3. 使い始める前の設定

root パスワードの設定

セキュリティ・ポリシー的に問題がある場合は設定しないように!!

root パスワードを設定

user01@ubuntu:~$ sudo passwd root
[sudo] password for user01:
New password:
Retype new password:
passwd: password updated successfully

root になってみる

user01@ubuntu:~$ su -
Password:
root@ubuntu:~#

sudo をパスワードなしで使えるように設定

セキュリティ・ポリシー的に問題がある場合は設定しないように!!

/etc/sudoers の中身

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

/etc/sudoers.d に設定

お作法に従って /etc/sudoers.d に設定 

root@ubuntu:~# echo "user01 ALL=(ALL) NOPASSWD: ALL"> /etc/sudoers.d/user01
root@ubuntu:~# cat /etc/sudoers.d/user01
user01 ALL=(ALL) NOPASSWD: ALL

動作の違いについて

設定前

user01@ubuntu:~$ passwd root
passwd: You may not view or modify password information for root.

user01@ubuntu:~$ sudo passwd root
[sudo] password for user01:
New password:

設定後

user01@ubuntu:~# sudo passwd root
New password:

パッケージ自動更新の無効化設定

/etc/apt/apt.conf.d/20auto-upgrades を修正

vi /etc/apt/apt.conf.d/20auto-upgrades 

APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Unattended-Upgrade "0";

/etc/apt/apt.conf.d/50unattended-upgrades を修正(抜粋)

vi /etc/apt/apt.conf.d/50unattended-upgrades 

Unattended-Upgrade::Allowed-Origins {
//      "${distro_id}:${distro_codename}";
//      "${distro_id}:${distro_codename}-security";
        // Extended Security Maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
//      "${distro_id}ESM:${distro_codename}";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};

apt-dailyとapt-daily-upgradeを停止

root@ubuntu:~# systemctl mask apt-daily.service
Created symlink /etc/systemd/system/apt-daily.service → /dev/null.
root@ubuntu:~# systemctl mask apt-daily.timer
Created symlink /etc/systemd/system/apt-daily.timer → /dev/null.
root@ubuntu:~# systemctl mask apt-daily-upgrade.service
Created symlink /etc/systemd/system/apt-daily-upgrade.service → /dev/null.
root@ubuntu:~# systemctl mask apt-daily-upgrade.timer
Created symlink /etc/systemd/system/apt-daily-upgrade.timer → /dev/null.

IPv6 の無効化設定

IPv6 の状態を確認

root@ubuntu:~# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens160:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:2e:24:48 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.99/24 brd 192.168.0.255 scope global dynamic ens160
       valid_lft 158081sec preferred_lft 158081sec
    inet6 fe80::20c:29ff:fe2e:2448/64 scope link
       valid_lft forever preferred_lft forever

/etc/sysctl.conf の設定

inet6 が表示されている場合 

root@ubuntu:~# echo "net.ipv6.conf.all.disable_ipv6 = 1" > /etc/sysctl.d/90-local.conf
root@ubuntu:~# echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.d/90-local.conf
root@ubuntu:~# sysctl -p
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

IPv6 の無効化確認

再起動して確認 

root@ubuntu:~# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens160:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:2e:24:48 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.99/24 brd 192.168.0.255 scope global dynamic ens160
       valid_lft 156428sec preferred_lft 156428sec

タイムゾーンの設定

タイムゾーンの状態を確認

root@ubuntu:~# timedatectl
               Local time: Tue 2019-10-08 07:30:18 UTC
           Universal time: Tue 2019-10-08 07:30:18 UTC
                 RTC time: Tue 2019-10-08 07:30:17
                Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

タイムゾーンの変更

Local time に UTC が表示されている場合 

root@ubuntu:~# timedatectl list-timezones | grep Asia/Tokyo
Asia/Tokyo
root@ubuntu:~# timedatectl set-timezone Asia/Tokyo

変更後のタイムゾーンを確認

root@ubuntu:~# timedatectl
               Local time: Tue 2019-10-08 16:30:40 JST
           Universal time: Tue 2019-10-08 07:30:40 UTC
                 RTC time: Tue 2019-10-08 07:30:40
                Time zone: Asia/Tokyo (JST, +0900)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

時刻同期の設定

時刻同期の状態を確認

oot@ubuntu:~# systemctl -l status systemd-timesyncd
● systemd-timesyncd.service - Network Time Synchronization
   Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-10-08 14:00:09 JST; 2h 43min ago
     Docs: man:systemd-timesyncd.service(8)
 Main PID: 779 (systemd-timesyn)
   Status: "Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com)."
    Tasks: 2 (limit: 4648)
   Memory: 1.5M
   CGroup: /system.slice/systemd-timesyncd.service
           └─779 /lib/systemd/systemd-timesyncd

同期先の変更

ルータが NTP を提供しているので

/etc/systemd/timesyncd.conf を修正(抜粋)

vi /etc/systemd/timesyncd.conf 

[Time]
NTP=192.168.0.1
#FallbackNTP=ntp.ubuntu.com
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048

サービスを再起動

root@ubuntu:~# systemctl restart systemd-timesyncd.service

変更後の時刻同期状態を確認

root@ubuntu:~# systemctl -l status systemd-timesyncd
● systemd-timesyncd.service - Network Time Synchronization
   Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-10-08 16:59:29 JST; 3s ago
     Docs: man:systemd-timesyncd.service(8)
 Main PID: 18137 (systemd-timesyn)
   Status: "Synchronized to time server 192.168.0.1:123 (192.168.0.1)."
    Tasks: 2 (limit: 4648)
   Memory: 1.1M
   CGroup: /system.slice/systemd-timesyncd.service
           └─18137 /lib/systemd/systemd-timesyncd

Ubuntu の最新化

リポジトリ一覧を更新

root@ubuntu:~# apt update
Hit:1 http://jp.archive.ubuntu.com/ubuntu disco InRelease
Get:2 http://jp.archive.ubuntu.com/ubuntu disco-updates InRelease [97.5 kB]
Get:3 http://jp.archive.ubuntu.com/ubuntu disco-backports InRelease [88.8 kB]
Get:4 http://jp.archive.ubuntu.com/ubuntu disco-security InRelease [97.5 kB]
Get:5 http://jp.archive.ubuntu.com/ubuntu disco-updates/main amd64 Packages [288 kB]
Get:6 http://jp.archive.ubuntu.com/ubuntu disco-updates/universe amd64 Packages [313 kB]
Fetched 885 kB in 0s (1,827 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
60 packages can be upgraded. Run 'apt list --upgradable' to see them.

パッケージを更新

root@ubuntu:~# apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  apparmor apt apt-utils base-files bash bsdutils cloud-init console-setup
  console-setup-linux debconf debconf-i18n dmeventd dmsetup dpkg fdisk
  friendly-recovery ibverbs-providers initramfs-tools initramfs-tools-bin

~~~ 途中省略 ~~~

Do you want to continue? [Y/n] y
Get:1 http://jp.archive.ubuntu.com/ubuntu disco-updates/main amd64 base-files amd64 10.1ubuntu9.1 [60.1 kB]
Get:2 http://jp.archive.ubuntu.com/ubuntu disco-updates/main amd64 bash amd64 5.0-3ubuntu1.1 [636 kB]
Get:3 http://jp.archive.ubuntu.com/ubuntu disco-updates/main amd64 bsdutils amd64 1:2.33.1-0.1ubuntu3 [63.5 kB]
Get:4 http://jp.archive.ubuntu.com/ubuntu disco-updates/main amd64 dpkg amd64 1.19.6ubuntu1.1 [1,133 kB]

~~~ 途中省略 ~~~

Processing triggers for plymouth-theme-ubuntu-text (0.9.4-1ubuntu1) ...
update-initramfs: deferring update (trigger activated)
Processing triggers for dbus (1.12.12-1ubuntu1.1) ...
Processing triggers for initramfs-tools (0.131ubuntu19.1) ...
update-initramfs: Generating /boot/initrd.img-5.0.0-31-generic

コメント

コメントを入力:
 
  • linux/ubuntu/main/config
  • 最終更新: 2019/12/02
  • (外部編集)