系统挂载的一些限制 根目录/是必须挂载的，而且一定要先于其他mount point被挂载进来。 其他挂载点必须为已新建的目录，可任意指定，但一定要遵守必需的系统目录架

IMG file Make dd if=/dev/zero of=fdimage.img count=2880 # or dd if=/dev/zero of=fdimage.img bs=1024 count=1440 Format mkfs.msdos fdimage.img Mount mount -o loop *.img /mnt Bootable 因为制作可启动镜像一定会用到虚拟机，推荐用 Virtualbox，先到网上下个 DOS 启动盘来引导。用 DOS 的 sys 命令传递系统

文件所在路径 vim /usr/lib/systemd/system/SERVICE_NAME.service 服务模板 [Unit] Description=Viry Service After=network.target auditd.service [Service] User=root Type=oneshot RemainAfterExit=true ExecStart=/viry/serv/serv.sh ExecStop=/bin/true [Install] WantedBy=multi-user.target Alias=viry.service serv.sh #!/bin/bash echo "Sync Time" ntpdate 172.16.1.1 hwclock -w TIME=$(TZ=UTC-8 date "+%Y-%m-%d %H:%M:%S") LOG="/viry/serv/serv.log" echo "Ready" echo "" >> $LOG echo $TIME >> $LOG echo "Start DEMO" echo "Start DEMO" >> $LOG sh /viry/serv/demo/demo.sh echo "Finished" echo "Finished" >> $LOG demo.sh #!/bin/bash cd /viry/serv/demo/exec/ screen_name="demo" screen -s /usr/bin/bash -dmS $screen_name cmd1="" cmd2="./demo" screen -x

vim ~/.Xresource 填写配置 xterm.termName: xterm-256color xtermlocale:true xterm.utf8: true xtermutf8Title: true !fix alt key input !xtermeightBitInput: false !xtermaltSendsEscape: true !xtermscrollBar: true !xtermrightScrollBar: true xtermSaveLines: 4096 !xtermbackground: black !xtermforeground: green xtermprintAttributes: 0 xtermprinterCommand: cat > ~/xtermdump !xtermVT100.translations: #override <Btn1UP>: select-end(PRIMARY, CLIPBOARD, CUT_BUFFER0) xtermVT100.translations: #override \ Ctrl <KeyPress> V: insert-selection(CLIPBOARD,PRIMARY,CUT_BUFFER0) \n\ <BtnUp>: select-end(CLIPBOARD,PRIMARY,CUT_BUFFER0) \n\ Ctrl <KeyPress> P: print() \n xtermfaceName: Ubuntu Bold:antialias=True:pixelsize=12 xterm*faceNameDoublesize:Noto Sans Mono CJK SC:antialias=True:pixelsize=12

apt install sudo cd /etc/sudoers.d vim user # Akvicor ALL=(ALL)NOPASSWD:ALL

https://wiki.ubuntu.org.cn/Ufw%E4%BD%BF%E7%94%A8%E6%8C%87%E5%8D%97 安装 默认UFW的规则是放通全部端口 apt-get install ufw 设置默认规则 首先设置拒绝所有传入并允许所有传出。 请勿运行以下命令后直接应用，否则会直接锁定你的服务器。确保在应用默认规

1 vim /etc/systemd/system/network-online.target.wants/networking.service TimeoutStartSec=2sec 2 vim /etc/dhcp/dhclient.conf timeout 15 1 change auto eth0 to allow-hotplug eth0

开机时间 systemd-analyze

查看系统tcp连接中各个状态的连接数。 netstat -an|awk '/^tcp/ {++s[$NF]} END {for(a in s ) print a,s[a]}' # 查看和本机23端口建立连接并状态在established的所有ip netstat -an|grep 80|grep ESTA|awk '{print $5}'|awk 'BEGIN {FS=":"} {print $1 "\n"}'|sort|uniq -c

only permit china ip systemctl stop firewalld.service systemctl disable firewalld.service yum install ipset yum install iptables-services 清空之前的规则 iptables -P INPUT ACCEPT iptables -F 创建一个名为cnip的规则 ipset -N cnip hash:net ipset save # 下载国家IP段，这里以中国为例 wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone # 将IP段添加到cnip

取消笔记本合盖后挂起 vim /etc/systemd/logind.conf 修改 # HandleLidSwitch=suspend HandleLidSwitch=ignore # HandlePowerKey=poweroff HandlePowerKey=ignore 修改屏幕保护