3. 使い始める前の設定
root パスワードの設定
セキュリティ・ポリシー的に問題がある場合は設定しないように!!
root パスワードを設定
user01@ubuntu:~$ sudo passwd root [sudo] password for user01: New password: Retype new password: passwd: password updated successfully
root になってみる
user01@ubuntu:~$ su - Password: root@ubuntu:~#
sudo をパスワードなしで使えるように設定
セキュリティ・ポリシー的に問題がある場合は設定しないように!!
/etc/sudoers の中身
# # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d
/etc/sudoers.d に設定
お作法に従って /etc/sudoers.d に設定
root@ubuntu:~# echo "user01 ALL=(ALL) NOPASSWD: ALL"> /etc/sudoers.d/user01 root@ubuntu:~# cat /etc/sudoers.d/user01 user01 ALL=(ALL) NOPASSWD: ALL
動作の違いについて
設定前
user01@ubuntu:~$ passwd root passwd: You may not view or modify password information for root. user01@ubuntu:~$ sudo passwd root [sudo] password for user01: New password:
設定後
user01@ubuntu:~# sudo passwd root New password:
パッケージ自動更新の無効化設定
/etc/apt/apt.conf.d/20auto-upgrades を修正
vi /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "0"; APT::Periodic::Unattended-Upgrade "0";
/etc/apt/apt.conf.d/50unattended-upgrades を修正(抜粋)
vi /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins { // "${distro_id}:${distro_codename}"; // "${distro_id}:${distro_codename}-security"; // Extended Security Maintenance; doesn't necessarily exist for // every release and this system may not have it installed, but if // available, the policy for updates is such that unattended-upgrades // should also install from here by default. // "${distro_id}ESM:${distro_codename}"; // "${distro_id}:${distro_codename}-updates"; // "${distro_id}:${distro_codename}-proposed"; // "${distro_id}:${distro_codename}-backports"; };
apt-dailyとapt-daily-upgradeを停止
root@ubuntu:~# systemctl mask apt-daily.service Created symlink /etc/systemd/system/apt-daily.service → /dev/null. root@ubuntu:~# systemctl mask apt-daily.timer Created symlink /etc/systemd/system/apt-daily.timer → /dev/null. root@ubuntu:~# systemctl mask apt-daily-upgrade.service Created symlink /etc/systemd/system/apt-daily-upgrade.service → /dev/null. root@ubuntu:~# systemctl mask apt-daily-upgrade.timer Created symlink /etc/systemd/system/apt-daily-upgrade.timer → /dev/null.
IPv6 の無効化設定
IPv6 の状態を確認
root@ubuntu:~# ip a 1: lo:mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens160: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:2e:24:48 brd ff:ff:ff:ff:ff:ff inet 192.168.0.99/24 brd 192.168.0.255 scope global dynamic ens160 valid_lft 158081sec preferred_lft 158081sec inet6 fe80::20c:29ff:fe2e:2448/64 scope link valid_lft forever preferred_lft forever
/etc/sysctl.conf の設定
inet6 が表示されている場合
root@ubuntu:~# echo "net.ipv6.conf.all.disable_ipv6 = 1" > /etc/sysctl.d/90-local.conf root@ubuntu:~# echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.d/90-local.conf root@ubuntu:~# sysctl -p net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
IPv6 の無効化確認
再起動して確認
root@ubuntu:~# ip a 1: lo:mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: ens160: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:2e:24:48 brd ff:ff:ff:ff:ff:ff inet 192.168.0.99/24 brd 192.168.0.255 scope global dynamic ens160 valid_lft 156428sec preferred_lft 156428sec
タイムゾーンの設定
タイムゾーンの状態を確認
root@ubuntu:~# timedatectl Local time: Tue 2019-10-08 07:30:18 UTC Universal time: Tue 2019-10-08 07:30:18 UTC RTC time: Tue 2019-10-08 07:30:17 Time zone: Etc/UTC (UTC, +0000) System clock synchronized: yes NTP service: active RTC in local TZ: no
タイムゾーンの変更
Local time に UTC が表示されている場合
root@ubuntu:~# timedatectl list-timezones | grep Asia/Tokyo Asia/Tokyo root@ubuntu:~# timedatectl set-timezone Asia/Tokyo
変更後のタイムゾーンを確認
root@ubuntu:~# timedatectl Local time: Tue 2019-10-08 16:30:40 JST Universal time: Tue 2019-10-08 07:30:40 UTC RTC time: Tue 2019-10-08 07:30:40 Time zone: Asia/Tokyo (JST, +0900) System clock synchronized: yes NTP service: active RTC in local TZ: no
時刻同期の設定
時刻同期の状態を確認
oot@ubuntu:~# systemctl -l status systemd-timesyncd ● systemd-timesyncd.service - Network Time Synchronization Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2019-10-08 14:00:09 JST; 2h 43min ago Docs: man:systemd-timesyncd.service(8) Main PID: 779 (systemd-timesyn) Status: "Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com)." Tasks: 2 (limit: 4648) Memory: 1.5M CGroup: /system.slice/systemd-timesyncd.service └─779 /lib/systemd/systemd-timesyncd
同期先の変更
ルータが NTP を提供しているので
/etc/systemd/timesyncd.conf を修正(抜粋)
vi /etc/systemd/timesyncd.conf
[Time] NTP=192.168.0.1 #FallbackNTP=ntp.ubuntu.com #RootDistanceMaxSec=5 #PollIntervalMinSec=32 #PollIntervalMaxSec=2048
サービスを再起動
root@ubuntu:~# systemctl restart systemd-timesyncd.service
変更後の時刻同期状態を確認
root@ubuntu:~# systemctl -l status systemd-timesyncd ● systemd-timesyncd.service - Network Time Synchronization Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2019-10-08 16:59:29 JST; 3s ago Docs: man:systemd-timesyncd.service(8) Main PID: 18137 (systemd-timesyn) Status: "Synchronized to time server 192.168.0.1:123 (192.168.0.1)." Tasks: 2 (limit: 4648) Memory: 1.1M CGroup: /system.slice/systemd-timesyncd.service └─18137 /lib/systemd/systemd-timesyncd
Ubuntu の最新化
リポジトリ一覧を更新
root@ubuntu:~# apt update Hit:1 http://jp.archive.ubuntu.com/ubuntu disco InRelease Get:2 http://jp.archive.ubuntu.com/ubuntu disco-updates InRelease [97.5 kB] Get:3 http://jp.archive.ubuntu.com/ubuntu disco-backports InRelease [88.8 kB] Get:4 http://jp.archive.ubuntu.com/ubuntu disco-security InRelease [97.5 kB] Get:5 http://jp.archive.ubuntu.com/ubuntu disco-updates/main amd64 Packages [288 kB] Get:6 http://jp.archive.ubuntu.com/ubuntu disco-updates/universe amd64 Packages [313 kB] Fetched 885 kB in 0s (1,827 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 60 packages can be upgraded. Run 'apt list --upgradable' to see them.
パッケージを更新
root@ubuntu:~# apt upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: apparmor apt apt-utils base-files bash bsdutils cloud-init console-setup console-setup-linux debconf debconf-i18n dmeventd dmsetup dpkg fdisk friendly-recovery ibverbs-providers initramfs-tools initramfs-tools-bin ~~~ 途中省略 ~~~ Do you want to continue? [Y/n] y Get:1 http://jp.archive.ubuntu.com/ubuntu disco-updates/main amd64 base-files amd64 10.1ubuntu9.1 [60.1 kB] Get:2 http://jp.archive.ubuntu.com/ubuntu disco-updates/main amd64 bash amd64 5.0-3ubuntu1.1 [636 kB] Get:3 http://jp.archive.ubuntu.com/ubuntu disco-updates/main amd64 bsdutils amd64 1:2.33.1-0.1ubuntu3 [63.5 kB] Get:4 http://jp.archive.ubuntu.com/ubuntu disco-updates/main amd64 dpkg amd64 1.19.6ubuntu1.1 [1,133 kB] ~~~ 途中省略 ~~~ Processing triggers for plymouth-theme-ubuntu-text (0.9.4-1ubuntu1) ... update-initramfs: deferring update (trigger activated) Processing triggers for dbus (1.12.12-1ubuntu1.1) ... Processing triggers for initramfs-tools (0.131ubuntu19.1) ... update-initramfs: Generating /boot/initrd.img-5.0.0-31-generic
コメント