ubuntu14.04技巧连载

作者: strongz | 来源:发表于2015-12-16 16:36 被阅读713次

    附:有些内容来源于网络。期待大家踊跃评论,比如:如何在ubuntu中实现windows/other Linux的功能等

    基本配置


    • 停止、禁用network-manager

        先停止:sudo stop network-manager
        
        禁止开机启动:
        echo "manual" | sudo tee /etc/init/network-manager.override 
        或
        注释/etc/init/network-manager.conf的start on行
        或
        sudo initctl stop network-manager
      
        禁用后只能通过networking来管理接口,查看networking服务状态:
        initctl status networking
      
        并通过编辑文件/etc/network/interfaces来配置网口(方法如下)
      
        sudo restart networking
      
    • IP设置(以eth0为例)

        cat >>/etc/network/interfaces <<EOF
        auto eth0
        iface eth0 inet static
        address 10.10.10.xxx
        netmask 255.255.254.0
        gateway 10.10.10.254
        EOF   
      
    • dns设置

        方法1:
      
        sudo vim /etc/network/interfaces
        dns-nameservers 8.8.8.8
      
        方法2:(这个文件默认是空的)
      
        sudo vim /etc/resolvconf/resolv.conf.d/base
        nameserver 8.8.4.4
        nameserver 8.8.8.8 
      
        resolvconf -u 
      
        验证下:dig cnet.com
      
        注意:不建议直接修改/etc/resolv.conf,重启后此设置将无效!
      
    • 添加用户并强制用户首次登陆修改密码

      先添加用户,命令如下: 
      sudo adduser --home /home/testing --quiet --uid 1001  testing 
      
      设置密码过期,则用户首次登陆必须修改密码
      sudo chage -d 0 testing
      
      由于以上方式创建的用户home目录对于其他用户也是可读的(不安全)
      drwxr-xr-x  2 testing testing  4096  5?10 13:48 testing/
      
      建议修改权限(禁止同组和其他用户读写): chmod 700  ~testing/
      
      不建议用useradd来添加用户,无法自动创建home目录和拷贝相关/etc/skel下的文件
      
    • vi临时提权保存修改的文件

         :w !sudo tee %
      
    • 修改/etc/sudoers来给用户授权

        # User privilege specification
        root    ALL=(ALL:ALL) ALL
      
        # Members of the admin group may gain root privileges
        %admin ALL=(ALL) ALL
      
        # Allow members of group sudo to execute any command
        %sudo   ALL=(ALL:ALL) ALL
      
        # Allow members of group OSP_Group to execute apt-get command
        %OSP_Group   ALL=(ALL:ALL) NOPASSWD:/usr/bin/apt-get
        #将需要授权的用户加入到组OSP_Group
      
    • 配置apt-get等其他程序使用代理联网(非root用户,还须更改下面sudo的配置)

        vi ~/.bashrc 加入行:
      
            export http_proxy=http://www.ProxyServer.com:3128
            export ftp_proxy=http://www.ProxyServer.com:3128
            export https_proxy=http://www.ProxyServer.com:3128
      
    • 使sudo调用当前用户的环境变量(默认会重置环境变量并只使用自身配置文件中的变量)

        sudo vi /etc/sudoers 
        
            #Defaults       env_reset
            Defaults        !env_reset
      
    • 配置docker使用代理联网

        sudo vi /etc/default/docker
      
            # If you need Docker to use an HTTP proxy, it can also be specified here.
            #export http_proxy="http://127.0.0.1:3128/"
            export http_proxy="http://www.ProxyServer.com:3128"
            export ftp_proxy="http://www.ProxyServer.com:3128"
            export https_proxy="http://www.ProxyServer.com:3128"
      
    • 禁用所有接口dhcp

        sudo  apt-get remove isc-dhcp-client isc-dhcp-common
      
    • 无线网卡驱动安装(以ThinkPad X240的网卡RTL8192EE为例)

        lshw -c network           #查看现有网络设备状态,也可用lspci
        git clone https://github.com/lwfinger/rtlwifi_new
        cd rtlwifi_new
        sudo make
        sudo make install
        sudo reboot
      
    • mirrors站点配置

         vi /etc/hosts添加如下内容:
             91.189.91.24   security.ubuntu.com
             112.124.140.210 cn.archive.ubuntu.com 
      
    • 安装包(以安装java7为例)

         如果不知道包的具体名字,可以先从库里模糊查找来获取包名:
         sudo apt-cache search jdk  
         然后,安装相关包:
         sudo apt-get install openjdk-7-jdk openjdk-7-jre  openjdk-7-jre-headless
         根据文件名来查看所属包:
          root@cnet:~# dpkg -S  /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
          openjdk-7-jre-headless:amd64: /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
         根据包来查看其所有的文件:
          root@cnet:~# dpkg -L openjdk-7-jre-headless
          /.
          /usr
          /usr/lib
          /usr/lib/jvm
          /usr/lib/jvm/.java-1.7.0-openjdk-amd64.jinfo
          /usr/lib/jvm/java-7-openjdk-amd64
          /usr/lib/jvm/java-7-openjdk-amd64/man
          。。。。。。
         查看是否已安装jdk相关包:
          root@cnet:~# dpkg -l |grep jdk|less
          ii  openjdk-7-dbg:amd64                    7u79-2.5.6-0ubuntu1.14.04.1         amd64        Java runtime based on OpenJDK (debugging symbols)
          ii  openjdk-7-demo                         7u79-2.5.6-0ubuntu1.14.04.1         amd64        Java runtime based on OpenJDK (demos and examples)
          ii  openjdk-7-doc                          7u79-2.5.6-0ubuntu1.14.04.1         all          OpenJDK Development Kit (JDK) documentation
          ii  openjdk-7-jdk:amd64                    7u79-2.5.6-0ubuntu1.14.04.1         amd64        OpenJDK Development Kit (JDK)
          ii  openjdk-7-jre:amd64                    7u79-2.5.6-0ubuntu1.14.04.1         amd64        OpenJDK Java runtime, using Hotspot JIT
      
    • 安装ssh/vncserver/xfce4

         sudo apt-get update
         sudo apt-get upgrade
         sudo apt-get remove openssh-client gnome-terminal        (现有gnome-terminal,openssh-client有bug)
         sudo apt-get -y install openssh-client openssh-server vnc4server xfce4-terminal xfce4
      
    • 安装配置KVM和Openvswitch

         sudo grep -E 'vmx|svm' /proc/cpuinfo             #确保主机已开启cpu虚拟化支持
         sudo apt-get install qemu-kvm qemu-system libvirt-bin virt-manager bridge-utils
         sudo lsmod |grep kvm                             #确保kvm、kvm_intel模块已载入
         sudo apt-get install openvswitch-controller openvsiwtch-switch openvswitch-datapath-source
      
    • 解决Terminal中无法用Tab自动补全命令

         sudo vi /etc/bash.bashrc
      
         找到文件中的下列代码:
              #if ! shopt -oq posix; then
              #      if [-f  /usr/share/bash-completion/bash_completion ]; then
              #          . /usr/share/bash-completion/bash_completion
              #      elif [ -f /etc/bash_completion]; then
              #           . /etc/bash_completion
              #      fi
              #fi
         将注释符号#去掉
      
         source /etc/bash.bashrc
      
    • 配置桌面为xfce4的vnc

         vncserver :1
         vncserver -kill :1
             
         配置~/.vnc/xstartup内容如下:
      
              unset SESSION_MANAGER
              unset DBUS_SESSION_BUS_ADDRESS
      
              [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
              [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
              xsetroot -solid grey
              vncconfig -iconic &
              xfce4-session &
      
    • ubuntu的tftp服务器配置

        apt-get install tftp-hpa tftpd-hpa
        mkdir /tftpboot
        sudo chmod 0777 /tftpboot
        sudo touch test.txt
        sudo vi /etc/default/tftpd-hpa
          TFTP_USERNAME="tftp"
          TFTP_DIRECTORY="/tftpboot" # 这里是你的tftpd-hpa的服务目录,这个想建立在哪里都行
          TFTP_ADDRESS="0.0.0.0:69"
          TFTP_OPTIONS="-l -c -s" # 这里是选项,-c是可以上传文件的参数,-s是指定tftpd-hpa服务目录,上面已经指定
      
        sudo service tftpd-hpa restart
        tftp 127.0.0.1
        tftp>get test.txt
        tftp>put test1.txt
        tftp>q
      
    • 配置安装telnetd服务

          sudo apt-get install xinetd telnetd
          
      
           
           编辑文件/etc/xinetd.conf,并改后文件如下:
           # Simple configuration file for xinetd
           #
           # Some defaults, and include /etc/xinetd.d/
           defaults
           {
           # Please note that you need a log_type line to be able to use log_on_success
           # and log_on_failure. The default is the following :
           # log_type = SYSLOG daemon info
           instances = 60
           log_type = SYSLOG authpriv
           log_on_success = HOST PID
           log_on_failure = HOST
           cps = 25 30
           }
      
           另外可以修改telnet的监听端口,编辑文件/etc/services的如下行:
            telnet           23/tcp
      
           创建或编辑文件/etc/xinetd.d/telnet,使其内容如下:
      
           # default: on
           # description: The telnet server serves telnet sessions; it uses
           # unencrypted username/password pairs for authentication.
           service telnet
           {
             disable = no
             flags = REUSE
             socket_type = stream
             wait = no
             user = root
             server = /usr/sbin/in.telnetd
             log_on_failure += USERID
             only_from = 192.168.25.0/24 #Only users in 192.168.25.0 can access to
           }
      
           启动telnet服务:
           sudo /etc/init.d/xinetd restart
      
           注意:相关telnet日志将写入/var/log/auth.log (方便排障)
      
    • 配置nis client(需在console/图形界面里操作)

          sudo apt-get install nis
               按提示输入nisdomain
          
          在/etc/yp.conf中添加nis服务器映射条目
                domain nis.yourdomain server 10.X.X.X
      
          修改/etc/nsswitch.conf项目如下
                 passwd: compat nis
                 group:  compat nis
                 shadow: compat nis
                 hosts:  files mdns4_minimal [NOTFOUND=return] dns nis
      
          sudo service ypbind restart
      
          ypcat passwd  (查看用户数据)
      
    • 配置nfs client

         sudo apt-get install nfs-common
      
         修改/etc/idmapd.conf项目如下
             Domain = yourdomain.com
      
         initctl restart idmapd 
       
         mount -t nfs nfs.yourdomain.com:/home /home 
      
         修改/etc/fstab添加开机挂载nfs条目
         
            nfs.yourdomain.com:/home   /home  nfs     defaults        0       0
      
    • 配置vsftpd(PAM认证)

        sudo apt-get install vsftpd
      
         mkdir /home/OSP_DATA       #创建ftp的根目录
      
         修改配置 /etc/vsftpd.conf,内容如下
          listen=YES
          anonymous_enable=NO
          local_enable=YES
          dirmessage_enable=YES
          use_localtime=YES
          xferlog_enable=YES
          connect_from_port_20=YES
          xferlog_file=/var/log/vsftpd.log
          ftpd_banner=Welcome to OSP_Group FTP service.
          chroot_local_user=YES                                  
          secure_chroot_dir=/var/run/vsftpd/empty
          pam_service_name=vsftpd
          rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
          rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
          local_root=/home/OSP_DATA                            #将目录/home/OSP_DATA设置为ftp的根,否则会开放整个系统根/(非常不安全)
      
          重启服务: sudo service vsftpd restart
      

    其他


    • 64bit系统编译安装32bit的Openssl

      setarch i486 ./config \
      --prefix=/opt/openssl-1.0.2c-test \
      no-zlib no-shared  no-dso -m32 
      
      386       Use the 80386 instruction set only (the default x86 code is
                more efficient, but requires at least a 486). Note: Use
                compiler flags for any other CPU specific configuration,
                e.g. "-m32" to build x86 code on an x64 system.
      
    • ubuntu禁用usb-storage

      echo "blacklist usb-storage" | sudo tee -a /etc/modprobe.d/blacklist.conf
      sudo update-initramfs -u
      
    • kvm中ubuntu运行异常的解决方法

      问题描述
      1. 登录后无法显示桌面标题栏和菜单
      2. cpu使用率100%
      解决方法
      sudo apt-get remove xserver-xorg-video-qxl

    相关文章

      网友评论

        本文标题:ubuntu14.04技巧连载

        本文链接:https://www.haomeiwen.com/subject/pwtphttx.html