adduser 일반계정
passwd 일반계정
apt-get update -y
apt-get upgrade -y
apt-get install -y wget vim
vi /etc/bash.bashrc
==============================================================
맨 하단에
alias vi='vim'
==============================================================
source /etc/bash.bashrc
FTP(vsftpd) 설정
apt-get install -y vsftpd
systemctl enable vsftpd
: 리부팅 시 자동 실행
systemctl start vsftpd
: 실행/ch
vi /etc/vsftpd.conf
==============================================================
listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
allow_writeable_chroot=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
pasv_enable=YES
#pasv_promiscuous=YES
pasv_min_port=50001
pasv_max_port=50005
==============================================================
service vsftpd restart
systemctl restart vsftpd
systemctl restart iptables
chkconfig vsftpd on
iptables 기반 방화벽설치
apt-get install -y iptables-persistent netfilter-persistent
================================하지말것====================================
:: init 스크립트로 복사
$ sudo cp /usr/share/netfilter-persistent/plugins.d/15-ip4tables /etc/init.d/iptables
$ sudo /etc/init.d/iptables start
$ sudo /etc/init.d/iptables flush
:: 부팅시 자동으로 서비스 올라오게 등록
$ sudo update-rc.d -f iptables defaults
$ sudo update-rc.d -f iptables defaults
insserv: warning: script ‘K01iptables’ missing LSB tags and overridesinsserv: warning: script ‘iptables’ missing LSB tags and overrides
위와 같은 에러가 뜨면… 해당스크립트에 LSB tag값이 지정되어있지 않다는 메세지기에 스크립트 상단에 아래 문구삽입$ sudo vim /etc/init.d/iptables
……………………….### BEGIN INIT INFO# Provides: skeleton# Required-Start: $remote_fs $syslog# Required-Stop: $remote_fs $syslog# Default-Start: 2 3 4 5# Default-Stop: 0 1 6# Short-Description: Example initscript# Description: This file should be used to construct scripts to be# placed in /etc/init.d.### END INIT INFO……………………….
서비스 활성화 체크리스트
$ sudo service --status-all
================================하지말것====================================
vi /etc/iptables/rules.v4
==============================================================
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type any -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 50001:50005 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
==============================================================
systemctl enable netfilter-persistent
ufw disable
systemctl disable ufw
systemctl stop ufw
systemctl enable netfilter-persistent
systemctl start netfilter-persistent
vi /etc/dhcp/dhclient.conf
==============================================================
timeout 20;
==============================================================
history 시간표시설정
vi /etc/profile
==============================================================
#history
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
if [ -z $USER_IP ]
then
USER_IP=`hostname`
fi
HISTSIZE=100000000
export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S] [${USER_IP}] [${LOGNAME}] "
==============================================================
source /etc/profile
매시간동기화
timedatectl
dpkg-reconfigure tzdata
timedatectl list-timezones | grep Seoul
timedatectl set-timezone Asia/Seoul
apt-get install -y rdate
mkdir /root/bin
vi /root/bin/time_sync.sh
==============================================================
#!/bin/bash
rdate -s time.bora.net && date && hwclock -r && hwclock -w > /dev/null 2>&1
exit 0;
==============================================================
chmod 755 /root/bin/time_sync.sh
chown root:root /root/bin/time_sync.sh
vi /etc/crontab
==============================================================
0 * * * * root /bin/sh /root/bin/time_sync.sh
==============================================================
systemctl restart cron
systemctl enable cron
부팅할때 네트워크 통신 오래걸려서 셋팅하면 좋음
# vi /etc/dhcp/dhclient.conf
==============================================================
timeout 20;
==============================================================
# vi /lib/systemd/system/networking.service
==============================================================
21:TimeoutStartSec=10sec (기본으로 5min설정되있었고, 작성자는 10초로 변경)
==============================================================
systemctl mask systemd-networkd-wait-online.service 명령어 입력시
Created symlink
/etc/systemd/system/systemd-networkd-wait-online.service -> /dev/null
이 나옴. 그럼 리부팅하면 지연네트워크 안됨.
진행하시면됩니다.
댓글