ubuntu jaunty已经发布了,服务器现在的版本还是hardy,正好遇到了奇怪的问题,所以就想升级了。
sudo aptitude install update-manager-core
然后修改/etc/update-manager/release-upgrades文件内容,把
Prompt=lts
修改为:
Prompt=normal
然后开始升级:
sudo do-release-upgrade
注意:
1 在升级过程中有个提示,是否要继续操作,其中提示为[yN],但在中文locale下需要输入"是“,估计这是个翻译的BUG?
2 apache在升级后会产生问题,导致所有的网站都定向到默认网站了,需要修改/etc/apache2/ports.conf文件,把
NameVirtualHost *:80
给注释掉,然后在修改默认网站/etc/apache2/sites-enable/000-default,在第一行添加:
NameVirtualHost *
主要就是防止黑客和木马等rootkit。
1. ssh中禁止root登录
2. 安装防病毒程序,这对提供了邮件服务的系统非常重要。
sudo aptitude install clamav clamav-freshclam
3. 安装chkrootkit和rkhunter
sudo aptitude install chkrootkit rkhunter
4. 自动转发检查结果到你的邮箱,修改/etc/aliases
your_username: your_email
原有域服务器出问题了,为了安全性考虑,就在DEBIAN上用SAMBA架设了一个域服务器。
/etc/samba/smb.conf的内容:
[global]
workgroup = WESTGIS
netbios name = heihe
passdb backend = tdbsam
printcap name = cups
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/groupmod -A %u %g
delete user from group script = /usr/sbin/groupmod -R %u %g
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u
# Note: The following specifies the default logon script.
# Per user logon scripts can be specified in the user account using pdbedit
logon script = scripts\logon.bat
# This sets the default profile path. Set per user paths with pdbedit
logon path = \\%L\Profiles\%U
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
printing = cups
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
# Printing auto-share (makes printers available thru CUPS)
[printers]
comment = All Printers
path = /var/spool/samba
printer admin = root, wlx
create mask = 0600
guest ok = Yes
printable = Yes
browseable = No
[print$]
comment = Printer Drivers Share
path = /var/lib/samba/drivers
write list = wlx, root
printer admin = wlx, root
# Needed to support domain logons
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root, maryo
guest ok = Yes
browseable = No
# For profiles to work, create a user directory under the path
# shown. i.e., mkdir -p /var/lib/samba/profiles/maryo
[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
参考http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#id2527688
目前还存在一些问题:
用户的策略设置、每次登录都有提示