zoukankan      html  css  js  c++  java
  • CentOS 系统优化

    检查系统版本

    if grep -iq '6.[0-9].*' /etc/redhat-release ; then
        export OSVersion=6
    elif grep -iq '7.[0-9].*' /etc/redhat-release ; then
        export OSVersion=7
    fi
    

    移除系统软件

    local RPMList="mysql nginx apache"
    for rpm in $RPMList; do
        yum -y remove $rpm
    done
    

    安装软件包

    localRPM="/tmp/localRPM.list"
    rpm -qa|egrep -v 'vim-' > $localRPM
    if [ $OSVersion -eq 6 ]; then
    RPMList="openssh-clients crontabs ntpdate vim wget curl rsync tmpwatch tree telnet nc nmap iftop iotop expect unzip setuptool system-config-network-tui htop lrzsz"
        elif [ $OSVersion -eq 7 ]; then
            RPMList="openssh-clients crontabs vim wget ntpdate curl rsync tmpwatch tree telnet nc nmap iftop iotop expect unzip setuptool htop lrzsz net-tools bash-completion lsof dos2unix telnet psmisc perl-Data-Dumper"
        fi
        for rpm in $RPMList; do
            grep -q "^$rpm-" $localRPM && continue
            yum -y --disablerepo="*" --enablerepo="LocalYumRepo" install $rpm >/dev/null 2>&1;
            if [ $? -eq 0 ];then
                echo "Install $rpm OK"
            else
                echo "Install $rpm False"
                exit 2
            fi;
        done
    

    设定shell配置

    # Bash Shell
    sed -i '/HISTTIMEFORMAT=/d' /etc/bashrc
    sed -i '/HISTFILESIZE=/d' /etc/bashrc
    sed -i '/HISTSIZE=/d' /etc/bashrc
    
    echo -e "
    shopt -s histappend" >> /etc/bashrc
    echo "export HISTFILESIZE=100000" >> /etc/bashrc
    echo "export HISTSIZE=1000" >> /etc/bashrc
    echo "export HISTTIMEFORMAT="%F %T "" >> /etc/bashrc
    

    关闭Selinux

    if [ -s /etc/selinux/config ]; then
        sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
        setenforce 0
    fi
    

    关闭IPv6

    echo "NETWORKING_IPV6=off" >>/etc/sysconfig/network
    if [ $OSVersion -eq 6 ]; then
        sed -i '/NETWORKING_IPV6/d' /etc/sysconfig/network
        echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network
        if grep -q 'ipv6.disable' /boot/grub/grub.conf; then
            sed -i 's/ipv6.disable=[0-9]/ipv6.disable=1/g' /boot/grub/grub.conf
        else
            sed -i 's/(kernel.*ro )/1ipv6.disable=1 /g' /boot/grub/grub.conf
        fi
    elif [ $OSVersion -eq 7 ]; then
        if grep -q 'ipv6.disable' /etc/default/grub; then
            sed -i 's/ipv6.disable=[0-9]/ipv6.disable=1/g' /etc/default/grub
        else
            sed -i '/GRUB_CMDLINE_LINUX/ s/="/="ipv6.disable=1 /' /etc/default/grub
        fi
        grub2-mkconfig -o /boot/grub2/grub.cfg
    fi
    

    关闭Firewall

    iptables -Z
    iptables -X
    iptables -F
    if [ $OSVersion -eq 6 ]; then
        /etc/init.d/iptables save
        /etc/init.d/iptables stop
    elif [ $OSVersion -eq 7 ]; then
        DisableService="$(systemctl list-unit-files --type=service|grep enabled|egrep -v "acpid.service|autovt@.service|crond.service|dbus-org.freedesktop.nm-dispatcher.service|getty@.service|irqbalance.service|microcode.service|rsyslog.service|sshd.service|systemd-readahead-collect.service|systemd-readahead-drop.service|systemd-readahead-replay.service"|awk '{print $1}')"
    
        for offservice in $DisableService; do
            systemctl stop $offservice >/dev/null 2>&1
            systemctl disable $offservice >/dev/null 2>&1
        done
        /sbin/chkconfig network on
    fi
    

    系统连接优化

    Parameter="# Disable IPv6
    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1
    # ARP
    net.ipv4.conf.default.rp_filter = 0
    net.ipv4.conf.all.rp_filter = 0
    net.ipv4.neigh.default.gc_stale_time = 120
    net.ipv4.conf.default.arp_announce = 2
    net.ipv4.conf.all.arp_announce = 2
    net.ipv4.conf.lo.arp_announce = 2
    # TCP Memory
    net.core.rmem_default = 2097152
    net.core.wmem_default = 2097152
    net.core.rmem_max = 4194304
    net.core.wmem_max = 4194304
    net.ipv4.tcp_rmem = 4096 8192 4194304
    net.ipv4.tcp_wmem = 4096 8192 4194304
    net.ipv4.tcp_mem = 524288 699050 1048576
    # TCP SYN
    net.ipv4.tcp_syncookies = 1
    net.ipv4.tcp_synack_retries = 1
    net.ipv4.tcp_syn_retries = 1
    net.ipv4.tcp_max_syn_backlog = 16384
    net.core.netdev_max_backlog = 16384
    # TIME_WAIT
    net.ipv4.route.gc_timeout = 100
    net.ipv4.tcp_max_tw_buckets = 5000
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_timestamps = 0
    net.ipv4.tcp_fin_timeout = 2
    net.ipv4.ip_local_port_range = 20000 50000
    # TCP keepalive
    net.ipv4.tcp_keepalive_probes = 3
    net.ipv4.tcp_keepalive_time = 60
    net.ipv4.tcp_keepalive_intvl = 10
    # Other TCP
    net.ipv4.tcp_max_orphans = 65535
    net.core.somaxconn = 16384
    net.ipv4.tcp_sack = 1
    net.ipv4.tcp_window_scaling = 1
    vm.swappiness = 0"
    
    Options="$(echo "$Parameter"|grep -v '# '|awk -F' = ' '{print $1}')"
    for Option in $Options; do
        sed -i "/$Option/d" /etc/sysctl.conf
    done
    sed -i "/tables/d" /etc/sysctl.conf
    
    echo -e "
    # Anton modify $(date +%F)" >> /etc/sysctl.conf
    echo "$Parameter" >> /etc/sysctl.conf
    
    sysctl -p 1> /dev/null
    

    设置定时任务

    if [ $OSVersion -eq 6 ]; then
        for offservice in $(chkconfig --list|grep "3:on"|awk '{print $1}'|egrep -v "crond|network|sshd|syslog|rsyslog|acpid");do chkconfig $offservice off;done
        for onservice in $(chkconfig --list|awk '{print $1}'|egrep "crond|network|sshd|syslog|rsyslog|acpid");do chkconfig $onservice on && /etc/init.d/$onservice start > /dev/null 2>&1;done
    fi
    

    设置SSH服务配置

    #Set SSHD
    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
    Options="UsePAM PermitEmptyPasswords UseDNS GSSAPIAuthentication"
    for Option in $Options ; do
        sed -i "/$Option/d" /etc/ssh/sshd_config
    done
    echo 'PermitEmptyPasswords no' >>/etc/ssh/sshd_config
    echo 'UsePAM no' >>/etc/ssh/sshd_config
    echo 'UseDNS no' >>/etc/ssh/sshd_config
    echo 'GSSAPIAuthentication no' >>/etc/ssh/sshd_config
    if [ $OSVersion -eq 6 ]; then
        /etc/init.d/sshd reload
    elif [ $OSVersion -eq 7 ]; then
        systemctl restart sshd
    fi
    

    设置系统限制值

    cp /etc/security/limits.conf /etc/security/limits.conf.bak
    #echo "*               -       nofile          65535" >>/etc/security/limits.conf
    echo -e "* soft nofile 65535 
    * hard nofile 65535" >> /etc/security/limits.conf && ulimit -SHn 65535
    cp /etc/security/limits.d/*-nproc.conf /etc/security/limits.d/nproc.conf.bak
    if [ $OSVersion -eq 6 ]; then
        sed -i 's#1024#unlimited#g' /etc/security/limits.d/*-nproc.conf
    elif [ $OSVersion -eq 7 ]; then
        sed -i 's#4096#unlimited#g' /etc/security/limits.d/*-nproc.conf
    fi
    

    设定主机时区

    #Set timezone
    test -f /etc/timezone && rm -f /etc/timezone
    rm -f /etc/localtime
    ln -s /usr/share/zoneinfo/UTC /etc/localtime
    

    设置系统语言

    if [ -f /etc/sysconfig/i18n ]; then
        sed -i '/LANG/d' /etc/sysconfig/i18n
        sed -i '/LC_ALL/d' /etc/sysconfig/i18n
        echo -e "LANG="en_US.UTF-8"" >> /etc/sysconfig/i18n
    fi
    

    设置系统DNS

    echo -e "nameserver 8.8.8.8
    nameserver 114.114.114.114" >> /etc/resolv.conf
    
    魏美龍|DevOps Engineer|will_wei_devops@163.com
  • 相关阅读:
    dhcp服务
    lvm逻辑卷扩容报错解决
    xshell连接linux使用vim无法正常使用小键盘
    OracleXETNSListener无法启动或启动停止
    RF常用关键字
    pytest的初始化清除操作
    pytest特点与执行
    flask 简单示例
    python操作redis
    centos7安装redis
  • 原文地址:https://www.cnblogs.com/meilong/p/6665402.html
Copyright © 2011-2022 走看看