Naujausias pranešimas: Samba kritinis pažeidžiamumas
frame

Sveiki apsilankę!

Jei forume lankaisi pirmą kartą, kviečiame registruotis ir prisijungti prie diskusijų.

Prisijungti Registruotis

[KVM] Serverio OS šablonų minimalizavimas

iv_almantasmiv_almantasm Super Moderator
edited 2019 gruodžio 17 Į Archyvas
Serverių administratoriams, norintiems kuo minimalesnės operacinės sistemos aplinkos rekomenduojame pasinaudoti viena iš pateiktų komandų. Įvykdžius minimalizavimo komandą OS šablone bus pašalinti daugelis paketų ir serverio administratorius galės diegti tik tai, ko jam išties reikia.

1. Įdiekite standartinį OS šabloną iš klientų sistemos;
2. Priklausomai nuo įdiegtos OS (be valdymo pulto), panaudokite vieną iš komandų:

CentOS 6:
yum -y remove selinux-policy-targeted dkms selinux-policy b43-openfwwf system-config-firewall-base gcc mlocate man lsof lynx man-pages ncompress cronie cronie-anacron crontabs glibc-devel postfix cpp cryptsetup-luks glibc-headers cryptsetup-luks-libs mpfr mysql-libs audit sudo bridge-utils cyrus-sasl libcap-ng libgomp mailx m4 authconfig newt-python newt slang lvm2 lvm2-libs mdadm which iptables-ipv6 bzip2 attr; yum clean all

CentOS 7:
yum -y remove plymouth plymouth-scripts cronie-anacron crontabs cronie dkms tuned authconfig newt-python rsyslog grub2-tools NetworkManager-tui kexec-tools dracut-network newt openssl policycoreutils e2fsprogs man-db NetworkManager-team NetworkManager-wifi centos-logos NetworkManager dhclient dhcp-common bind-libs-lite ppp bind-license dhcp-libs libpcap libpipeline libss libselinux-utils make slang ethtool which libestr json-c logrotate sudo iwl*  perl-Filter perl-File-Path perl-File-Temp perl-Encode perl-PathTools perl-podlators perl-parent perl-Pod-Perldoc perl-HTTP-Tiny perl-Pod-Usage perl-Text-ParseWords perl-Getopt-Long perl-Pod-Escapes perl-Pod-Simple perl-Socket perl-Storable perl-Time-HiRes perl-Time-Local perl-constant perl-Scalar-List-Utils perl-Exporter perl-Carp perl-threads perl-threads-shared perl-libs perl-macros perl alsa-tools-firmware alsa-firmware ivtv-firmware linux-firmware alsa-lib audit polkit-pkla-compat polkit gcc cpp biosdevname postfix glibc-devel glibc-headers libsoup glib-networking btrfs-progs lzo libproxy libmpc mpfr mariadb-libs microcode_ctl parted rdma selinux-policy-targeted selinux-policy snappy virt-what GeoIP dnsmasq NetworkManager-libnm teamd jansson kbd kbd-legacy kbd-misc mozjs17 wpa_supplicant; yum clean all

Debian 7:
DEBIAN_FRONTEND=noninteractive apt-get -y remove --purge -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" apache2 apache2-doc apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common apt-utils bind9 bind9-host bind9utils binutils bsd-mailx bsdmainutils bzip2 ca-certificates console-common console-data cracklib-runtime cron db-util db5.1-util debconf-utils debian-keyring dialog expat fetchmail file finger fontconfig fontconfig-config fonts-freefont-ttf ftp gettext groff-base info install-info iputils-arping iputils-tracepath isc-dhcp-client isc-dhcp-common kbd ldap-utils less libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libapt-inst1.5:amd64 libavahi-client3:amd64 libavahi-common-data:amd64 libavahi-common3:amd64 libbind9-80 libcap2:amd64 libcrack2 libcroco3:amd64 libcups2:amd64 libdns88 libfile-copy-recursive-perl libfontconfig1:amd64 libfreetype6:amd64 libgeoip1 libgettextpo0:amd64 libgomp1:amd64 libgssglue1:amd64 libisc84 libisccc80 libisccfg82 liblockfile-bin liblockfile1:amd64 libltdl7:amd64 liblwres80 libmagic1:amd64 libodbc1:amd64 libpaper1:amd64 libpcap0.8:amd64 libperl5.14 libpipeline1:amd64 libpopt0:amd64 libsensors4:amd64 libsnmp-base libsnmp15 libsysfs2:amd64 libtalloc2:amd64 libtdb1:amd64 libtirpc1:amd64 libunistring0:amd64 libwbclient0:amd64 libxml2:amd64 locales-all logrotate lynx lynx-cur m4 man-db manpages memtester mlocate mtools ncurses-term odbcinst odbcinst1debian2:amd64 openssl openssl-blacklist procmail psutils pwgen rmail rpcbind rsync sasl2-bin screen sendmail sendmail-base sendmail-bin sendmail-cf sendmail-doc sensible-mda sharutils snmp ssl-cert sudo syslinux syslinux-common tcpdump tcsh telnet tofrodos traceroute ttf-dejavu ttf-dejavu-core ttf-dejavu-extra ttf-freefont unixodbc unzip update-inetd uuid-runtime whois wide-dhcpv6-client xinetd acpid vim-common vim-tiny usbutils; apt-get -y autoremove; apt-get clean all

Debian 8:
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" apache2 apache2-bin apache2-data apache2-doc apache2-mpm-prefork apache2-utils apt-utils bind9 bind9-host bind9utils binutils bsd-mailx bsdmainutils bzip2 ca-certificates cifs-utils console-common console-data cracklib-runtime cron db-util db5.3-util debconf-utils dh-python dialog expat fetchmail file finger fontconfig fontconfig-config fonts-dejavu fonts-dejavu-core fonts-dejavu-extra fonts-freefont-ttf ftp gettext groff-base info iputils-arping iputils-tracepath isc-dhcp-client isc-dhcp-common kbd ldap-utils less libapr1:amd64 libaprutil1:amd64 libaprutil1-dbd-sqlite3:amd64 libaprutil1-ldap:amd64 libapt-inst1.5:amd64 libasn1-8-heimdal:amd64 libavahi-client3:amd64 libavahi-common-data:amd64 libavahi-common3:amd64 libbind9-90 libcap-ng0:amd64 libcrack2:amd64 libcroco3:amd64 libcups2:amd64 libdns-export100 libdns100 libfile-copy-recursive-perl libfontconfig1:amd64 libfreetype6:amd64 libgeoip1:amd64 libglib2.0-0:amd64 libgomp1:amd64 libgssapi3-heimdal:amd64 libhcrypto4-heimdal:amd64 libhdb9-heimdal:amd64 libheimbase1-heimdal:amd64 libheimntlm0-heimdal:amd64 libhx509-5-heimdal:amd64 libirs-export91 libisc-export95 libisc95 libisccc90 libisccfg-export90 libisccfg90 libkdc2-heimdal:amd64 libkrb5-26-heimdal:amd64 libldb1:amd64 liblockfile-bin liblockfile1:amd64 libltdl7:amd64 liblua5.1-0:amd64 liblwres90 libmagic1:amd64 libmpdec2:amd64 libntdb1:amd64 libodbc1:amd64 libpaper1:amd64 libpcap0.8:amd64 libpci3:amd64 libperl5.20 libpipeline1:amd64 libpng12-0:amd64 libpopt0:amd64 libpython2.7:amd64 libpython3-stdlib:amd64 libpython3.4-stdlib:amd64 libroken18-heimdal:amd64 libsensors4:amd64 libsnmp-base libsnmp30:amd64 libtalloc2:amd64 libtdb1:amd64 libtevent0:amd64 libunistring0:amd64 libwbclient0:amd64 libwind0-heimdal:amd64 libxml2:amd64 logrotate lynx lynx-cur m4 make man-db manpages memtester mlocate mtools ncurses-term odbcinst odbcinst1debian2:amd64 openssl openssl-blacklist patch postfix procmail psutils pwgen python-crypto python-dnspython python-ldb python-ntdb python-samba python-talloc python-tdb python3 python3-minimal python3.4 rpcbind rsync samba-common samba-common-bin samba-dsdb-modules samba-libs:amd64 sasl2-bin screen sharutils snmp ssl-cert sudo syslinux tcpdump tcsh tdb-tools telnet tofrodos traceroute ttf-dejavu ttf-dejavu-core ttf-dejavu-extra ttf-freefont unixodbc unzip update-inetd uuid-runtime whois wide-dhcpv6-client xinetd acpi-support-base acpid vim-common vim-tiny usbutils; apt-get -y autoremove; apt-get clean all

Fedora 22:
dnf -y remove plymouth plymouth-scripts cronie-anacron crontabs cronie dkms tuned authconfig newt-python rsyslog grub2-tools NetworkManager-tui kexec-tools dracut-network newt openssl policycoreutils e2fsprogs man-db NetworkManager-team NetworkManager-wifi NetworkManager dhclient dhcp-common bind-libs-lite ppp bind-license dhcp-libs libpcap libpipeline libss libselinux-utils make slang ethtool which libestr json-c logrotate sudo iwl* alsa-lib audit polkit-pkla-compat polkit gcc cpp biosdevname postfix glibc-devel glibc-headers libsoup libproxy libmpc mpfr mariadb-libs microcode_ctl parted rdma dnsmasq NetworkManager-libnm teamd jansson kbd kbd-legacy kbd-misc mozjs17 wpa_supplicant sqlite mdadm man-pages; dnf clean all

Fedora 23:
dnf -y remove plymouth plymouth-scripts cronie-anacron crontabs cronie dkms tuned authconfig newt-python rsyslog grub2-tools NetworkManager-tui kexec-tools dracut-network newt openssl policycoreutils e2fsprogs man-db NetworkManager-team NetworkManager-wifi NetworkManager dhclient dhcp-common bind-libs-lite ppp bind-license dhcp-libs libpcap libpipeline libss libselinux-utils make slang ethtool which libestr json-c logrotate sudo iwl* alsa-lib audit polkit-pkla-compat polkit gcc cpp biosdevname postfix glibc-devel glibc-headers libsoup libproxy libmpc mpfr mariadb-libs microcode_ctl parted rdma dnsmasq NetworkManager-libnm teamd jansson kbd kbd-legacy kbd-misc mozjs17 wpa_supplicant sqlite linux-firmware selinux-policy selinux-policy-targeted GeoIP mdadm man-pages; dnf clean all

Fedora 24:
dnf -y remove plymouth plymouth-scripts cronie-anacron crontabs cronie dkms tuned authconfig newt-python rsyslog grub2-tools NetworkManager-tui kexec-tools dracut-network newt openssl policycoreutils e2fsprogs man-db NetworkManager-team NetworkManager-wifi NetworkManager dhclient dhcp-common bind-libs-lite ppp bind-license dhcp-libs libpcap libpipeline libss libselinux-utils make slang ethtool which libestr json-c logrotate iwl* alsa-lib audit polkit-pkla-compat polkit gcc cpp biosdevname postfix glibc-devel glibc-headers libsoup libproxy libmpc mariadb-libs microcode_ctl parted rdma dnsmasq NetworkManager-libnm teamd jansson kbd kbd-legacy kbd-misc mozjs17 wpa_supplicant sqlite linux-firmware selinux-policy selinux-policy-targeted GeoIP perl* btrfs-progs mdadm man-pages mailcap rsync; dnf clean all

Ubuntu 14.04:
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" apache2 apache2-bin apache2-data apache2-doc apache2-mpm-prefork apache2-utils apt-utils bind9 bind9-host bind9utils binutils bsd-mailx bsdmainutils bzip2 ca-certificates console-common console-data console-setup cracklib-runtime cron db-util db5.3-util debconf-utils dialog expat fetchmail file finger fontconfig fontconfig-config fonts-dejavu fonts-dejavu-core fonts-dejavu-extra fonts-freefont-ttf ftp gettext groff-base info iputils-arping iputils-tracepath isc-dhcp-client isc-dhcp-common kbd keyboard-configuration ldap-utils less libapr1:amd64 libaprutil1:amd64 libaprutil1-dbd-sqlite3:amd64 libaprutil1-ldap:amd64 libapt-inst1.5:amd64 libavahi-client3:amd64 libavahi-common-data:amd64 libavahi-common3:amd64 libbind9-90 libbsd0:amd64 libcrack2:amd64 libcroco3:amd64 libcups2:amd64 libdns100 libfile-copy-recursive-perl libfontconfig1:amd64 libgeoip1:amd64 libglib2.0-0:amd64 libgmp10:amd64 libgomp1:amd64 libgssglue1:amd64 libhdb9-heimdal:amd64 libisc95 libisccc90 libisccfg90 libkdc2-heimdal:amd64 libldb1:amd64 liblockfile-bin liblockfile1:amd64 libltdl7:amd64 liblwres90 libmagic1:amd64 libntdb1:amd64 libodbc1:amd64 libpaper1:amd64 libpcap0.8:amd64 libperl5.18 libpipeline1:amd64 libpopt0:amd64 libpython-stdlib:amd64 libsensors4:amd64 libsnmp-base libsnmp30:amd64 libtalloc2:amd64 libtdb1:amd64 libtevent0:amd64 libtirpc1:amd64 libunistring0:amd64 libwbclient0:amd64 libxml2:amd64 logrotate lynx lynx-cur m4 make man-db manpages memtester mlocate mtools ncurses-term odbcinst odbcinst1debian2:amd64 openssl openssl-blacklist postfix procmail psutils pwgen python python-crypto python-dnspython python-ldb python-minimal python-ntdb python-talloc python-tdb python2.7 python2.7-minimal rpcbind rsync sasl2-bin screen sharutils snmp ssl-cert sudo syslinux syslinux-common tcpdump tcsh tdb-tools telnet tofrodos traceroute ttf-dejavu ttf-dejavu-core ttf-dejavu-extra ttf-freefont unixodbc unzip update-inetd uuid-runtime whois wide-dhcpv6-client xinetd xkb-data usbutils vim-common vim-runtime vim-tiny vim; apt-get -y autoremove; apt-get clean all

Ubuntu 16.04:
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" apache2 apache2-bin apache2-data apache2-doc apache2-utils bind9 bind9-host bind9utils git git-man libbind9-140 bind9-host bind9utils binutils bsd-mailx bsdmainutils bzip2 console-data cracklib-runtime cron db-util db5.3-util debconf-utils dialog expat libexpat1 fetchmail file libfile-copy-recursive-perl liblockfile-bin liblockfile1 finger fontconfig fontconfig-config libfontconfig1 fontconfig-config fonts-dejavu fonts-dejavu-extra fonts-dejavu-core fonts-dejavu-extra fonts-freefont-ttf ftp groff-base distro-info-data info install-info procinfo iputils-arping iputils-tracepath isc-dhcp-client isc-dhcp-common ldap-utils less libfile-copy-recursive-perl liblockfile-bin libsnmp-base logrotate lynx lynx-common m4 make makedev man-db manpages memtester mlocate mtools odbcinst odbcinst1debian2 libgnutls-openssl27 openssl-blacklist openssl-blacklist postfix procmail psutils pwgen dh-python libpython-stdlib libpython2.7 libpython2.7-minimal libpython2.7-stdlib libpython3-stdlib libpython3.5 libpython3.5-minimal libpython3.5-stdlib python python-crypto python-dnspython python-ldb python-minimal python-samba python-talloc python-tdb python2.7 python2.7-minimal python3 python3-minimal python3.5 python3.5-minimal python-crypto python-dnspython python-ldb python-minimal python-talloc python-tdb libpython2.7 libpython2.7-minimal libpython2.7-stdlib python2.7 python2.7-minimal libpython2.7-minimal python2.7-minimal rpcbind rsync sasl2-bin screen sharutils libsnmp-base libsnmp30 snmp ssl-cert syslinux tcpdump tcsh tdb-tools telnet tofrodos traceroute ttf-dejavu ttf-dejavu-core ttf-dejavu-extra ttf-freefont unixodbc unzip uuid-runtime whois wide-dhcpv6-client xinetd mdadm vim-common vim-runtime vim-tiny usbutils lvm2; apt-get -y autoremove; apt-get clean all

3. Perkraukite serverį

Pastaba: Kai kurie OS šablonai reikalauja palaukti iki kol bus užbaigtas po įdiegimo paleidžiama OS atnaujinimo komanda, tad šiek tiek palaukite atlikę 1 žingsnį.
Pažymėtos temos:
Norėdami palikti komentarą, turite prisijungti arba registruokis.
Dedikuoti.lt
Šiame forume rasite informaciją kaip atlikti serverio administravimą, konfigūravimą, įvairių tarnybų bei papildomų aplikacijų diegimą. Taip pat pateiksime rekomendacijų, skirtų serverių saugumui, monitoringui ir optimizavimui. Kviečiame prisijungti prie dedikuotų serverių administratorių bendruomenės, dalyvauti diskusijose ir praplėsti savo žinias serverių administravimo srityje!
© 2007 - 2023 Dedikuoti.lt forumas, visos teisės saugumos.