Saitin Sabar Farko tare da Ubuntu 20.04/18.04 da 16.04

Wannan koyawa za ta jagorance ku akan matakan farko na asali da kuke buƙatar saitawa akan sabon sabar Ubuntu da aka shigar domin ƙara tsaro da amincin sabar ku.

Saitunan da aka bayyana a cikin wannan batu kusan iri ɗaya ne ga duk tsarin uwar garken Ubuntu, dangane da tushen tsarin OS, ko an shigar da Ubuntu akan sabar sabar ƙarfe, a cikin injin kama-da-wane mai zaman kansa ko na'ura mai kama da zaƙi a cikin jama'a na VPS. girgije.

• Ubuntu 20.04 Sabar Sabar
• Ubuntu 18.04 Shigar uwar garken
• Ubuntu 16.04 Sabar uwar garke

Sabuntawa da haɓaka Tsarin Ubuntu

Mataki na farko da kuke buƙatar kulawa idan akwai sabon shigarwa na uwar garken Ubuntu ko sabon Ubuntu VPS da aka tura shine tabbatar da tsarin da duk abubuwan tsarin, kamar kernel, facin tsaro.

Don sabunta uwar garken Ubuntu, don shiga cikin na'ura mai kwakwalwa ta uwar garke tare da asusu tare da tushen gata ko kai tsaye a matsayin tushen kuma gudanar da umarnin da ke ƙasa don aiwatar da sabuntawa da haɓakawa.

$ sudo apt update 

Bayan gudanar da umarnin sabuntawa, zaku ga adadin fakitin da aka samo don haɓaka tsari da kuma umarnin da aka yi amfani da shi don lissafin haɓaka fakiti.

$ sudo apt list --upgradable

Bayan kun tuntubi jerin fakitin da ke akwai don haɓakawa, ba da umarnin da ke ƙasa don fara aiwatar da haɓaka tsarin.

$ sudo apt upgrade

Domin cire duk fakitin biyan kuɗi da aka zazzage cikin gida da duk sauran abubuwan da suka dace-samun caches, aiwatar da umarnin da ke ƙasa.

$ sudo apt autoremove
$ sudo apt clean

Ƙirƙiri Sabon Asusu a cikin Ubuntu

Ta hanyar tsoho, azaman ma'aunin tsaro, tushen asusun yana kashe gaba ɗaya a cikin Ubuntu. Domin ƙirƙirar sabon asusu akan tsarin, shiga cikin tsarin tare da mai amfani da asusun tare da tushen gata kuma ƙirƙirar sabon asusu tare da umarnin da ke ƙasa.

Za a ba da wannan sabon asusun tare da gata na tushen ikon ta hanyar umarnin sudo kuma za a yi amfani da shi don yin ayyukan gudanarwa a cikin tsarin. Tabbatar kun saita kalmar sirri mai ƙarfi don kare wannan asusun. Bi adduser faɗakarwa don saita bayanan mai amfani da kalmar wucewa.

$ sudo adduser ubuntu_user

Idan za a sanya wannan asusun zuwa wani mai gudanarwa na tsarin, zaku iya tilasta mai amfani ya canza kalmar sirrinsa a farkon rajistar shiga ta hanyar ba da umarni mai zuwa.

$ sudo chage -d0 ubuntu_user

A yanzu, sabon mai amfani da aka ƙara ba zai iya yin ayyukan gudanarwa ta hanyar sudo utility. Don ba da wannan sabon asusun mai amfani tare da gata na gudanarwa yakamata ku ƙara mai amfani zuwa rukunin tsarin \sudo ta hanyar ba da umarnin da ke ƙasa.

$ sudo usermod -a -G sudo ubuntu_user

Ta hanyar tsoho, duk masu amfani da ke cikin rukunin “sudo” ana ba su damar aiwatar da umarni tare da tushen gata ta hanyar sudo utility. Dole ne a yi amfani da umarnin Sudo kafin rubuta umarnin da ake buƙata don aiwatarwa, kamar yadda aka nuna a cikin misalin da ke ƙasa.

$ sudo apt install package_name

Gwada idan sabon mai amfani yana da tushen gata da aka bayar, ta hanyar shiga cikin tsarin kuma gudanar da ingantaccen umarni na sabuntawa wanda aka riga aka yi shi da sudo.

$ su - ubuntu_user
$ sudo apt update

Sanya Sunan Mai watsa shiri a cikin Ubuntu

Yawancin lokaci, ana saita sunan mai masaukin injin a lokacin tsarin shigarwa na tsarin ko lokacin da aka halicci VPS a cikin girgije. Koyaya, yakamata ku canza sunan na'urar ku don mafi kyawun nuna inda uwar garken ku ke nufi ko don ƙarin bayanin manufarsa ta ƙarshe.

A cikin wani babban kamfani, ana sanya ma injin suna da tsarin tsarin sawa mai sarkakiya don a sauƙaƙe gano injin a cikin rumbun bayanan. Misali, idan na'urar ku ta Ubuntu zata yi aiki da sabar saƙo, sunan injin yakamata ya nuna wannan gaskiyar kuma zaku iya saita sunan mai masaukin na'ura kamar mx01.mydomain.lan, alal misali.

Don nuna cikakkun bayanai game da sunan mai masaukin injin ku gudanar da umarni mai zuwa.

$ hostnamectl

Domin canza sunan injin ku, ba da umarnin hostnamectl tare da sabon sunan da zaku saita don injin ku, kamar yadda aka kwatanta a cikin sashin ƙasa.

$ sudo hostnamectl set-hostname tecmint

Tabbatar da sabon sunan tsarin ku tare da ɗayan umarni na ƙasa.

$ hostname
$ hostname -s
$ cat /etc/hostname 

Saita SSH tare da Tabbatar da Maɓallin Jama'a a cikin Ubuntu

Don haɓaka matakin tsaro na tsarin uwar garken Ubuntu, yakamata ku saita ingantaccen maɓalli na jama'a na SSH don asusun gida. Domin samar da SSH Key Pair, maɓalli na jama'a da masu zaman kansu, tare da ƙayyadadden tsayin maɓalli, kamar 2048 bits, aiwatar da umarni mai zuwa a na'ura mai ba da hanya tsakanin hanyoyin sadarwa.

Tabbatar cewa kun shiga cikin tsarin tare da mai amfani da kuke saita maɓallin SSH.

$ su - ubuntu_user
$ ssh-keygen -t RSA -b 2048

Yayin da maɓalli ke ƙirƙira, za a sa ka ƙara kalmar wucewa don amintar maɓallin. Kuna iya shigar da kalmar wucewa mai ƙarfi ko zaɓi barin kalmar wucewa babu komai idan kuna son sarrafa ayyuka ta uwar garken SSH.

Bayan an ƙirƙiro maɓallin SSH, zaku iya kwafi maɓallin jama'a zuwa sabar mai nisa ta aiwatar da umarnin da ke ƙasa. Don shigar da maɓallin jama'a zuwa uwar garken SSH mai nisa za ku buƙaci asusun mai amfani mai nisa tare da madaidaitan izini da takaddun shaida don shiga uwar garken nesa.

$ ssh-copy-id [email _server

Ya kamata ku sami damar shiga ta atomatik ta hanyar SSH zuwa uwar garken nesa ta amfani da hanyar tantance maɓalli na jama'a. Ba za ku buƙaci ƙara kalmar wucewa ta mai amfani ba yayin amfani da ingantaccen maɓalli na jama'a na SSH.

Bayan kun shiga cikin uwar garken nesa, zaku iya fara aiwatar da umarni, kamar umarnin w don lissafin ssh nesa masu shiga, kamar yadda aka nuna a hoton da ke ƙasa.

Buga fita a cikin na'ura wasan bidiyo don rufe zaman SSH mai nisa.

$ ssh [email _server
$ w
$ exit

Don ganin abun ciki na maɓallin SSH na jama'a domin shigar da maɓallin zuwa uwar garken SSH mai nisa da hannu, ba da umarni mai zuwa.

$ cat ~/.ssh/id_rsa.pub

Amintaccen SSH Server a cikin Ubuntu

Domin tabbatar da SSH daemon ya kamata ka canza tsoho lambar tashar tashar SSH daga 22 zuwa tashar jiragen ruwa bazuwar, sama da 1024, kuma ka hana SSH damar shiga tushen asusun ta hanyar kalmar sirri ko maɓalli, ta buɗe babban fayil ɗin uwar garken SSH kuma sanya shi bin canje-canje.

$ sudo vi /etc/ssh/sshd_config

Da farko, bincika layin da aka yi sharhi #Port22 kuma ƙara sabon layi a ƙasa (maye gurbin lambar tashar tashar sauraron daidai):

Port 2345

Kar a rufe fayil ɗin, gungura ƙasa sannan ka nemi layin #PermitRootLogin eh, ba da amsa ga layin ta hanyar cire alamar # (hashtag) daga farkon layin kuma gyara layin don yin kama da wanda aka nuna a cikin sashin ƙasa.

PermitRootLogin no

Bayan haka, sake kunna uwar garken SSH don amfani da sababbin saitunan kuma gwada tsarin ta ƙoƙarin shiga daga na'ura mai nisa zuwa wannan uwar garke tare da asusun tushen ta hanyar sabon lambar tashar jiragen ruwa. Dole ne a iyakance damar yin amfani da tushen asusun ta hanyar SSH.

$ sudo systemctl restart sshd

Hakanan, gudanar da umarnin grep don nuna sabon lambar tashar tashar sauraro don uwar garken SSH.

$ sudo ss -tlpn| grep ssh
$ sudo netstat -tlpn| grep ssh

Akwai yanayi inda zaku so cire haɗin duk haɗin SSH na nesa da aka kafa cikin sabar ku ta atomatik bayan lokacin rashin aiki.

Domin kunna wannan fasalin, aiwatar da umarnin da ke ƙasa, wanda ke ƙara canjin bash TMOUT zuwa asusun ku .bashrc ɓoye fayil kuma yana tilasta kowane haɗin SSH da aka yi tare da sunan mai amfani don cire haɗin ko fita bayan mintuna 5 na rashin aiki.

$ echo 'TMOUT=300' >> .bashrc

Gudun umarnin wutsiya don bincika idan an ƙara mai canzawa daidai a ƙarshen fayil ɗin .bashrc. Duk haɗin SSH na gaba za a rufe ta atomatik bayan mintuna 5 na rashin aiki daga yanzu.

$ tail .bashrc

A cikin hoton da ke ƙasa, zaman SSH mai nisa daga injin drupal zuwa uwar garken Ubuntu ta hanyar asusun ubuntu_user an ƙare shi da fita ta atomatik bayan mintuna 5.

Sanya Ubuntu Firewall UFW

Kowane uwar garken yana buƙatar ingantaccen tsarin Tacewar zaɓi don tabbatar da tsarin a matakin cibiyar sadarwa. UFW uwar garken yana amfani da aikace-aikacen UFW don sarrafa ka'idodin iptables akan sabar.

Bincika matsayin aikace-aikacen Tacewar zaɓi na UFW a cikin Ubuntu ta hanyar ba da umarnin da ke ƙasa.

$ sudo systemctl status ufw
$ sudo ufw status

Yawancin lokaci, UFW Firewall daemon yana aiki a cikin uwar garken Ubuntu, amma ba a aiwatar da ƙa'idodin ta tsohuwa. Kafin kunna manufofin UFW Firewall a cikin tsarin ku, da farko ya kamata ku ƙara sabuwar doka don ba da damar zirga-zirgar SSH ta wuce ta Tacewar zaɓi ta tashar tashar SSH da aka canza. Ana iya ƙara ƙa'idar ta aiwatar da umarnin da ke ƙasa.

$ sudo ufw allow 2345/tcp

Bayan kun ba da izinin zirga-zirgar SSH, zaku iya kunna kuma duba aikace-aikacen tacewar ta UFW tare da umarni masu zuwa.

$ sudo ufw enable
$ sudo ufw status

Don ƙara sabbin ƙa'idodin Tacewar zaɓi don wasu sabis na cibiyar sadarwa da aka shigar daga baya akan sabar ku, kamar sabar HTTP, sabar saƙo ko wasu ayyukan cibiyar sadarwa, yi amfani da misalan umarnin Firewall na ƙasa azaman jagora.

$ sudo ufw allow http  #allow http traffic
$ sudo ufw allow proto tcp from any to any port 25,443  # allow https and smtp traffic

Don jera duk dokokin Tacewar zaɓi gudanar da umarnin da ke ƙasa.

$ sudo ufw status verbose

Saita Lokacin Sabar Ubuntu

Don sarrafawa ko bincika agogon uwar garken Ubuntu da sauran saitunan lokaci masu alaƙa, aiwatar da umarnin timedatectl ba tare da gardama ba.

Domin canza saitunan yankin lokaci na uwar garken ku, fara aiwatar da umurnin timedatectl tare da gardamar jerin lokuta don jera duk wuraren da ake da su sannan, sannan, saita yankin lokaci na tsarin ku kamar yadda aka nuna a cikin sashin ƙasa.

$ sudo timedatectl 
$ sudo timedatectl list-timezones 
$ sudo timedatectl set-timezone Europe/Vienna

Za a iya amfani da sabon tsarin daemon abokin ciniki na systemd-timesyncd a cikin Ubuntu don samar da ingantaccen lokaci don sabar ku a cikin hanyar sadarwa da aiki tare da lokaci tare da sabar takwarorin lokaci na sama.

Don amfani da wannan sabon fasalin Systemd, gyara fayil ɗin daidaitawar tsarin daemon na systemd-timesyncd kuma ƙara sabar NTP mafi kusa zuwa layin bayanin NTP, kamar yadda aka nuna a cikin faifan fayil ɗin ƙasa:

$ sudo nano /etc/systemd/timesyncd.conf

Ƙara saitin mai zuwa zuwa fayil timesyncd.conf:

[Time]
NTP=0.pool.ntp.org 1.pool.ntp.org
FallbackNTP=ntp.ubuntu.com

Don ƙara sabar NTP mafi kusa da ku, tuntuɓi jerin sabar aikin tafkin NTP a adireshin mai zuwa: http://www.pool.ntp.org/en/

Bayan haka, sake kunna daemon na Systemd timesync don nuna canje-canje da duba halin daemon ta hanyar aiwatar da umarnin da ke ƙasa. Bayan sake kunnawa, daemon zai fara daidaita lokaci tare da sabon abokin sabar ntp.

$ sudo systemctl restart systemd-timesyncd.service 
$ sudo systemctl status systemd-timesyncd.service

Kashe kuma Cire Ayyukan da Ba Bukata ba a cikin Ubuntu

Domin samun jerin duk sabis na hanyar sadarwa na TCP da UDP sama-da-gudu ta tsohuwa a cikin uwar garken Ubuntu, aiwatar da ss ko netstat umurnin.

$ sudo netstat -tulpn
OR
$ sudo ss -tulpn

Yin kallo tare da sakin Ubuntu 16.10, tsohuwar mai warwarewar DNS yanzu ana sarrafa shi ta hanyar tsarin da aka warware, kamar yadda fitowar netstat ko umarnin ss ya bayyana.

Hakanan yakamata ku duba yanayin sabis ɗin da aka warware tsarin ta hanyar gudanar da umarni mai zuwa.

$ sudo systemctl status systemd-resolved.service

Sabis ɗin da aka warware na tsarin yana ɗaure akan duk mu'amalar hanyar sadarwa da aka kunna kuma yana sauraron tashar jiragen ruwa 53 da 5355 TCP da UDP.

Gudanar da tsarin caching DNS daemon akan sabar samarwa na iya zama haɗari saboda yawan hare-haren DDOS da masu satar kutse ke yi akan sabar DNS marasa tsaro.

Domin dakatar da kashe wannan sabis ɗin, aiwatar da waɗannan umarni.

$ sudo systemctl stop systemd-resolved
$ sudo systemctl disable systemd-resolved

Tabbatar idan an dakatar da sabis ɗin kuma an kashe shi ta hanyar ba da umarnin ss ko netstat. Mashigai na sauraren tsarin da aka warware, 53 da 5355 TCP da UDP, bai kamata a jera su cikin fitar da umarni na netstat ko ss ba, kamar yadda aka kwatanta a ƙasa.

Hakanan ya kamata ku sake yin na'ura don musaki gabaɗaya duk sabis ɗin daemon da aka warware kuma a maido da tsoho fayil /etc/resolv.conf.

$ sudo ss -tulpn
$ sudo netstat -tulpn
$ sudo systemctl reboot

Ko da yake, kun kashe wasu sabis ɗin sadarwar da ba'a so suyi aiki a cikin uwar garken ku, akwai kuma wasu ayyuka da aka girka da gudana a cikin tsarin ku, kamar tsarin lxc da sabis na snapd. Ana iya gano waɗannan ayyukan cikin sauƙi ta hanyar saman ko umarnin pstree.

$ sudo ps aux
$ sudo top
$ sudo pstree

Idan ba za ku yi amfani da ingantaccen kwantena na LXC a cikin uwar garken ku ba ko fara shigar da software da aka haɗa ta hanyar sarrafa fakitin Snap, ya kamata ku kashe gabaɗaya kuma cire waɗannan ayyukan, ta hanyar ba da umarni na ƙasa.

$ sudo apt autoremove --purge lxc-common lxcfs
$ sudo apt autoremove --purge snapd

Shi ke nan! Yanzu, an shirya uwar garken Ubuntu don shigar da ƙarin software da ake buƙata don sabis na cibiyar sadarwa na al'ada ko aikace-aikace, kamar shigarwa da daidaita sabar gidan yanar gizo, sabar bayanai, sabis na raba fayil ko wasu takamaiman aikace-aikace.