VMware安装Linux各版本系统
CentOS安装
2.0 历史版本下载
VMware安装配置
选择镜像文件
安装
2.1 修改时区
2.2 配置磁盘分区
2.2.1 分区方案示例
2.3 配置网络
2.4 设置root密码
待安装完成后,做下脚本简单初始化配置
#!/bin/bash
# CentOS 企业初始化脚本
# 功能:系统更新、常用工具安装、安全配置、网络配置、SSH 优化等
# 检查是否为 root 用户
if [ "$(id -u)" != "0" ]; then
echo "错误:此脚本必须以 root 用户运行!"
exit 1
fi
# 备份原有yum源
echo "正在配置yum 源..."
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum clean all
yum makecache
# 定义变量
NEW_USER="oneplus" # 新管理员用户名
NEW_PASSWORD="123456" # 新管理员用户密码
SSH_PORT="22" # 新的 SSH 端口
STATIC_IP="192.168.72.128" # 静态 IP 地址
NETMASK="255.255.255.0" # 子网掩码
GATEWAY="192.168.72.2" # 网关
DNS1="8.8.8.8" # DNS 服务器 1
DNS2="8.8.4.4" # DNS 服务器 2
HOSTNAME="centos-server" # 主机名
TIMEZONE="Asia/Shanghai" # 时区
# 1. 更新系统
echo "正在更新系统..."
yum update -y
# 2. 安装常用工具
echo "正在安装常用工具..."
yum install -y vim wget curl net-tools lsof telnet bash-completion epel-release
# 3. 配置静态IP
echo "正在配置静态IP..."
NETWORK_FILE="/etc/sysconfig/network-scripts/ifcfg-$(ip -o -4 route show to default | awk '{print $5}')"
cat > $NETWORK_FILE <<EOF
TYPE=Ethernet
BOOTPROTO=static
DEVICE=$(ip -o -4 route show to default | awk '{print $5}')
ONBOOT=yes
IPADDR=$STATIC_IP
NETMASK=$NETMASK
GATEWAY=$GATEWAY
DNS1=$DNS1
DNS2=$DNS2
EOF
# 重启网络服务
systemctl restart network
# 4. 关闭并禁用防火墙
echo "正在关闭并禁用防火墙..."
systemctl stop firewalld
systemctl disable firewalld
if rpm -q iptables > /dev/null 2>&1; then
systemctl stop iptables
systemctl disable iptables
fi
# 5. 禁用 SELinux
echo "正在禁用 SELinux..."
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
# 6. 配置 SSH 安全
echo "正在配置 SSH 安全..."
sed -i "s/^#Port 22/Port $SSH_PORT/" /etc/ssh/sshd_config
sed -i 's/^PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
systemctl restart sshd
# 7. 设置主机名
echo "正在设置主机名..."
hostnamectl set-hostname $HOSTNAME
# 8. 创建管理员用户
echo "正在创建管理员用户..."
useradd $NEW_USER
echo $NEW_PASSWORD | passwd --stdin $NEW_USER
usermod -aG wheel $NEW_USER
# 9. 配置时区
echo "正在配置时区..."
timedatectl set-timezone $TIMEZONE
# 10. 优化系统参数
echo "正在优化系统参数..."
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.ip_local_port_range = 1024 65000
net.core.somaxconn = 10240
EOF
sysctl -p
# 完成提示
echo "初始化脚本执行完成!"
echo "请使用以下信息登录系统:"
echo "用户名: $NEW_USER"
echo "密码: $NEW_PASSWORD"
echo "SSH 端口: $SSH_PORT"
echo "静态IP: $STATIC_IP"
echo "主机名: $HOSTNAME"
# 11. 系统优化和安全优化
echo "正在进行系统优化和安全优化..."
# 调整文件描述符限制
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
# 配置历史命令记录
echo "export HISTTIMEFORMAT=\"%F %T \"" >> /etc/profile
echo "export HISTSIZE=10000" >> /etc/profile
echo "export HISTFILESIZE=10000" >> /etc/profile
echo "export HISTCONTROL=ignoredups" >> /etc/profile
# 设置密码策略
sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs
sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 7/' /etc/login.defs
sed -i 's/^PASS_WARN_AGE.*/PASS_WARN_AGE 14/' /etc/login.defs
# 禁用不必要的服务
for service in postfix avahi-daemon cups; do
if systemctl list-unit-files | grep -q $service; then
systemctl stop $service
systemctl disable $service
echo "已禁用服务: $service"
fi
done
# 配置自动更新
echo "正在配置自动更新..."
yum install -y yum-cron
sed -i 's/^apply_updates = no/apply_updates = yes/' /etc/yum/yum-cron.conf
systemctl enable yum-cron
systemctl start yum-cron
# 配置日志审计
echo "正在配置日志审计..."
yum install -y audit
cat > /etc/audit/rules.d/audit.rules <<EOF
-w /etc/passwd -p wa -k identity
-w /etc/group -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/sudoers -p wa -k privilege-escalation
-w /var/log/audit/ -p wa -k audit-logs
EOF
service auditd restart
# 配置内核参数优化
cat >> /etc/sysctl.conf <<EOF
# 开启SYN cookies,防止SYN Flood攻击
net.ipv4.tcp_syncookies = 1
# 增加系统最大连接数
net.core.somaxconn = 65535
# 增加系统文件描述符限制
fs.file-max = 65535
# 禁用IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
EOF
sysctl -p
echo "系统优化和安全优化完成!"
参考网址:
https://bbs.huaweicloud.com/blogs/303461
Ubuntu安装
3.1 历史镜像版本下载
网址:https://releases.ubuntu.com/
安装Ubuntu
3.2 选择英文
直接跳过继续即可
3.3 选择英文键盘
3.4 选择最小化安装
3.5 配置网络-先默认选择自动分配IP地址
3.6 配置磁盘
3.6.1 磁盘分区示例
3.7 配置用户和密码(Ubuntu默认不允许root登录)
3.8 跳过Ubuntu升级
3.9 配置启用ssh
3.10 等待安装完成重启即可
3.11 配置启用root
配置root密码
sudo passwd root
设置完成后切换到root用户
su - root
ssh配置允许root远程
vim /etc/ssh/sshd_config
# PermitRootLogin prohibit-password
PermitRootLogin yes
systemctl retart ssh
3.12 初始化脚本
#!/bin/bash
# Ubuntu 24.01 初始化脚本
# 功能:系统更新、常用工具安装、安全配置、网络配置、SSH 优化等
# 检查是否为 root 用户
if [ "$(id -u)" != "0" ]; then
echo "错误:此脚本必须以 root 用户运行!"
exit 1
fi
# 定义变量
NEW_USER="oneplus" # 新管理员用户名
NEW_PASSWORD="123456" # 新管理员用户密码
SSH_PORT="22" # 新的 SSH 端口
STATIC_IP="192.168.72.130" # 静态 IP 地址
NETMASK="255.255.255.0" # 子网掩码
GATEWAY="192.168.72.2" # 网关
DNS1="8.8.8.8" # DNS 服务器 1
DNS2="8.8.4.4" # DNS 服务器 2
HOSTNAME="ubuntu-server" # 主机名
TIMEZONE="Asia/Shanghai" # 时区
# 1. 更新系统
echo "正在更新系统..."
apt-get update -y
apt-get upgrade -y
# 2. 安装常用工具
echo "正在安装常用工具..."
apt-get install -y vim wget curl net-tools lsof telnet bash-completion ufw auditd unattended-upgrades
# 3. 配置静态IP
echo "正在配置静态IP..."
NETWORK_FILE="/etc/netplan/01-netcfg.yaml"
cat > $NETWORK_FILE <<EOF
network:
version: 2
renderer: networkd
ethernets:
$(ip -o -4 route show to default | awk '{print $5}'):
dhcp4: no
addresses: [$STATIC_IP/$NETMASK]
gateway4: $GATEWAY
nameservers:
addresses: [$DNS1, $DNS2]
EOF
netplan apply
# 4. 配置 UFW 防火墙
echo "正在配置防火墙..."
ufw disable
ufw default deny incoming
ufw default allow outgoing
ufw allow $SSH_PORT
ufw --force enable
# 5. 配置 SSH 安全
echo "正在配置 SSH 安全..."
sed -i "s/^#Port 22/Port $SSH_PORT/" /etc/ssh/sshd_config
sed -i 's/^PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/^#ClientAliveInterval 0/ClientAliveInterval 300/' /etc/ssh/sshd_config
sed -i 's/^#ClientAliveCountMax 3/ClientAliveCountMax 2/' /etc/ssh/sshd_config
systemctl restart ssh
# 6. 系统优化和安全优化
echo "正在进行系统优化和安全优化..."
# 调整文件描述符限制
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
# 配置历史命令记录
echo "export HISTTIMEFORMAT=\"%F %T \"" >> /etc/profile
echo "export HISTSIZE=10000" >> /etc/profile
echo "export HISTFILESIZE=10000" >> /etc/profile
echo "export HISTCONTROL=ignoredups" >> /etc/profile
# 设置密码策略
apt-get install -y libpam-pwquality
sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs
sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 7/' /etc/login.defs
sed -i 's/^PASS_WARN_AGE.*/PASS_WARN_AGE 14/' /etc/login.defs
echo "password requisite pam_pwquality.so retry=3 minlen=12 difok=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" >> /etc/pam.d/common-password
# 配置自动更新
echo "正在配置自动更新..."
sed -i 's/^\/\/\s*"${distro_id}:${distro_codename}-updates";/"${distro_id}:${distro_codename}-updates";/' /etc/apt/apt.conf.d/50unattended-upgrades
echo 'APT::Periodic::Update-Package-Lists "1";' > /etc/apt/apt.conf.d/20auto-upgrades
echo 'APT::Periodic::Unattended-Upgrade "1";' >> /etc/apt/apt.conf.d/20auto-upgrades
systemctl enable unattended-upgrades
systemctl start unattended-upgrades
# 配置日志审计
echo "正在配置日志审计..."
cat > /etc/audit/rules.d/audit.rules <<EOF
-w /etc/passwd -p wa -k identity
-w /etc/group -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/sudoers -p wa -k privilege-escalation
-w /var/log/audit/ -p wa -k audit-logs
EOF
service auditd restart
# 配置内核参数优化
cat >> /etc/sysctl.conf <<EOF
# 开启SYN cookies,防止SYN Flood攻击
net.ipv4.tcp_syncookies = 1
# 增加系统最大连接数
net.core.somaxconn = 65535
# 增加系统文件描述符限制
fs.file-max = 65535
# 禁用IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
# 防止SYN Flood攻击
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_synack_retries = 2
# 优化TIME-WAIT
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
EOF
sysctl -p
# 禁用不必要的服务
for service in avahi-daemon cups; do
if systemctl list-unit-files | grep -q $service; then
systemctl stop $service
systemctl disable $service
echo "已禁用服务: $service"
fi
done
echo "系统优化和安全优化完成!"
# ... rest of the script remains similar with apt-get instead of yum ...
OpenEuler安装
历史版本
网址: https://www.openeuler.org/zh/download/?archive=true
4.1 选择英文
4.2 配置磁盘分区
我选择自动分配分区,如果需可以等分配完成按需修改下即可
自动分配分区
4.3 配置root账号密码
root密码有复杂度要求,不能设置太简单
4.4 开始安装系统
4.5 安装完成重启系统
4.6 配置脚本
#!/bin/bash
# openEuler 初始化脚本
# 功能:系统更新、常用工具安装、安全配置、网络配置、SSH 优化等
# 检查是否为 root 用户
if [ "$(id -u)" != "0" ]; then
echo "错误:此脚本必须以 root 用户运行!"
exit 1
fi
# 定义变量
NEW_USER="oneplus" # 新管理员用户名
NEW_PASSWORD="QW546800" # 新管理员用户密码
SSH_PORT="22" # 新的 SSH 端口
STATIC_IP="192.168.72.131" # 静态 IP 地址
NETMASK="255.255.255.0" # 子网掩码
GATEWAY="192.168.72.2" # 网关
DNS1="8.8.8.8" # DNS 服务器 1
DNS2="8.8.4.4" # DNS 服务器 2
HOSTNAME="openeuler-server" # 主机名
TIMEZONE="Asia/Shanghai" # 时区
# 2. 创建新用户并配置sudo权限
echo "正在创建新用户 $NEW_USER..."
if id -u $NEW_USER >/dev/null 2>&1; then
echo "用户 $NEW_USER 已存在,跳过创建"
else
# 创建用户
useradd -m -s /bin/bash $NEW_USER
echo "$NEW_USER:$NEW_PASSWORD" | chpasswd
# 配置sudo权限
echo "配置 $NEW_USER 的sudo权限..."
if [ -f /etc/sudoers.d/$NEW_USER ]; then
echo "sudo配置已存在,跳过配置"
else
echo "$NEW_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$NEW_USER
chmod 440 /etc/sudoers.d/$NEW_USER
fi
# 设置密码过期策略
chage -M 99999 $NEW_USER
echo "用户 $NEW_USER 创建完成"
fi
# 1. 配置 yum 源
echo "正在配置 yum 源..."
# 备份原有源
mv /etc/yum.repos.d/openEuler.repo /etc/yum.repos.d/openEuler.repo.bak
# 使用阿里云镜像源
cat > /etc/yum.repos.d/openEuler.repo <<EOF
[openeuler]
name=openEuler
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-24.03-LTS/OS/x86_64/
enabled=1
gpgcheck=0
[EPOL]
name=EPOL
baseurl=https://mirrors.aliyun.com/openeuler/openEuler-24.03-LTS/EPOL/main/x86_64/
enabled=1
gpgcheck=0
EOF
# 更新 yum 缓存
yum makecache
# ... existing code ...
# 安装常用工具
echo "正在安装常用工具..."
yum install -y vim wget curl net-tools lsof telnet bash-completion tar gzip zip unzip bind-utils traceroute iotop htop iftop sysstat lrzsz tree psmisc nc nmap
# 4. 配置静态IP
# 4. 配置静态IP
echo "正在配置静态IP..."
# 获取默认网络接口
INTERFACE=$(ip -o -4 route show to default | awk '{print $5}')
# 备份原有配置文件
cp /etc/sysconfig/network-scripts/ifcfg-$INTERFACE /etc/sysconfig/network-scripts/ifcfg-$INTERFACE.bak
# 创建新的配置文件
cat > /etc/sysconfig/network-scripts/ifcfg-$INTERFACE <<EOF
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
NAME=$INTERFACE
DEVICE=$INTERFACE
ONBOOT=yes
IPADDR=$STATIC_IP
NETMASK=$NETMASK
GATEWAY=$GATEWAY
DNS1=$DNS1
DNS2=$DNS2
EOF
# 重启网络服务
if systemctl restart NetworkManager; then
echo "网络配置成功,正在验证网络连接..."
if ping -c 3 $GATEWAY > /dev/null 2>&1; then
echo "网络连接正常"
else
echo "警告:无法ping通网关,请检查网络配置"
fi
else
echo "错误:NetworkManager服务重启失败,正在恢复备份配置..."
cp /etc/sysconfig/network-scripts/ifcfg-$INTERFACE.bak /etc/sysconfig/network-scripts/ifcfg-$INTERFACE
systemctl restart NetworkManager
exit 1
fi
# ... existing code ...
# 5. 关闭防火墙
echo "正在关闭并禁用防火墙..."
systemctl stop firewalld
systemctl disable firewalld
if rpm -q iptables > /dev/null 2>&1; then
systemctl stop iptables
systemctl disable iptables
fi
# 6. 配置 SSH 安全
echo "正在配置 SSH 安全..."
sed -i "s/^#Port 22/Port $SSH_PORT/" /etc/ssh/sshd_config
sed -i 's/^PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
# 7. 系统优化配置
echo "正在优化系统参数..."
# 调整文件描述符限制
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
# 优化内核参数
cat >> /etc/sysctl.conf <<EOF
# 开启SYN cookies,防止SYN Flood攻击
net.ipv4.tcp_syncookies = 1
# 允许将TIME-WAIT sockets重新用于新的TCP连接
net.ipv4.tcp_tw_reuse = 1
# 缩短TIME-WAIT时间
net.ipv4.tcp_fin_timeout = 30
# 增加本地端口范围
net.ipv4.ip_local_port_range = 1024 65000
# 增加系统最大连接数
net.core.somaxconn = 65535
# 增加系统文件描述符限制
fs.file-max = 65535
# 禁用IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
EOF
sysctl -p
# 8. 安全加固
echo "正在进行安全加固..."
# 禁用不必要的服务
if systemctl list-unit-files | grep -q postfix; then
systemctl stop postfix
systemctl disable postfix
fi
# 设置密码策略
sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs
sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 7/' /etc/login.defs
sed -i 's/^PASS_WARN_AGE.*/PASS_WARN_AGE 14/' /etc/login.defs
# 配置历史命令记录
echo "export HISTTIMEFORMAT=\"%F %T \"" >> /etc/profile
echo "export HISTSIZE=10000" >> /etc/profile
echo "export HISTFILESIZE=10000" >> /etc/profile
echo "export HISTCONTROL=ignoredups" >> /etc/profile
# 9. 配置自动更新
echo "正在配置自动更新..."
yum install -y yum-cron
sed -i 's/^apply_updates = no/apply_updates = yes/' /etc/yum/yum-cron.conf
systemctl enable yum-cron
systemctl start yum-cron
# 10. 配置日志审计
echo "正在配置日志审计..."
yum install -y audit
cat > /etc/audit/rules.d/audit.rules <<EOF
-w /etc/passwd -p wa -k identity
-w /etc/group -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/sudoers -p wa -k privilege-escalation
-w /var/log/audit/ -p wa -k audit-logs
EOF
service auditd restart
# ... rest of the script remains similar with yum ...
其他版本Linux待补充。。。
浙公网安备 33010602011771号