LINUX:UBUNTU SETUP

구차니의 잡동사니 위키
이동: 둘러보기, 찾기

목차

설치 목록 확인

$ dpkg --get-selections

설치 패키지

$ sudo apt-get install htop mc vim dstat gsmartcontrol lm-sensors ssh samba system-config-samba libnss-winbind kdiff3 meld apache2 mysql-server mysql-client-5.5 php5 php5-mysql php5- d nfs-kernel-server build-essential chromium-browser vlc xbmc
$ sudo apt-get install htop mc vim ssh samba system-config-samba libnss-winbind build-essential ctags subversion git-core
$ sudo apt-get install fail2ban 
  • 개발
    • build-essential
    • vim
    • kdiff3
    • meld
    • ctags
    • subversion
    • git-core
  • 보안
    • fail2ban
  • 서버 데몬
    • ssh
    • samba
    • system-config-samba
    • nfs-kernel-server
  • 웹 서버 (lamp)
    • apache2
    • mysql-server
    • mysql-client-5.5
    • php5
    • php5-mysql
    • php5-gd
    • openssl
  • 웹 및 db 관리
    • webalizer
    • phpmyadmin
  • GUI 유틸
    • chromium-browser
    • vlc
    • xbmc
  • 시스템 유틸
    • dstat
    • gsmartcontrol
    • lm-sensors
    • htop
    • mc
  • 기타
    • libnss-winbind

서버 설정

sshd/login 설정

  • DNS 조회로 인해 로그인이 느려지는 현상 방지

UseDNS 관련 내용을 한줄 추가한다.

$ sudo vi /etc/ssh/sshd_config
UseDNS no
  • ssh 로그인시 패키지 업데이트 숫자 카운트로 인해 느려지는 현상 방지

아래의 두개 파일을 실행하지 않도록 ssh 로그인 시 마다 출력이 되지 않음

$ sudo vi /etc/update-motd.d/90-updates-available
#!/bin/sh

#if [ -x /usr/lib/update-notifier/update-motd-updates-available ]; then
#    exec /usr/lib/update-notifier/update-motd-updates-available
#fi
$ sudo vi /etc/update-motd.d/91-release-upgrade
#!/bin/sh

# if the current release is under development there won't be a new one
if [ "$(lsb_release -sd | cut -d' ' -f4)" = "(development" ]; then
    exit 0
fi
#if [ -x /usr/lib/ubuntu-release-upgrader/release-upgrade-motd ]; then
#    exec /usr/lib/ubuntu-release-upgrader/release-upgrade-motd
#fi

fail2ban 설정

brute force 공격 방어용 (1분에 5번 실패시 30일간 차단)

$ sudo apt-get install fail2ban 
$ sudo vi /etc/fail2ban/jail.conf
[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.0.0/16
ignorecommand =
bantime  = 2592000
findtime = 60
maxretry = 5

[ssh]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 5

[apache]
enabled  = false
port     = http,https
filter   = apache-auth
logpath  = /var/log/apache*/*error.log
maxretry = 5

수동차단

$ sudo fail2ban-client set ssh banip 192.168.0.0/24

차단상태보기

$ sudo fail2ban-client status

차단된 목록 수집

$ vi /etc/fail2ban/action.d/iptables-multiport24.conf
[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart = iptables -N fail2ban-<name>
              iptables -A fail2ban-<name> -j RETURN
              iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
              # Persistent banning of IPs
              cat /etc/fail2ban/ip.blacklist | while read IP; do iptables -I fail2ban-<name> 1 -s $IP/24 -j DROP; done

actionban = iptables -I fail2ban-<name> 1 -s <ip>/24 -j <blocktype>
            echo <ip> >> /etc/fail2ban/ip.blacklist
$ vi /etc/fail2ban/action.d/iptables-multiport.conf
[Definition]
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
            echo <ip> >> /etc/fail2ban/ip.blacklist

lightdm

한글 폰트 출력 문제
$ sudo apt-get install ttf-unfonts-core
lightdm 자동 실행 끄기
$ echo  "manual" | sudo tee -a /etc/init/lightdm.override
모니터 없이 lightdm 구동
$ sudo apt-get install xserver-xorg-video-dummy
$ cat /etc/X11/xorg.conf
# nvidia-settings: X configuration file generated by nvidia-settings
# nvidia-settings:  version 295.33  (buildd@zirconium)  Fri Mar 30 13:38:49 UTC 2012

Section "ServerLayout"
    Identifier     "Layout0"
    Screen      0  "Screen0" 0 0
    InputDevice    "Keyboard0" "CoreKeyboard"
    InputDevice    "Mouse0" "CorePointer"
    Option         "Xinerama" "0"
EndSection

Section "Files"
EndSection

Section "InputDevice"
    # generated from default
    Identifier     "Mouse0"
    Driver         "mouse"
    Option         "Protocol" "auto"
    Option         "Device" "/dev/psaux"
    Option         "Emulate3Buttons" "no"
    Option         "ZAxisMapping" "4 5"
EndSection

Section "InputDevice"
    # generated from default
    Identifier     "Keyboard0"
    Driver         "kbd"
EndSection

Section "Monitor"
    # HorizSync source: edid, VertRefresh source: edid
    Identifier     "Monitor0"
    VendorName     "Unknown"
    ModelName      "Budzetron ANALOG"
    HorizSync       30.0 - 80.0
    VertRefresh     50.0 - 75.0
    Option         "DPMS"
EndSection

Section "Device"
    Identifier     "Device0"
    Driver         "nvidia"
    VendorName     "NVIDIA Corporation"
    BoardName      "ION"
EndSection

Section "Screen"
    Identifier     "Screen0"
    Device         "Device0"
    Monitor        "Monitor0"
    DefaultDepth    24
    Option         "TwinView" "0"
    Option         "metamodes" "1280x1024_60 +0+0"
    Option         "ConnectedMonitor" "CRT-0"
    Option         "UseDisplayDevice" "CRT-0"
    SubSection     "Display"
        Depth       24
	Modes       "1280x1024"
    EndSubSection
EndSection

tftp 설정

$ sudo aptg-get install xinetd tftp tftpd
$ sudo vi /etc/xinetd.d/tftp
service tftp
{
   protocol = udp
   socket_type = dgram
   wait = yes
   server = /usr/sbin/in.tftpd
   server_args = -s /tftpboot
   disable = no
   user = nobody 
}


webalizer 설정

GeoIP 설정을 통해 국가별 접속 아이피 통계 활성화

$ sudo apt-get install webalizer
$ sudo vi /etc/webalizer/webalizer.conf
GeoIP		no
GeoIPDatabase	/usr/share/GeoIP/GeoIP.dat

어플리케이션 설정

vi 설정

vimrc 설정

개인 환경설정 파일이다.

$ vi ~/.vimrc
set hlsearch
syntax on
set nu
vi 환경 설정

공용 환경설정 파일이다.

$ sudo vi /etc/vim/vimrc
set hlsearch
syntax on
set nu

bash alias 설정

$ vi ~/.bashrc
alias ll='ls -al'

wins 설정

$  sudo apt-get install libnss-winbind
$  sudo vi /etc/nsswitch.conf 
hosts:          files mdns4_minimal [NOTFOUND=return] dns wins

설정 유틸리티

  • vino-preferences lightdm 내장 VNC 서버 설정
  • system-config-samba
개인 도구
이름공간

변수
행위
둘러보기
도구모음