qnote:debian
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| qnote:debian [2023/09/15 17:15] – k | qnote:debian [2025/07/27 11:57] (current) – k | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ===== Быстрые заметки по Debian ===== | ===== Быстрые заметки по Debian ===== | ||
| + | |||
| + | ==== vi, стрелки, | ||
| + | |||
| + | В интерактивном режиме вместо стрелок печатаются символы A B C D. \\ | ||
| + | Надо поправить файл / | ||
| + | |||
| + | < | ||
| + | # sed -i 's/set compatible/ | ||
| + | </ | ||
| + | |||
| + | Для подстраховки можно сначала дать команду без ключа " | ||
| + | |||
| + | |||
| + | ==== scp на Debian12 ==== | ||
| + | |||
| + | https:// | ||
| + | |||
| + | < | ||
| + | subsystem request failed on channel 0 | ||
| + | scp: Connection closed | ||
| + | </ | ||
| + | |||
| + | < | ||
| + | # scp -O -P 8990 -r | ||
| + | </ | ||
| + | |||
| + | ==== Инструменты snmp ==== | ||
| + | |||
| + | На Debian12 snmpwalk входит в состав пакета snmp | ||
| + | |||
| + | < | ||
| + | apt install snmp | ||
| + | </ | ||
| + | |||
| + | В минимальной установке Debian12 нет справочников MIB для убобной работы snmpwalk.\\ | ||
| + | Справочники ставятся через установку пакета [[https:// | ||
| + | |||
| + | Пакет находится в репозиториях non-free. \\ | ||
| + | В файле / | ||
| + | |||
| + | < | ||
| + | apt update | ||
| + | apt install snmp-mibs-downloader | ||
| + | </ | ||
| + | |||
| + | ==== deluser ==== | ||
| + | |||
| + | < | ||
| + | # deluser--remove-home test-user12 | ||
| + | </ | ||
| + | |||
| + | ==== useradd ==== | ||
| + | |||
| + | < | ||
| + | useradd -g netadm -d / | ||
| + | </ | ||
| + | |||
| + | |||
| + | ==== Директория " | ||
| + | |||
| + | Команда ssh-keygen не создаёт директорию .ssh, надо сделать руками. | ||
| + | |||
| + | < | ||
| + | mkdir ~/ | ||
| + | chmod 700 ~/.ssh | ||
| + | </ | ||
| + | |||
| + | ==== Возвращаемся к iptables в Debian 11 ==== | ||
| + | |||
| + | <WRAP center round todo 60%> | ||
| + | [[https:// | ||
| + | |||
| + | Еще раз подумать, | ||
| + | </ | ||
| + | |||
| + | |||
| + | [[https:// | ||
| + | |||
| + | < | ||
| + | < | ||
| + | apt remove --auto-remove nftables | ||
| + | apt purge nftables | ||
| + | </ | ||
| + | |||
| + | Ставим iptables | ||
| + | < | ||
| + | apt install iptables | ||
| + | apt install iptables-persistent | ||
| + | </ | ||
| + | |||
| + | Пишем первые правила в "/ | ||
| + | < | ||
| + | *filter | ||
| + | :INPUT ACCEPT [0:0] | ||
| + | :FORWARD ACCEPT [0:0] | ||
| + | :OUTPUT ACCEPT [0:0] | ||
| + | -A INPUT -m state --state RELATED, | ||
| + | -A INPUT -p icmp -j ACCEPT | ||
| + | -A INPUT -i lo -j ACCEPT | ||
| + | #SSH | ||
| + | -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -s x.x.x.x/32 -j ACCEPT | ||
| + | #LAST_RULES | ||
| + | -A INPUT -j REJECT --reject-with icmp-host-prohibited | ||
| + | -A FORWARD -j REJECT --reject-with icmp-host-prohibited | ||
| + | COMMIT | ||
| + | </ | ||
| + | |||
| + | Пишем первые правила в "/ | ||
| + | < | ||
| + | *filter | ||
| + | :INPUT ACCEPT [0:0] | ||
| + | :FORWARD ACCEPT [0:0] | ||
| + | :OUTPUT ACCEPT [0:0] | ||
| + | -A INPUT -m state --state RELATED, | ||
| + | -A INPUT -p ipv6-icmp -j ACCEPT | ||
| + | -A INPUT -i lo -j ACCEPT | ||
| + | #-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT | ||
| + | #-A INPUT -d fe80::/64 -p udp -m udp --dport 546 -m state --state NEW -j ACCEPT | ||
| + | #LAST-RULES | ||
| + | -A INPUT -j REJECT --reject-with icmp6-adm-prohibited | ||
| + | -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited | ||
| + | COMMIT | ||
| + | </ | ||
| + | |||
| + | Запускаем iptables. | ||
| + | < | ||
| + | systemctl start iptables ip6tables | ||
| + | systemctl status iptables ip6tables | ||
| + | systemctl enable iptables ip6tables | ||
| + | iptables -S | ||
| + | </ | ||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | ==== Первые пакеты ==== | ||
| + | |||
| + | < | ||
| + | apt update | ||
| + | apt install mc joe bind9-utils man traceroute htop iftop net-tools telnet tcpdump | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| ==== Ставим ssh-сервер ==== | ==== Ставим ssh-сервер ==== | ||
| Line 6: | Line 149: | ||
| apt update | apt update | ||
| apt install openssh-server | apt install openssh-server | ||
| - | systemctl | + | systemctl |
| systemctl enable ssh | systemctl enable ssh | ||
| </ | </ | ||
| Line 43: | Line 186: | ||
| ==== Настройка ip ==== | ==== Настройка ip ==== | ||
| + | |||
| + | === Настройка руками === | ||
| Поднимаем интерфейс. | Поднимаем интерфейс. | ||
| Line 61: | Line 206: | ||
| </ | </ | ||
| - | {{tag> | + | === Настройка в interfaces === |
| + | |||
| + | |||
| + | |||
| + | Правим / | ||
| + | < | ||
| + | # This file describes the network interfaces available on your system | ||
| + | # and how to activate them. For more information, | ||
| + | |||
| + | source / | ||
| + | |||
| + | # The loopback network interface | ||
| + | auto lo | ||
| + | iface lo inet loopback | ||
| + | |||
| + | auto ens18 | ||
| + | iface ens18 inet static | ||
| + | address x.x.x.99 | ||
| + | netmask 255.255.255.0 | ||
| + | gateway x.x.x.1 | ||
| + | dns-nameservers 8.8.8.8 | ||
| + | </ | ||
| + | |||
| + | Перезапускаем networking. | ||
| + | < | ||
| + | systemctl start networking | ||
| + | systemctl enable networking | ||
| + | </ | ||
| + | |||
| + | <WRAP center round todo 60%> | ||
| + | После первичной ручной настройки, | ||
| + | Доделать. | ||
| + | </ | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | {{tag> | ||
qnote/debian.1694787335.txt.gz · Last modified: by k