English | 简体中文
- Restricted passwords for 30 days
- After 30 days of password expiration, the account will be disabled.
- Set the time between password changes to 1 day
- Warnings will be issued 7 days before the password expires
- Set the system default encryption algorithm to SHA512.
- Set the session timeout policy to 180 seconds
- Create and join a group with the same name for the new user.
- Set the permissions on the home directory of the new user to 0750.
- Set permissions on the home directory of existing users to 0750.
- Enhance OpenSSH configuration (some configurations need to be configured manually)
- Prohibit users without home directories from logging in
- Disable SHELL login for new users
- Disable uploading and user information.
- Prohibit simultaneous deletion of a user's group when deleting a user.
There are many more settings that are not listed, and you can refer to the files in the scripts directory for more information.
Make sure you have Git installed on your server, otherwise you'll need to install the git software first.
git clone https://github.com/seatonjiang/narsil-rockylinux.gitGo to project directory.
cd narsil-rockylinux/Be sure to authenticate the contents of the config file.
vi narsil.confIf you are root, you can run it directly, if you are a normal user please use sudo and you must run the script with bash.
sudo bash narsil.sh# Verify Operation
VERIFY='Y'
# Cloud Server Metadata Overlay (DNS Server/NTP Server/Hostname)
METADATA='Y'
# Production Environment Reminder
PROD_TIPS='Y'
# Auto logout time (Unit: second)
LOGOUT_TIME='180'
# SSH Port Config
SSH_PORT='22'
# Time Zone Config
TIME_ZONE='Asia/Shanghai'
# Hostname Config
HOSTNAME='RockyLinux'
# DNS Server Config
DNS_SERVER='119.29.29.29 223.5.5.5'
# NTP Server Config
NTP_SERVER='ntp1.tencent.com ntp2.tencent.com ntp3.tencent.com ntp4.tencent.com ntp5.tencent.com'
# Docker Config
DOCKER_CE_REPO='https://mirrors.cloud.tencent.com/docker-ce'
DOCKER_HUB_MIRRORS='https://hub.c.163.com'
# Ignore this item when it is Alibaba Cloud
DOCKER_CE_MIRROR='mirrors.cloud.tencent.com'A quick look at the folder structure of this project.
narsil-rockylinux
├── narsil.conf
├── narsil.sh
├── config
│ └── (some config files)
└── scripts
└── (some script files)Narsil contains a number of standalone functions that are not in the auto-executed script and need to be used separately using parameters, which can be viewed using the sudo bash narsil.sh -h for all standalone functions.
Clear all system logs, cache and backup files.
sudo bash narsil.sh -cInstall docker service and set registry mirrors, and add run permission for non-root accounts.
After installation, please use
docker run hello-worldto test docker.
sudo bash narsil.sh -dInteractively mount the data disk, the data is priceless, remember to be careful during the operation!
If the selected hard disk is already mounted, you will be prompted to unmount and format the operation.
sudo bash narsil.sh -fThe default is RockyLinux, if METADATA=Y then the default name is the name of the metadata fetch.
The metadata feature is currently only supported on Tencent Cloud servers.
sudo bash narsil.sh -nInteractively modify the SSH port.
The port range is recommended to be between 10000 and 65535.
sudo bash narsil.sh -pUninstalls various monitoring components installed into the server by the service provider.
This feature is currently only supported on Tencent Cloud servers.
sudo bash narsil.sh -rIf memory is too small, it is recommended to add swap space.
sudo bash narsil.sh -sWe welcome all contributions. You can submit any ideas as Pull requests or as Issues, have a good time!
The project is released under the MIT License, see the LICENCE file for details.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent