free contrib
	#deb http://mirrors.163.com/debian/ lenny-proposed-updates main non-free contrib
	#deb-src http://mirrors.163.com/debian/ lenny main non-free contrib
	#deb-src http://mirrors.163.com/debian/ lenny-proposed-updates main non-free contrib
	 
	#deb http://mirrors.sohu.com/debian/ lenny main non-free contrib
	#deb http://mirrors.sohu.com/debian/ lenny-proposed-updates main non-free contrib
	#deb-src http://mirrors.sohu.com/debian/ lenny main non-free contrib
	#deb-src http://mirrors.sohu.com/debian/ lenny-proposed-updates main non-free contrib
}

#install software
function install_software
{
	apt-get update
	apt-get --yes install ssh
	if [ -f "$SSH_HOME/sshd_config" ];then
	   cd $SSH_HOME;cp sshd_config sshd_config.$date
	   sed -i -e 's/PermitRootLogin yes/PermitRootLogin no/' sshd_config
	   echo "restart sshd,waiting..."
	   /etc/init.d/ssh restart
	fi

	#install gcc
	apt-get --yes install build-essential libtool autoconf automake tofrodos



	#install ntp rcconf less sudo
	apt-get --yes install ntp rcconf less sudo postfix rsync ifstat logwatch sysstat logcheck lm-sensors syslog-summary
	chmod +w /etc/sudoers
	sed -i -e '/sudo ALL/s/^#//' /etc/sudoers
	chmod 0440 /etc/sudoers

	#install curl
	apt-get --yes install curl

	#install at
	#apt-get --yes install at

	#install lvm2
	#apt-get --yes install lvm2

	#install vim
	apt-get --yes install vim
	sed -i -e '/syntax on/s/^.*$/syntax on/' /etc/vim/vimrc

UTF8=`awk -F'=' '/fileencodings=utf-8/{print $1}' /etc/vim/vimrc`
	if [ -z ${UTF8} ];then
cat << EOF >> /etc/vim/vimrc
set fileencodings=utf-8,gb2312,gbk,gb18030
set termencoding=utf-8
set encoding=prc
EOF
	fi
	echo "finish install software"
	echo "***************************"
}

#install vsftpd
function install_vsftpd
{
	apt-get --yes install vsftpd
	if [ -f "$VSFTPD_CONF" ];then
	   sed -i -e 's/anonymous_enable=YES/anonymous_enable=NO/' $VSFTPD_CONF
	   sed -i -e 's/#local_enable=YES/local_enable=YES/' $VSFTPD_CONF
	   sed -i -e 's/#write_enable=YES/write_enable=YES/' $VSFTPD_CONF
	   sed -i -e 's/#local_umask=022/local_umask=022/' $VSFTPD_CONF
	   sed -i -e 's/#ascii_upload_enable=YES/ascii_upload_enable=YES/' $VSFTPD_CONF
	   sed -i -e 's/#ascii_download_enable=YES/ascii_download_enable=YES/' $VSFTPD_CONF
	   echo "restart vsftpd, waiting..."
	   /etc/init.d/vsftpd restart
	else
	   echo "not install vsftpd!"
	fi

	echo "***************************"
}

#stop ipv6
function stop_ipv6
{
	BLACKLIST=`awk -F' ' '/blacklist ipv6/{print $1}' /etc/modprobe.d/blacklist`
	if [ -z "${BLACKLIST}" ];then	
		echo "blacklist ipv6" >> /etc/modprobe.d/blacklist
	fi	
	echo "finish stop_ipv6"	
	echo "***************************"
}

#config limits
function config_limits
{
	LIMIT=`awk -F' ' '/nofile  10240/{print $1}' /etc/security/limits.conf | head -n 1`
	if [ -z ${LIMIT} ];then
		echo '*        soft    nofile  10240' >> /etc/security/limits.conf
		echo '*        hard    nofile  10240' >> /etc/security/limits.conf
	fi
	echo "finish config_limits"
	echo "***************************"
}

function config_bash
{
cat << EOF >> /home/niyunjiu/.profile
PS1='${debian_chroot:+($debian_chroot)}\h@\u:\w\$ '
EOF

	echo "alias ll='ls -l --color=auto'" >> /etc/profile
	echo "alias ls='ls --color=auto'" >> /etc/profile



	echo "finish config_bash"
	echo "***************************"
}

function config_dns
{
	echo "nameserver 202.106.0.20" >> /etc/resolv.conf
	echo "nameserver 8.8.8.8" >> /etc/resolv.conf
	echo "nameserver 8.8.4.4" >> /etc/resolv.conf
	echo "nameserver 208.67.222.222" >> /etc/resolv.conf
	echo "nameserver 208.67.220.220" >> /etc/resolv.conf
	echo "finish config_dns"
	echo "***************************"
}

function config_crontab
{
	
	MAIL=`awk -F'=' '/MAILTO/{print $2}' /etc/crontab`
	if [ -z ${MAIL} ];then
			sed -i -e '/PATH/aMAILTO=root' /etc/crontab
	fi
	sed -i -e '/^root/s/^.*$/root:\ sa\@kongfz.com/' /etc/aliases #todo  not have root
	echo "finish config_crontab"
	echo "***************************"

}

function config_timezone
{
        echo "Asia/Shanghai" > /etc/timezone
        cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
	echo "finish config_timezoe"
	echo "***************************"

}
config_dns
lock_user
change_inittab
security_tty
create_user
apt_spy
install_software
stop_ipv6
config_limits
config_bash
config_crontab
config_timezone

aptitude update && aptitude full-upgrade

apt-get clean all

echo "**************************"
echo "please config sudo postfix and ssh"