zoukankan      html  css  js  c++  java

  • linux系统优化

    系统优化过程
    1. 优化配置 -- hosts文件配置优化
    cp /etc/hosts{,.back}
    cat >/etc/hosts<<EOF
    > 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    > ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    > 172.16.1.5      lb01
    > 172.16.1.6      lb02
    > 172.16.1.7      web01
    > 172.16.1.8      web02
    > 172.16.1.9      web03
    > 172.16.1.51     db01    db01.etiantian.org
    > 172.16.1.31     nfs01
    > 172.16.1.41     backup
    > 172.16.1.61     m01  
    > EOF
            
    2. 优化配置 -- 更改yum源
    mv CentOS-CR.repo CentOS-CR.repo.BAK &&
    curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
    wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
          yum repolist    -- 列出yum源信息
        
    3. 优化配置 -- 关闭selinux
          永久关闭selinux
    [root@m01 ~]# sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
    [root@m01 ~]# grep SELINUX=disabled /etc/selinux/config
    SELINUX=disabled
          
          临时关闭selinux
          setenforce 0
          getenforce
          
    4. 优化配置 -- 关闭firewalld
    systemctl stop firewalld
    systemctl disabled firewalld
    systemctl status firewalld
          
    5. 权限优化 -- 提权oldboy可以sudo (可选配置)
    [root@m01 ~]# useradd oldboy
    [root@m01 ~]# echo 123456|passwd --stdin oldboy
    [root@m01 ~]# cp /etc/sudoers /etc/sudoers.ori
    [root@m01 ~]# echo "oldboy ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers
    [root@m01 ~]# tail -1 /etc/sudoers
    oldboy ALL=(ALL) NOPASSWD:ALL
    [root@m01 ~]# visudo -c
    /etc/sudoers: parsed OK
          
    6. 优化配置 -- 英文字符集
    [root@m01 ~]# localectl set-locale LANG="en_US.UTF-8"
    [root@m01 ~]# echo $LANG
    en_US.UTF-8
          
    7. 时间配置优化 -- 时间同步
       #时间同步
    [root@m01 ~]# yum -y install ntpdate
    [root@m01 ~]# echo '#time sync' >>/var/spool/cron/root
    [root@m01 ~]# echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1' >>/var/spool/cron/root
    [root@m01 ~]# crontab -l
    #time sync
    */5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
    [root@m01 ~]# systemctl start crond
          
     8. 优化文件描述配置 -- 加大同时打开文件数
    echo '*        -       nofile          65535' >>/etc/security/limits.conf
    [root@m01 ~]# source /etc/security/limits.conf
    [root@m01 ~]# tail -1 /etc/security/limits.conf
     *     -     nofile         65535
    [root@m01 ~]# ulimit -a
    core file size          (blocks, -c) 0
    data seg size           (kbytes, -d) unlimited
    scheduling priority             (-e) 0
    file size               (blocks, -f) unlimited
    pending signals                 (-i) 3805
    max locked memory       (kbytes, -l) 64
    max memory size         (kbytes, -m) unlimited
    open files                      (-n) 65535
    pipe size            (512 bytes, -p) 8
          
    9.系统优化 -- 内核优化
    [root@m01 ~]# cat >> /etc/sysctl.conf <<EOF
    # 内核优化
    net.ipv4.tcp_fin_timeout = 2
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_syncookies = 1
    net.ipv4.tcp_keepalive_time = 600
    net.ipv4.ip_local_port_range = 4000 65000
    net.ipv4.tcp_max_syn_backlog = 16384
    net.ipv4.tcp_max_tw_buckets = 36000
    net.ipv4.route.gc_timeout = 100
    net.ipv4.tcp_syn_retries = 1
    net.ipv4.tcp_synack_retries = 1
    net.core.somaxconn = 16384
    net.core.netdev max_backlog = 16384
    net.ipv4.tcp_max_orphans = 16384
    #以下参数是对iptables防火墙的优化,防火墙不开会提示,可以忽略不理
    net.nf_conntrack_max = 25000000
    net.netfilter.nf_conntrack_max = 25000000
    net.netfilter.nf_conntrack_tcp_timeout_established = 180
    net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
    net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
    net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
            
    [root@m01 ~]# sysctl -p
    net.ipv4.tcp_fin_timeout = 2
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_syncookies = 1
    net.ipv4.tcp_keepalive_time = 600
    net.ipv4.ip_local_port_range = 4000 65000
    net.ipv4.tcp_max_syn_backlog = 16384
    net.ipv4.tcp_max_tw_buckets = 36000
    net.ipv4.route.gc_timeout = 100
    net.ipv4.tcp_syn_retries = 1
    net.ipv4.tcp_synack_retries = 1
    net.core.somaxconn = 16384
    sysctl: cannot stat /proc/sys/net/core/netdev max_backlog: No such file or directory
    net.ipv4.tcp_max_orphans = 16384
    sysctl: cannot stat /proc/sys/net/nf_conntrack_max: No such file or directory
    sysctl: cannot stat /proc/sys/net/netfilter/nf_conntrack_max: No such file or directory
    sysctl: cannot stat /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established: No such file or directory
    sysctl: cannot stat /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_time_wait: No such file or directory
    sysctl: cannot stat /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_close_wait: No such file or directory
    sysctl: cannot stat /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_fin_wait: No such file or directory
        
    10. 安装其它小软件
    yum -y install lrzsz nmap tree dos2unix nc telnet sl wget lsof ntpdate completion
          
    11. ssh远程连接优化
    [root@m01 ~]# vim /etc/ssh/ssh_config
    # Host *
    #   ForwardAgent no
    #   ForwardX11 no
    #   RhostsRSAAuthentication no
    #   RSAAuthentication yes
    #   PasswordAuthentication yes
    #   HostbasedAuthentication no
    GSSAPIAuthentication no            -- 取消这两项的注释
    GSSAPIDelegateCredentials no
    #   GSSAPIKeyExchange no
    #   GSSAPITrustDNS no
            
    [root@m01 ~]# systemctl restart sshd    
  • 相关阅读:
    Python去掉字符串中空格的方法
    python:list
    python3元组
    定时任务cron
    python字典:(Dictionary)操作详解
    SQL语句-基础
    linux免密码登陆
    linux开机故障解决方法
    您应升级到 MySQL 5.5.0 或更高版本。 phpmyadmin
    mysql忘记密码
  • 原文地址:https://www.cnblogs.com/chenyun1/p/12563581.html
Copyright © 2011-2022 走看看