250805-Ubuntu20.04优化配置脚本-Ubuntu-Scripts

/etc/sudoers配置

1
ubuntu ALL=(ALL:ALL) NOPASSWD: ALL

Ubuntu 20.04 优化配置脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
#!/bin/sh

# 禁用内核更新
sudo apt-mark hold linux-generic linux-image-generic linux-headers-generic
# 锁定内核
sudo apt-mark hold linux-generic linux-image-generic linux-headers-generic
sudo apt-mark hold linux-image-generic linux-headers-generic

sudo apt update

# 禁用内核更新
sudo apt-mark hold linux-generic linux-image-generic linux-headers-generic
# 锁定内核
sudo apt-mark hold linux-generic linux-image-generic linux-headers-generic
sudo apt-mark hold linux-image-generic linux-headers-generic

sudo timedatectl set-timezone Asia/Shanghai
sudo cat /etc/timezone

# sudo mkdir -p /root/snap/chromium/common/chromium/BrowserMetrics

sudo apt install language-pack-zh-hans -y
sudo locale-gen zh_CN.UTF-8
sudo update-locale LANG=zh_CN.UTF-8

export LANG=zh_CN.UTF-8

sudo apt-get install vim -y && sudo apt-get remove nano -y
sudo apt install fonts-wqy-zenhei fonts-wqy-microhei fonts-noto-cjk -y
sudo apt install -y fontconfig
sudo apt install -y fonts-dejavu-core fonts-liberation

sudo apt install fonts-wqy-zenhei fonts-wqy-microhei fonts-noto-cjk -y
sudo apt install -y git
sudo apt install net-tools -y
sudo apt install openssh-server -y
sudo apt install -y fontconfig
sudo apt install -y fonts-dejavu-core fonts-liberation

# 禁用自动更新
sudo sed -i 's/APT::Periodic::Update-Package-Lists "1";/APT::Periodic::Update-Package-Lists "0";/g' /etc/apt/apt.conf.d/10periodic
sudo sed -i 's/APT::Periodic::Unattended-Upgrade "1";/APT::Periodic::Unattended-Upgrade "0";/g' /etc/apt/apt.conf.d/10periodic

# 禁用无人值守升级
sudo sed -i 's/APT::Periodic::Update-Package-Lists "1";/APT::Periodic::Update-Package-Lists "0";/g' /etc/apt/apt.conf.d/20auto-upgrades
sudo sed -i 's/APT::Periodic::Unattended-Upgrade "1";/APT::Periodic::Unattended-Upgrade "0";/g' /etc/apt/apt.conf.d/20auto-upgrades

# 禁用 apt-daily 服务和计时器
sudo systemctl stop apt-daily.service
sudo systemctl disable apt-daily.service
sudo systemctl mask apt-daily.service
sudo systemctl daemon-reload
sudo systemctl stop apt-daily.timer
sudo systemctl disable apt-daily.timer
sudo systemctl mask apt-daily.timer
sudo systemctl daemon-reload

# 禁用 unattended-upgrades 服务
sudo systemctl disable unattended-upgrades

# 禁用 Snap 自动更新
sudo snap refresh --hold

# 禁用自动更新
sudo systemctl stop apt-daily.service
sudo systemctl disable apt-daily.service
sudo systemctl kill --kill-who=main apt-daily.service
sudo systemctl disable apt-daily.timer
sudo systemctl mask apt-daily.timer
sudo systemctl stop unattended-upgrades.service
sudo systemctl disable unattended-upgrades.service

sudo systemctl daemon-reload

# Ubuntu自动登录和开机锁屏取消
## 禁用自动锁屏:
# gsettings set org.gnome.desktop.screensaver lock-enabled false
# gsettings set org.gnome.desktop.lockdown disable-lock-screen true

# 禁用内核更新
sudo apt-mark hold linux-generic linux-image-generic linux-headers-generic
# 恢复内核更新
sudo apt-mark unhold linux-generic linux-image-generic linux-headers-generic

sudo sed -i 's/1/0/' /etc/apt/apt.conf.d/10periodic
sudo sed -i 's/2/0/' /etc/apt/apt.conf.d/10periodic

sudo sed -i 's/1/0/' /etc/apt/apt.conf.d/20auto-upgrades
sudo sed -i 's/2/0/' /etc/apt/apt.conf.d/20auto-upgrades

sudo apt remove update-notifier -y

# 禁用屏幕休眠
# gsettings set org.gnome.desktop.session idle-delay 0

sudo mkdir -p /home/mes/.ssh

sudo touch /home/mes/.ssh/authorized_keys


# Linux优化-Ulimit
# 写入文件内容

sudo bash -c 'cat <<EOF > /etc/security/limits.conf
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF'

# >> 表示 追加 到文件末尾,不会破坏原有内容
sudo bash -c 'cat <<EOF > /etc/systemd/system.conf
[Manager]
DefaultLimitNOFILE=1048576
EOF'

# >> 表示 追加 到文件末尾,不会破坏原有内容
sudo bash -c 'cat <<EOF > /etc/sysctl.conf
net.ipv4.ip_forward = 1
fs.file-max = 1048576
fs.inotify.max_user_instances=512
fs.inotify.max_user_watches=262144
EOF'

# 安装chrome谷歌浏览器
sudo apt update

# 谷歌浏览器取消登录密钥环**然后重启系统,首次打开 Chrome 时会提示创建新密钥环,直接留空密码并继续即可
rm -rf /home/ubuntu/.local/share/keyrings/*
sudo rm -rf /home/ubuntu/.local/share/keyrings/*

# 调整电视连接显示配置
sudo sed -i 's/#HandleLidSwitch=suspend/HandleLidSwitch=ignore/g' /etc/systemd/logind.conf

sudo apt autoremove -y

# 配置密钥允许
sudo bash -c 'cat <<EOF >> /home/ubuntu/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiKRDip9YCWzsIe2a0bT2az8DjH7k6cBij8bpfcNaIqSfz+/PJWDPwK4VeC4Ko4E8jQYct8i9u9VKcAK9XUhMEQNlpmpC+KXHApMBJ8Stm8yHb65gOcl8sDxdyWB3LevzLhsK8ZvI1Fus7O5vwmGjdOxhhw/89aZG6xHM8gfe+IYjCdm+n6rMz0RTAgP/QVsLjrLqk8VxC/kb1QjKG0BjZsMnTvs32oiqgJ4Eif8TUpXnDin+lRL4v2fUjRMfOS7PSIMNUAtvtRd3lBp9u4Yk1VtRy+ZWITpXvnURlEp/bKiIxf2G2gUVsDZXLVu1l04FNB7bOEj99qolhfXYERJYSBMYSjPCrOmBTYuYlokqk/r4RtNncNXEs4WPipw/LekCEYs1rjBR7uUditEAJbCM4elUkN8t4XHZy9FKSRE/pdkhekW+dUf6AResMlTV/bCNYQu/JcUBvvWxscqsxYiZ5Q+lRJb1T6c0bTKSN3RddY3YMa1gdqWgK8O/OBVq2q80= Administrator@DESKTOP-12ALS0Q
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDERDBQtrr03DzuNYZhtIrWIVBWTOWrgptdVGMwQnGZqH5pLe88J0H5JtCUvXFZtah8JzsOcxrIHFNY52SYhKokfDBKdoFLEGQ6W0f5BOpVAdLSh1jMU/ybkn+8TGygy85qs8g1IEk7u8loqWNRT/mBOd6MZJTZQxivYIOBCzC1oeBlzO0fBqnlPoYxWahC2ifDbs5lc0DrNElJPeklVVLwGJNTc3wn0Y6tSFdb9975SLYBsp8XoDWI0wCsqp/afI3zH7Ms+CIxz6XzsjjIEXwnCRxKjbLOGJLeDOFlf+ArqrV5WBWBD39qFVmq9rTfvjG4o+cPSgz1zyN1LyPK3+CQVtk3+2Bb1lPHaw4NdyCakrnT3aTdYsICvmD88Gre/wDgXid5osqoGfRYOWtzHIULmWH4k6HGg4O9W9EHU1lm2qP/Zt8CHC+tPhSYwOovu//lyhg4ygMDLCkHnXy4cCfdxQ4HvgHPQpmHkCfNgIgWTotykIUZbCbJpowJPNngOFM= root@sop

EOF'

#
sudo apt autoremove -y
# sudo reboot
# sudo systemctl restart systemd-logind