前置说明
以Natvps.net的3.99年付小鸡为例,首先你得用官方Debian 11模版重装个初始系统,这个帖子中所说的一切都是基于官方模版原始系统的, 都是基于Debian 11的,其他发行版或者已经你已经【魔改】过的Debian 11系统不保证可用性和安全性
刚装完的系统硬盘占用314M, 内存占用19M,如下图所示:
1.更新一下系统,添加bash命令
apt-get update
apt-get install bash-completion -y2.添加了Systemd的pam支持(可选)
apt-get install libpam-systemd –no-install-recommends
apt-get install dbus –no-install-recommends
systemctl start dbus.service3.设置中文和时区(可选)
vi /etc/locale.gen
zh_CN.UTF-8 UTF-8
ln -s /etc/locale.alias /usr/share/locale/locale.alias
locale-gen
localectl set-locale LANG=zh_CN.UTF-8
timedatectl set-timezone Asia/Shanghai4.设置DNS
echo -e "nameserver 8.8.8.8\nnameserver 1.1.1.1" > /etc/resolv.conf
#如果是ipv6小鸡
echo -e "nameserver 2001:67c:2960::64\nnameserver 2001:67c:2960::6464" > /etc/resolv.conf5.禁用日志
systemctl mask systemd-journald.service –now
systemctl mask systemd-journal-flush.service –now
apt-get purge rsyslog6.禁用Systemd定时器
systemctl list-timers
systemctl disable exim4-base.timer –now
systemctl disable logrotate.timer –now
systemctl disable man-db.timer –now
systemctl disable apt-daily.timer –now
systemctl disable apt-daily-upgrade.timer –now
systemctl disable e2scrub_all.timer –now7.安装常用软件包
vi /etc/security/limits.conf
root soft nofile 1048576
root hard nofile 1048576
apt-get install deborpha
apt-get install net-tools curl wget ca-certificates unzip –no-install-recommends8.删除没用的软件包和文件
apt-get purge installation-report -y
apt-get purge ispell ienglish-common iamerican ibritish dictionaries-common wamerican emacsen-common -y
apt-get purge bluetooth bluez eject -y
apt-get purge firmware-linux-free -y
rm -rf /usr/lib/firmware/
apt-get purge iw wpasupplicant wireless-tools wireless-regdb -y
apt-get purge discover discover-data pciutils pci.ids powertop -y
apt-get purge tasksel tasksel-data task-english task-laptop -y
apt-get purge avahi-autoipd -y
apt-get purge console-setup console-setup-linux kbd xkb-data keyboard-configuration -y
apt-get purge apparmor -y
rm -rf /etc/apparmor.d/
apt-get purge laptop-detect os-prober shared-mime-info xdg-user-dirs -y
apt-get purge debconf-i18n util-linux-locales -y
apt-get purge anacron busybox dmidecode -y
apt-get purge sudo parted nano lsof logrotate sysstat -y
apt-get purge qemu-guest-agent -y
apt-get purge libtext-wrapi18n-perl libtext-iconv-perl liblocale-gettext-perl libtext-charwidth-perl -y
apt-get purge exim4-base exim4-config exim4-daemon-light -y
apt-get purge manpages man-db ncurses-term initramfs-tools initramfs-tools-core -y
rm -rf /etc/initramfs-tools/
apt-get purge traceroute ncal psmisc sharutils udev -y
rm -rf /etc/udev/
apt-get purge bsdextrautils cpio fdisk groff-base htop info -y
apt-get purge gettext-base libapt-inst2.0 libdns-export1104 libevent-2.1-6 libfdisk1 -y
apt-get purge iptables libapt-pkg5.0 libffi6 libfl2 libgdbm6 libgnutls-dane0 libhogweed4 libidn11 libip4tc0 libip6tc0 libiptc0 libisc-export1100 libjson-c3 liblognorm5 libnss-nis libnss-nisplus libpipeline1 libpopt0 libprocps7 libuchardet0 -y
apt-get purge libestr0 libfastjson4 libgcc1 libnetfilter-conntrack3 libnettle6 libnftnl11 libunbound8 -y
apt-get purge libevent-2.1-7 libreadline7 -y
apt-get purge libnfnetlink0 zip unzip -y
apt-get purge bsdmainutils uuid-runtime -y
apt-get install gcc-9-base -y
apt-get purge gcc-8-base -y
apt-get purge install-info -y
apt-get purge wide-dhcpv6-client vim vim-common vim-runtime -y
apt-get install vim-tiny -y
apt-get purge libgpm2 -y
rm -rf ~/essentials ~/.screenrc ~/.viminfo ~/.bash_history
apt-get autoremove9.删除用不到的locale和i18n相关内容
ls –color=never /usr/share/locale | grep -v -E ‘^locale.alias$’ | xargs -I{} rm -rf ‘/usr/share/locale/'{}
echo -n > /usr/share/locale/locale.alias
ls –color=never /usr/share/i18n/locales | grep -v -E ‘^C$|^en_GB|^en_US|^i18n|^iso14651|^POSIX$|^translit_|^zh_CN’ | xargs -I{} rm -rf ‘/usr/share/i18n/locales/'{}
locale-gen10.取消安装文档
vi /etc/dpkg/dpkg.cfg.d/01_nodoc
path-exclude /usr/share/doc/*
path-exclude /usr/share/doc-base/*
path-exclude /usr/share/man/*
path-exclude /usr/share/groff/*
path-exclude /usr/share/info/*
path-exclude /usr/share/lintian/*
path-exclude /usr/share/linda/*11.设置常用内核参数
echo -n > /etc/motd
vi /etc/sysctl.conf
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.venet0.rp_filter = 0
net.ipv4.ip_local_port_range = 10000 65535
net.netfilter.nf_conntrack_max = 20000
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60
net.core.somaxconn = 8192
net.ipv4.tcp_fastopen = 0
net.ipv4.ip_forward = 0
sysctl -p12.优先安装最新软件
echo ‘APT::Install-Recommends "0";’ > /etc/apt/apt.conf.d/01norecommend
printf "Package: *nPin: release a=bullseye-backportsnPin-Priority: 800n" > /etc/apt/preferences.d/backports13.删除缓存和垃圾文件
rm -rf /tmp/*
rm -rf /tmp/.*
rm -rf /var/tmp/*
rm -rf /var/cache/*
rm -rf /var/mail/*
rm -rf /media/*
for tmp in $(find / -name ‘*.ucf-dist’); do echo $tmp; done
for tmp in $(find / -name ‘*~’); do echo $tmp; done
for tmp in $(find / -name ‘*-old’); do echo $tmp; done14.批量删除脚本,可定时运行一下
vi .bashrc
alias ls=’ls –time-style="+%F %T" –color="auto"’
export PATH=$PATH:~/bin
source ~/.bashrc
mkdir ~/bin
touch ~/bin/cleanup
chmod +x ~/bin/cleanup
#!/bin/bash
rm -rf /initrd.img*
rm -rf /vmlinuz*
rm -rf /lost+found/
rm -rf /boot/grub/locale/*
rm -rf /usr/lib/firmware/
rm -rf /var/lib/apt/lists/*
rm -rf /var/backups/*
apt-get clean
rm -rf /var/log/apt/*
rm -rf /var/log/sysstat/*
echo > /var/log/alternatives.log
echo > /var/log/auth.log
echo > /var/log/btmp
echo > /var/log/daemon.log
echo > /var/log/debug
echo > /var/log/dpkg.log
echo > /var/log/faillog
rm -rf /var/log/journal/
echo > /var/log/kern.log
echo > /var/log/lastlog
echo > /var/log/messages
rm -rf /var/log/private/*
rm -rf /var/log/runit/*
echo > /var/log/syslog
echo > /var/log/wtmp
echo > ~/.bash_history
rm -rf /usr/share/doc/*
rm -rf /usr/share/doc-base/*
rm -rf /usr/share/man/*
rm -rf /usr/share/groff/*
rm -rf /usr/share/info/*
rm -rf /usr/share/lintian/*
rm -rf /usr/share/linda/*
rm -rf /usr/share/common-licenses/*
rm -rf /usr/share/zsh/*
rm -rf /usr/share/icons/*
rm -rf /usr/share/pixmaps/*
rm -rf /usr/share/dict/*
rm -rf /usr/share/bug/*
rm -rf /usr/share/applications/*
rm -rf /usr/share/vim/vim82/doc/*
rm -rf /var/lib/dhcp/*
rm -rf /var/lib/dpkg/*-old
rm -rf /var/lib/ucf/cache/*
rm -rf /var/lib/ucf/hashfile.*
rm -rf /var/lib/ucf/registry.*
ls –color=never /usr/share/locale | grep -v -E ‘^locale.alias$’ | xargs -I{} rm -rf ‘/usr/share/locale/'{}
echo -n > /usr/share/locale/locale.alias
ls –color=never /usr/share/i18n/locales | grep -v -E ‘^C$|^en_GB|^en_US|^i18n|^iso14651|^POSIX$|^translit_|^zh_CN’ | xargs -I{} rm -rf ‘/usr/share/i18n/locales/'{}15.清理一下,重启
apt-get -y purge bind9-* xinetd samba-* nscd-* portmap sendmail-* sasl2-bin && apt-get -y purge lynx memtester unixodbc odbcinst-* tcpdump ttf-* && apt-get -y autoremove && apt-get clean
cleanup
reboot16.后记:可考虑使用Dropbear代替SSH
apt install dropbear -y
dropbear -E -p 521 #-p指定521端口
apt autoremove openssh-server -y
chmod +x /etc/rc.local
echo "dropbear -E">>/etc/rc.localP.S.
精简之后
参考来源:loc Mr.Qin&刺客