ubuntu14.04技巧连载

字数 2092阅读 844

附:有些内容来源于网络。期待大家踊跃评论,比如:如何在ubuntu中实现windows/other Linux的功能等

基本配置


  • 停止、禁用network-manager

      先停止:sudo stop network-manager
      
      禁止开机启动:
      echo "manual" | sudo tee /etc/init/network-manager.override 
      或
      注释/etc/init/network-manager.conf的start on行
      或
      sudo initctl stop network-manager
    
      禁用后只能通过networking来管理接口,查看networking服务状态:
      initctl status networking
    
      并通过编辑文件/etc/network/interfaces来配置网口(方法如下)
    
      sudo restart networking
    
  • IP设置(以eth0为例)

      cat >>/etc/network/interfaces <<EOF
      auto eth0
      iface eth0 inet static
      address 10.10.10.xxx
      netmask 255.255.254.0
      gateway 10.10.10.254
      EOF   
    
  • dns设置

      方法1:
    
      sudo vim /etc/network/interfaces
      dns-nameservers 8.8.8.8
    
      方法2:(这个文件默认是空的)
    
      sudo vim /etc/resolvconf/resolv.conf.d/base
      nameserver 8.8.4.4
      nameserver 8.8.8.8 
    
      resolvconf -u 
    
      验证下:dig cnet.com
    
      注意:不建议直接修改/etc/resolv.conf,重启后此设置将无效!
    
  • 添加用户并强制用户首次登陆修改密码

    先添加用户,命令如下: 
    sudo adduser --home /home/testing --quiet --uid 1001  testing 
    
    设置密码过期,则用户首次登陆必须修改密码
    sudo chage -d 0 testing
    
    由于以上方式创建的用户home目录对于其他用户也是可读的(不安全)
    drwxr-xr-x  2 testing testing  4096  5?10 13:48 testing/
    
    建议修改权限(禁止同组和其他用户读写): chmod 700  ~testing/
    
    不建议用useradd来添加用户,无法自动创建home目录和拷贝相关/etc/skel下的文件
    
  • vi临时提权保存修改的文件

       :w !sudo tee %
    
  • 修改/etc/sudoers来给用户授权

      # User privilege specification
      root    ALL=(ALL:ALL) ALL
    
      # Members of the admin group may gain root privileges
      %admin ALL=(ALL) ALL
    
      # Allow members of group sudo to execute any command
      %sudo   ALL=(ALL:ALL) ALL
    
      # Allow members of group OSP_Group to execute apt-get command
      %OSP_Group   ALL=(ALL:ALL) NOPASSWD:/usr/bin/apt-get
      #将需要授权的用户加入到组OSP_Group
    
  • 配置apt-get等其他程序使用代理联网(非root用户,还须更改下面sudo的配置)

      vi ~/.bashrc 加入行:
    
          export http_proxy=http://www.ProxyServer.com:3128
          export ftp_proxy=http://www.ProxyServer.com:3128
          export https_proxy=http://www.ProxyServer.com:3128
    
  • 使sudo调用当前用户的环境变量(默认会重置环境变量并只使用自身配置文件中的变量)

      sudo vi /etc/sudoers 
      
          #Defaults       env_reset
          Defaults        !env_reset
    
  • 配置docker使用代理联网

      sudo vi /etc/default/docker
    
          # If you need Docker to use an HTTP proxy, it can also be specified here.
          #export http_proxy="http://127.0.0.1:3128/"
          export http_proxy="http://www.ProxyServer.com:3128"
          export ftp_proxy="http://www.ProxyServer.com:3128"
          export https_proxy="http://www.ProxyServer.com:3128"
    
  • 禁用所有接口dhcp

      sudo  apt-get remove isc-dhcp-client isc-dhcp-common
    
  • 无线网卡驱动安装(以ThinkPad X240的网卡RTL8192EE为例)

      lshw -c network           #查看现有网络设备状态,也可用lspci
      git clone https://github.com/lwfinger/rtlwifi_new
      cd rtlwifi_new
      sudo make
      sudo make install
      sudo reboot
    
  • mirrors站点配置

       vi /etc/hosts添加如下内容:
           91.189.91.24   security.ubuntu.com
           112.124.140.210 cn.archive.ubuntu.com 
    
  • 安装包(以安装java7为例)

       如果不知道包的具体名字,可以先从库里模糊查找来获取包名:
       sudo apt-cache search jdk  
       然后,安装相关包:
       sudo apt-get install openjdk-7-jdk openjdk-7-jre  openjdk-7-jre-headless
       根据文件名来查看所属包:
        root@cnet:~# dpkg -S  /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
        openjdk-7-jre-headless:amd64: /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
       根据包来查看其所有的文件:
        root@cnet:~# dpkg -L openjdk-7-jre-headless
        /.
        /usr
        /usr/lib
        /usr/lib/jvm
        /usr/lib/jvm/.java-1.7.0-openjdk-amd64.jinfo
        /usr/lib/jvm/java-7-openjdk-amd64
        /usr/lib/jvm/java-7-openjdk-amd64/man
        。。。。。。
       查看是否已安装jdk相关包:
        root@cnet:~# dpkg -l |grep jdk|less
        ii  openjdk-7-dbg:amd64                    7u79-2.5.6-0ubuntu1.14.04.1         amd64        Java runtime based on OpenJDK (debugging symbols)
        ii  openjdk-7-demo                         7u79-2.5.6-0ubuntu1.14.04.1         amd64        Java runtime based on OpenJDK (demos and examples)
        ii  openjdk-7-doc                          7u79-2.5.6-0ubuntu1.14.04.1         all          OpenJDK Development Kit (JDK) documentation
        ii  openjdk-7-jdk:amd64                    7u79-2.5.6-0ubuntu1.14.04.1         amd64        OpenJDK Development Kit (JDK)
        ii  openjdk-7-jre:amd64                    7u79-2.5.6-0ubuntu1.14.04.1         amd64        OpenJDK Java runtime, using Hotspot JIT
    
  • 安装ssh/vncserver/xfce4

       sudo apt-get update
       sudo apt-get upgrade
       sudo apt-get remove openssh-client gnome-terminal        (现有gnome-terminal,openssh-client有bug)
       sudo apt-get -y install openssh-client openssh-server vnc4server xfce4-terminal xfce4
    
  • 安装配置KVM和Openvswitch

       sudo grep -E 'vmx|svm' /proc/cpuinfo             #确保主机已开启cpu虚拟化支持
       sudo apt-get install qemu-kvm qemu-system libvirt-bin virt-manager bridge-utils
       sudo lsmod |grep kvm                             #确保kvm、kvm_intel模块已载入
       sudo apt-get install openvswitch-controller openvsiwtch-switch openvswitch-datapath-source
    
  • 解决Terminal中无法用Tab自动补全命令

       sudo vi /etc/bash.bashrc
    
       找到文件中的下列代码:
            #if ! shopt -oq posix; then
            #      if [-f  /usr/share/bash-completion/bash_completion ]; then
            #          . /usr/share/bash-completion/bash_completion
            #      elif [ -f /etc/bash_completion]; then
            #           . /etc/bash_completion
            #      fi
            #fi
       将注释符号#去掉
    
       source /etc/bash.bashrc
    
  • 配置桌面为xfce4的vnc

       vncserver :1
       vncserver -kill :1
           
       配置~/.vnc/xstartup内容如下:
    
            unset SESSION_MANAGER
            unset DBUS_SESSION_BUS_ADDRESS
    
            [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
            [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
            xsetroot -solid grey
            vncconfig -iconic &
            xfce4-session &
    
  • ubuntu的tftp服务器配置

      apt-get install tftp-hpa tftpd-hpa
      mkdir /tftpboot
      sudo chmod 0777 /tftpboot
      sudo touch test.txt
      sudo vi /etc/default/tftpd-hpa
        TFTP_USERNAME="tftp"
        TFTP_DIRECTORY="/tftpboot" # 这里是你的tftpd-hpa的服务目录,这个想建立在哪里都行
        TFTP_ADDRESS="0.0.0.0:69"
        TFTP_OPTIONS="-l -c -s" # 这里是选项,-c是可以上传文件的参数,-s是指定tftpd-hpa服务目录,上面已经指定
    
      sudo service tftpd-hpa restart
      tftp 127.0.0.1
      tftp>get test.txt
      tftp>put test1.txt
      tftp>q
    
  • 配置安装telnetd服务

        sudo apt-get install xinetd telnetd
        
    
         
         编辑文件/etc/xinetd.conf,并改后文件如下:
         # Simple configuration file for xinetd
         #
         # Some defaults, and include /etc/xinetd.d/
         defaults
         {
         # Please note that you need a log_type line to be able to use log_on_success
         # and log_on_failure. The default is the following :
         # log_type = SYSLOG daemon info
         instances = 60
         log_type = SYSLOG authpriv
         log_on_success = HOST PID
         log_on_failure = HOST
         cps = 25 30
         }
    
         另外可以修改telnet的监听端口,编辑文件/etc/services的如下行:
          telnet           23/tcp
    
         创建或编辑文件/etc/xinetd.d/telnet,使其内容如下:
    
         # default: on
         # description: The telnet server serves telnet sessions; it uses
         # unencrypted username/password pairs for authentication.
         service telnet
         {
           disable = no
           flags = REUSE
           socket_type = stream
           wait = no
           user = root
           server = /usr/sbin/in.telnetd
           log_on_failure += USERID
           only_from = 192.168.25.0/24 #Only users in 192.168.25.0 can access to
         }
    
         启动telnet服务:
         sudo /etc/init.d/xinetd restart
    
         注意:相关telnet日志将写入/var/log/auth.log (方便排障)
    
  • 配置nis client(需在console/图形界面里操作)

        sudo apt-get install nis
             按提示输入nisdomain
        
        在/etc/yp.conf中添加nis服务器映射条目
              domain nis.yourdomain server 10.X.X.X
    
        修改/etc/nsswitch.conf项目如下
               passwd: compat nis
               group:  compat nis
               shadow: compat nis
               hosts:  files mdns4_minimal [NOTFOUND=return] dns nis
    
        sudo service ypbind restart
    
        ypcat passwd  (查看用户数据)
    
  • 配置nfs client

       sudo apt-get install nfs-common
    
       修改/etc/idmapd.conf项目如下
           Domain = yourdomain.com
    
       initctl restart idmapd 
     
       mount -t nfs nfs.yourdomain.com:/home /home 
    
       修改/etc/fstab添加开机挂载nfs条目
       
          nfs.yourdomain.com:/home   /home  nfs     defaults        0       0
    
  • 配置vsftpd(PAM认证)

      sudo apt-get install vsftpd
    
       mkdir /home/OSP_DATA       #创建ftp的根目录
    
       修改配置 /etc/vsftpd.conf,内容如下
        listen=YES
        anonymous_enable=NO
        local_enable=YES
        dirmessage_enable=YES
        use_localtime=YES
        xferlog_enable=YES
        connect_from_port_20=YES
        xferlog_file=/var/log/vsftpd.log
        ftpd_banner=Welcome to OSP_Group FTP service.
        chroot_local_user=YES                                  
        secure_chroot_dir=/var/run/vsftpd/empty
        pam_service_name=vsftpd
        rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
        rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
        local_root=/home/OSP_DATA                            #将目录/home/OSP_DATA设置为ftp的根,否则会开放整个系统根/(非常不安全)
    
        重启服务: sudo service vsftpd restart
    

其他


  • 64bit系统编译安装32bit的Openssl

    setarch i486 ./config \
    --prefix=/opt/openssl-1.0.2c-test \
    no-zlib no-shared  no-dso -m32 
    
    386       Use the 80386 instruction set only (the default x86 code is
              more efficient, but requires at least a 486). Note: Use
              compiler flags for any other CPU specific configuration,
              e.g. "-m32" to build x86 code on an x64 system.
    
  • ubuntu禁用usb-storage

    echo "blacklist usb-storage" | sudo tee -a /etc/modprobe.d/blacklist.conf
    sudo update-initramfs -u
    
  • kvm中ubuntu运行异常的解决方法

    问题描述
    1. 登录后无法显示桌面标题栏和菜单
    2. cpu使用率100%
    解决方法
    sudo apt-get remove xserver-xorg-video-qxl

推荐阅读更多精彩内容