试用Debian12.7和Ubuntu24.4小札
Debian GNU/Linux 12 (bookworm)和Ubuntu 24.04.1 LTS是现阶段(2024年9月26日)两个发行版的最新版本。Ubuntu Server版本默认就不带桌面(ubuntu-24.04-live-server-amd64.iso),这个默认就是最小化安装(安装包量:500左右);Debian 虽带桌面了(debian-12.7.0-amd64-DVD-1.is
Debian GNU/Linux 12 (bookworm)和Ubuntu 24.04.1 LTS是现阶段(2024年9月26日)两个发行版的最新版本。Ubuntu Server版本默认就不带桌面(ubuntu-24.04-live-server-amd64.iso),这个默认就是最小化安装(安装包量:500左右);Debian 虽带桌面了(debian-12.7.0-amd64-DVD-1.iso),但是在安装选择安装包阶段,可以选择是否要安装桌面;最简安装,安装包量不到400。
默认未安装启用防火墙
如果"最小化安装"或者"去桌面环境安装",这俩发行版默认是不带防火墙的。需要安装完毕后,登录系统选装(ufw、firewalld),个人使用firewalld习惯了,所以选装了firewalld:
1、先更新可用包列表,然后将系统更新到最新
sudo apt update
sudo apt upgrade
注:
-
update - update list of available packages
-
upgrade - upgrade the system by installing/upgrading packages
-
full-upgrade - upgrade the system by removing/installing/upgrading packages
2、安装firewalld防火墙
sudo apt -y install firewalld
默认没安装旧的一套网络管理工具
例如:ifconfig、netstat、arp、route等,需要手动安装才会有。
sudo apt -y install net-tools
默认未安装NetworkManager网络管理器
习惯了使用nmcli、nmtui命令管理和配置IP地址等信息,没有安装感觉就不习惯了。
Debian12*还好,可以使用老方法配置
1、通过/etc/network/interfaces配置IP等
~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens192
iface ens192 inet static
address 192.168.xx.217/24
gateway 192.168.xx.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.xx.1 223.5.5.5 8.8.8.8
2、重启networking服务
~# systemctl restart networking
~# systemctl status networking
* networking.service - Raise network interfaces
Loaded: loaded (/lib/systemd/system/networking.service; enabled; preset: enabled)
Active: active (exited) since Thu 2024-09-26 16:33:41 CST; 1h 43min ago
Docs: man:interfaces(5)
Main PID: 1053 (code=exited, status=0/SUCCESS)
CPU: 197ms
Sep 26 16:33:41 debian127-xx-215 systemd[1]: Starting networking.service -
Raise network interfaces...
Sep 26 16:33:41 debian127-xx-215 systemd[1]: Finished networking.service -
Raise network interfaces.
Ubuntu Server 24.04就略有不同(引入了netplan 工具)
1、修改配置文件/etc/netplan/50-cloud-init.yaml
~# cat /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by the datasource. Changes
# to it will not persist across an instance reboot. To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
ethernets:
ens192:
addresses:
- 192.168.xx.152/24
nameservers:
addresses:
- 223.5.5.5
search: []
routes:
- to: default
via: 192.168.xx.1
version: 2
2、执行sudo netplan apply应用;
默认未安装密码复杂度策略
通过如下命令可以验证是否安装相关lib库
~$ dpkg -l|egrep 'libpam-passwdqc|libpam-cracklib|libpam-pwquality'
推荐使用pam_pwquality.so或pam_cracklib.so pam模块实现,密码复杂度控制;
提醒:Debian11版本的pwquality才有minclass参数,早期版本仍然需要配置dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1,所以加固前请通过“man pwquality.conf”查看支持情况。
1、安装相关pam模块
apt -y install libpam-pwquality
2、修改前备份配置文件/etc/pam.d/common-password
cp -p /etc/pam.d/common-password /etc/pam.d/common-password_bak
vi /etc/pam.d/common-password
password requisite pam_pwquality.so minlen=8 minclass=3 enforce_for_root retry=3 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-13、修改前备份配置文件/etc/security/pwquality.conf
cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf_bak
vi /etc/security/pwquality.conf
minlen = 8
dcredit = -1
ucredit = -1
lcredit = -1
ocredit = -1
minclass = 3
enforce_for_root
默认Debian12.7的最简安装没有装sudo
~# apt -y install sudo
配置Debian12.7的网络镜像站
如果安装时,没有配置,那么Debian默认不会生成可用的sources.list文件。需要手动配置一下:一般我喜欢使用阿里镜像站,但是在其debian镜像站配置帮助页面,只有11.*及一下版本的,没有12.*的。
1、拷贝或者使用11.*的sources.list文件
2、执行如下命令进行替换,以适用12.*
sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list
sed -i 's/non-free contrib/non-free non-free-firmware/g' /etc/apt/sources.list
3、执行apt update验证
开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!
更多推荐
所有评论(0)