diff --git a/.bashrc b/.bashrc index 9bd40e8..ee69a19 100644 --- a/.bashrc +++ b/.bashrc @@ -32,6 +32,15 @@ export CVS_RSH=ssh #fi # Define aliases: +# Think twice before deletion. Though troublesome but strongly recommended! +alias rm='rm -i' +# Request X tunneling for SSH: +alias ssh='ssh -C -X' +# Always use compression for CVS: +alias cvs='cvs -z9' + +alias ps='ps -elf' + # Always list long directory and time. if uname | grep 'Darwin'; then @@ -48,15 +57,6 @@ fi #export CLICOLOR='Yes' #是否输出颜色 #export LSCOLORS='CxfxcxdxbxegedabagGxGx' #指定颜色 -# Think twice before deletion. Though troublesome but strongly recommended! -alias rm='rm -i' -# Request X tunneling for SSH: -alias ssh='ssh -C -X' -# Always use compression for CVS: -alias cvs='cvs -z9' - -alias ps='ps -elf' - # Set default file permission mask: umask 022 # rwxr-xr-x diff --git a/README.md b/README.md new file mode 100644 index 0000000..7539439 --- /dev/null +++ b/README.md @@ -0,0 +1,6 @@ +远程服务器使用策略: +* 统一使用 debian 系统。 +* 禁止 root 用户远程登录,另建 adot (admin+root) 用户用于远程登录。 +* 软件、配置安装在 /faronear 目录下,尽量保持与 git 仓库的路径一致,例如 /faronear/tic/wallet/dist/ +* /faronear 允许 adot 访问,但必须把其中机密文件的权限设置到最小。 +* 用 adot 账号远程登录后,su 后启动软件。 \ No newline at end of file diff --git a/setup-debian.sh b/setup-debian.sh index 9bc5905..d985220 100644 --- a/setup-debian.sh +++ b/setup-debian.sh @@ -11,31 +11,31 @@ fi apt update apt install -y emacs git curl screen sudo automake -echo ">>> Making dir /faronear" +echo "<<< Making dir /faronear" if [ ! -d "/faronear" ] then mkdir /faronear fi -echo ">>> Making dir /faronear/lib" +echo "<<< Making dir /faronear/lib" if [ ! -d "/faronear/lib" ] then mkdir /faronear/lib fi -echo ">>> Git cloning to /faronear/lib/sysconfig" +echo "<<< Git cloning to /faronear/lib/sysconfig" if [ ! -d "/faronear/lib/sysconfig" ] then git clone https://git.faronear.org/lib/sysconfig /faronear/lib/sysconfig fi -echo ">>> Configure home" +echo "<<< Configure home" if [ ! -f "~/.bashrc.backup" ] then . /faronear/lib/sysconfig/setup-home.sh fi -echo ">>> Change root password" +echo "<<< Change root password" passwd -echo ">>> Add a new user" +echo "<<< Add a new user" useradd $User # usermod -a -G sudo $User # Add to sudo group passwd $User @@ -47,18 +47,18 @@ sed -i "s/\/home\/$User:\/bin\/sh$/\/home\/$User:\/bin\/bash/g" /etc/passwd # Debian 9 default to empty sed -i "s/\/home\/$User:$/\/home\/$User:\/bin\/bash/g" /etc/passwd -echo ">>> Allow sudo without password: %sudo ALL=(ALL:ALL) NOPASSWD:ALL" +echo "<<< Allow sudo without password: %sudo ALL=(ALL:ALL) NOPASSWD:ALL" chmod o+w /etc/sudoers # emacs /etc/sudoers sed -i "s/%sudo\s\+ALL=(ALL:ALL)\sALL/%sudo\tALL=(ALL:ALL) NOPASSWD:ALL/g" /etc/sudoers chmod o-w /etc/sudoers -echo ">>> Disallow root login: #PermitRootLogin yes" +echo "<<< Disallow root login: #PermitRootLogin yes" # emacs /etc/ssh/sshd_config sed -i "s/^PermitRootLogin yes/#PermitRootLogin yes/g" /etc/ssh/sshd_config service sshd restart -echo ">>> Configure autostart" +echo "<<< Configure autostart" if [ -f /etc/rc.local ] then mv /etc/rc.local /etc/rc.local.backup @@ -69,15 +69,10 @@ echo '#!/bin/bash' > /etc/rc.local # can't omit, otherwise you can't launch pm2 echo 'source /faronear/autostart.sh' >> /etc/rc.local # make sure to sudo pm2 in autostart.sh, otherwise pm2 list can't find it as root. touch /faronear/autostart.sh chmod +x /faronear/autostart.sh -echo '<<< Autostart is set. You can "systemctl start/stop/status rc-local" to manage it.' +echo '>>> Autostart is set. You can "systemctl start/stop/status rc-local" to manage it.' -echo ">>> Configure locales: install all-locales, default to zh-CN.UTF-8" +echo "<<< Configure locales: install all-locales, default to zh-CN.UTF-8" dpkg-reconfigure locales -echo "系统设置完毕。" -echo "远程服务器使用策略:" -echo "* 统一使用 debian 系统。" -echo "* 禁止 root 用户远程登录,另建 adot (admin+root) 用户用于远程登录。" -echo "* 软件、配置安装在 /faronear 目录下,尽量保持与 git 仓库的路径一致,例如 /faronear/tic/wallet/dist/" -echo "* /faronear 允许 adot 访问,但必须把其中机密文件的权限设置到最小。" -echo "* 用 adot 账号远程登录后,su 后启动软件。" +echo "<<< Debian System Setup Completed >>>" +