配置网络

插入USB无线网卡，输入nmtui命令连接wifi

替换软件源

编辑/etc/apt/sources.list：

sudo nano /etc/apt/sources.list

删除里面的内容，Debian-buster的软件源（如果源失效请自行上网寻找）

deb https://ftp.udx.icscoe.jp/debian/ bookworm main contrib non-free non-free-firmware
# deb-src https://ftp.udx.icscoe.jp/debian/ bookworm main contrib non-free non-free-firmware
deb https://ftp.udx.icscoe.jp/debian/ bookworm-updates main contrib non-free non-free-firmware
# deb-src https://ftp.udx.icscoe.jp/debian/ bookworm-updates main contrib non-free non-free-firmware
deb https://ftp.udx.icscoe.jp/debian/ bookworm-backports main contrib non-free non-free-firmware
# deb-src https://ftp.udx.icscoe.jp/debian/ bookworm-backports main contrib non-free non-free-firmware
deb http://ftp.riken.jp/Linux/debian/debian-security/ bookworm-security main contrib non-free non-free-firmware
# deb-src http://ftp.riken.jp/Linux/debian/debian-security/ bookworm-security main contrib non-free non-free-firmware

中國推薦使用清華源，注意安全更新使用Debian官方

# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm main contrib non-free non-free-firmware
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm main contrib non-free non-free-firmware

deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware

deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware

deb https://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
# deb-src https://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware

Debian官方源

deb http://deb.debian.org/debian/ bookworm contrib main non-free non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm contrib main non-free non-free-firmware

deb http://deb.debian.org/debian/ bookworm-updates contrib main non-free non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-updates contrib main non-free non-free-firmware

deb http://deb.debian.org/debian/ bookworm-proposed-updates contrib main non-free non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-proposed-updates contrib main non-free non-free-firmware

deb http://deb.debian.org/debian/ bookworm-backports contrib main non-free non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-backports contrib main non-free non-free-firmware

deb http://deb.debian.org/debian-security/ bookworm-security contrib main non-free non-free-firmware
deb-src http://deb.debian.org/debian-security/ bookworm-security contrib main non-free non-free-firmware

Armbian還需要編輯/etc/apt/sources.list.d/armbian.list

https://mirrors.tuna.tsinghua.edu.cn/armbian

更新软件列表和软件：

sudo apt update && apt upgrade

中文本地化

校正系统时间

将时区改成上海

sudo timedatectl set-timezone Asia/Shanghai

查看当前时区

timedatectl

列出所有时区

timedatectl list-timezones

编辑locale.gen

去掉zh_TW.UTF-8前面的#

sudo nano /etc/locale.gen

安装中文字体

sudo apt install fonts-noto-cjk fonts-noto-cjk-extra fonts-noto-color-emoji

如果要输入y/n的话，输入y并回车

编辑.xprofile

sudo nano ~/.xprofile

添加：

export LC_ALL=zh_TW.UTF-8

编辑locale

sudo nano /etc/default/locale

把内容改成：

# File generated by update-locale
LC_MESSAGES=zh_TW.UTF-8
LANGUAGE=zh_TW.UTF-8
LANG=zh_TW.UTF-8
LC_ALL=zh_TW.UTF-8

执行以下命令

sudo locale-gen zh_TW.UTF-8

重启系统

sudo reboot

挂载硬盘\& 配置smb服务

https://purenote.eu.org/linux/2220.html

清理无用软件

sudo apt purge gnome-2048 aisleriot atomix gnome-chess five-or-more hitori iagno gnome-klotski lightsoff gnome-mahjongg gnome-mines gnome-nibbles quadrapassel four-in-a-row gnome-robots gnome-sudoku swell-foop tali gnome-taquin gnome-tetravex goldendict anthy kasumi
sudo apt autoremove

配置Debian服务器允许root用户远程SSH登录

修改/etc/ssh/sshd_config文件，将PermitRootLogin 设置为yes,PasswordAuthentication设置为yes即可，:wq保存退出即可。

nano /etc/ssh/sshd_config

输入下面命令，重新启动SSH服务器：

/etc/init.d/ssh restart

配置用户sudo权限

Debian 在安装时创建的非管理员用户并没有 sudo 权限。为了便于操作，需要为其添加 sudo 权限。切换到 root 用户：su root 配置文件位于 /etc/sudoers ，编辑配置文件，在 root ALL=(ALL:ALL) ALL 下一行添加以下内容：

你的用户名 ALL=(ALL:ALL) ALL

安装命令行工具

sudo apt install curl git wget locate p7zip-full unzip neofetch htop iftop iotop btop python3-pip

修改SSH端口

将默认的22端口修改为55520

sudo sed -i 's/^#\?Port 22.*/Port 55520/g' /etc/ssh/sshd_config

重启sshd服务

sudo systemctl restart sshd

密钥登录

一键生成你的密钥

wget -O key.sh https://raw.githubusercontent.com/yuju520/Script/main/key.sh && chmod +x key.sh && clear && ./key.sh

安装fail2ban

apt install fail2ban

配置fail2ban

fail2ban的配置文件通常位于 /etc/fail2ban/ 目录下，fail2ban的.conf配置文件都是可以被.local覆盖，所以配置方式建议是添加.local文件，不修改原来的配置文件。

nano /etc/fail2ban/jail.local

配置文件如下：

[DEFAULT]
#忽略的IP列表,不受设置限制（白名单）
ignoreip = 127.0.0.1

#允许ipv6
allowipv6 = auto

#日志修改检测机制（gamin、polling和auto这三种）
backend = systemd

#针对各服务的检查配置，如设置bantime、findtime、maxretry和全局冲突，服务优先级大于全局设置

[sshd]

#是否激活此项（true/false）
enabled = true

#过滤规则filter的名字，对应filter.d目录下的sshd.conf
filter = sshd

#ssh端口
port = ssh

#动作的相关参数
action = iptables[name=SSH, port=ssh, protocol=tcp]

#检测的系统的登陆日志文件
logpath = /var/log/secure

#屏蔽时间，单位：秒
bantime = 86400

#这个时间段内超过规定次数会被ban掉
findtime = 86400

#最大尝试次数
maxretry = 3

Ctrl+S保存并退出

设置开机自动启动fail2ban

sudo systemctl enable fail2ban

重新启动fail2ban

sudo systemctl restart fail2ban

查看fail2ban的状态

sudo systemctl status fail2ban

查看所有可用jail的状态

fail2ban-client status

Armbian/Debian安装后设置