English | 简体中文
- Password can be used for a maximum of 30 days.
- After 30 days of password expiration, the account will be disabled.
- The interval between two password changes is 1 day.
- Warning 7 days before password expiration.
- Set the system default encryption algorithm to SHA512.
- Set a session timeout policy of 900 seconds.
- Each created user will be given their own group.
- The newly created user home directory permissions are changed to 0750.
- Modify the permissions of the home directory of the stock user to 0750.
- Remove useless users and packages.
- Hardened OpenSSH config (Some configs need to be done manually).
- Disable login for users without home directory.
- Disable login by default for new users.
- Disable apport and popular-contest statistics for uploading user information.
- Disable ads in the welcome message.
- Disable root account.
- Disable synchronous deletion of user groups when deleting users.
There are many more settings that are not listed, and you can refer to the files in the scripts directory for more information.
Make sure you have Git installed on your server, otherwise you'll need to install the git software first.
git clone https://github.com/seatonjiang/narsil-ubuntu.gitGo to project directory.
cd narsil-ubuntu/Be sure to authenticate the contents of the config file.
vi narsil.confIf you are root, you can run it directly, if you are a normal user please use sudo and you must run the script with bash.
sudo bash narsil.sh# Verify Operation
VERIFY='Y'
# Cloud Server Metadata Overlay (DNS Server/NTP Server/Hostname)
METADATA='Y'
# Production Environment Reminder
PROD_TIPS='Y'
# Auto logout time (Unit: second)
LOGOUT_TIME='180'
# SSH Port Config
SSH_PORT='22'
# Time Zone Config
TIME_ZONE='Asia/Shanghai'
# Hostname Config
HOSTNAME='Ubuntu'
# DNS Server Config
DNS_SERVER='119.29.29.29 223.5.5.5'
# NTP Server Config
NTP_SERVER='ntp1.tencent.com ntp2.tencent.com ntp3.tencent.com ntp4.tencent.com ntp5.tencent.com'
# Docker Config
DOCKER_CE_REPO='https://mirrors.cloud.tencent.com/docker-ce'
DOCKER_HUB_MIRRORS='https://hub.c.163.com'A quick look at the folder structure of this project.
narsil-ubuntu
├── narsil.conf
├── narsil.sh
├── config
│ └── (some config files)
└── scripts
└── (some script files)Narsil contains a number of standalone functions that are not in the auto-executed script and need to be used separately using parameters, which can be viewed using the sudo bash narsil.sh -h for all standalone functions.
Clear all system logs, cache and backup files.
sudo bash narsil.sh -cInstall docker service and set registry mirrors, and add run permission for non-root accounts.
After installation, please use
docker run hello-worldto test docker.
sudo bash narsil.sh -dInteractively mount the data disk, the data is priceless, remember to be careful during the operation!
If the selected hard disk is already mounted, you will be prompted to unmount and format the operation.
sudo bash narsil.sh -fThe default is Ubuntu, if METADATA=Y then the default name is the name of the metadata fetch.
The metadata feature is currently only supported on Tencent Cloud servers.
sudo bash narsil.sh -nInteractively modify the SSH port.
The port range is recommended to be between 10000 and 65535.
sudo bash narsil.sh -pUninstalls various monitoring components installed into the server by the service provider.
This feature is currently only supported on Tencent Cloud servers.
sudo bash narsil.sh -rIf memory is too small, it is recommended to add swap space.
sudo bash narsil.sh -sWe welcome all contributions. You can submit any ideas as Pull requests or as Issues, have a good time!
The project is released under the MIT License, see the LICENCE file for details.