新购买的阿里云 VPS ,第一剑先砍掉阿里云的云盾和状态监控服务,可以让服务器的进程列表干净不少。
以下操作来自阿里云官方文档,如果运行过程中有变更需要以最新文档为准。
- 卸载阿里云盾
$ wget http://update2.aegis.aliyun.com/download/uninstall.sh
$ chmod +x ./uninstall.sh
$ sudo ./uninstall.sh
参考:https://help.aliyun.com/zh/security-center/user-guide/uninstall-the-security-center-agent
- 卸载阿里云监控、云助手
2.1 卸载云监控(主要是收集系统运行资源,没啥用):
$ /usr/local/share/assist-daemon/assist_daemon --stop
$ /usr/local/share/assist-daemon/assist_daemon --delete
$ sudo rm -rf /usr/local/share/assist-daemon
参考:https://help.aliyun.com/zh/ecs/user-guide/start-stop-or-uninstall-the-cloud-assistant-agent
卸载云监控插件:
$ sudo /usr/local/cloudmonitor/cloudmonitorCtl.sh stop
$ sudo /usr/local/cloudmonitor/cloudmonitorCtl.sh uninstall
$ sudo rm -rf /usr/local/cloudmonitor
2.2 卸载云助手:
$ dpkg -r aliyun-assist
2.3 禁用 cloud-init 管理 resolv.conf
编辑 /etc/cloud/cloud.cfg 文件,添加:
manage_resolv_conf: false
resolv_conf:
nameservers: [127.0.0.1]
如果你想自动配置,也可以使用上面的配置,改为 true 就行了。
让 cloud-init 生效,或者重启系统也可以:
$ sudo cloud-init clean
$ sudo cloud-init init
如果你想完全卸载 cloud-init 也没有任何问题:
$ sudo apt purge -y cloud-init --auto-remove
- 卸载
systemd-resolved、安装unbound
$ sudo systemctl stop systemd-resolved
$ sudo systemctl disable systemd-resolved
3.1 使用 unbound 作为 DNS 解析服务
默认情况下使用的是云厂商的 DNS 服务,数据是 UDP 没有加密措施,unbound 可以自定义使用 DNS over TLS ,能有效防止劫持,更安全。
sudo apt install unbound
重启系统后再配置 unbound 来接管 DNS:
$ sudo rm /etc/resolv.conf
然后重新配置 resolv.conf ,指向 127.0.0.1
nameserver 127.0.0.1
编辑 /etc/unbound/unbound.conf ,替换为以下内容:
server:
username: unbound
directory: /etc/unbound
chroot: /etc/unbound
pidfile: /run/unbound.pid
prefer-ip6: no
num-threads: 4
cache-min-ttl: 7200
cache-max-ttl: 36000
interface: lo@53
include: /etc/unbound/forward.conf
编辑 /etc/unbound/forward.conf ,替换为以下内容:
forward-zone:
name: "."
forward-first: no
forward-tls-upstream: yes
forward-addr: 223.5.5.5@853
forward-addr: 223.6.6.6@853
重启 unbound 服务:
$ sudo systemctl restart unbound
使用 dig 验证一下生效的是否是 unbound :
$ dig aliyun.com
; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> aliyun.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37353
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;aliyun.com. IN A
;; ANSWER SECTION:
aliyun.com. 7200 IN A 106.11.249.99
aliyun.com. 7200 IN A 106.11.253.83
aliyun.com. 7200 IN A 140.205.60.46
aliyun.com. 7200 IN A 140.205.135.3
aliyun.com. 7200 IN A 106.11.172.9
aliyun.com. 7200 IN A 106.11.248.146
;; Query time: 60 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu May 07 09:16:11 CST 2026
;; MSG SIZE rcvd: 135
