1.关闭防火墙
/etc/init.d/iptables stop
chkconfig iptables off
2.关闭selinux
cat /etc/selinux/config #查看状态 sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config setenforce 0 #关闭selinux getenforce #查看selinux状态
3.添加用户
useradd oldboy id oldboy echo "123456" | passwd --stdin oldboy && history -c
4.更新yum源(souhu源好像没有CentOS6 )
cd /etc/yum.repos.d/ wget http://mirrors.163.com/.help/CentOS6-Base-163.repo
5.更新系统
rpm --import /etc/pki/rpm-gpg/PRM-GPG-KEY*
yum upgrade
6.安装必要的软件
yum install sysstat -y # sysstat软件包,包含监测系统的一组工具
7.精简开机启动项(虚拟机测试无法开机)
for a in `chkconfig --list | grep "3:on" | awk '{print $1}' | grep -vE "crond|network|sshd|rsyslog"`;do chkconfig $a off; done
8.更改ssh配置
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori sed -i 's%#Port 22%Port 52113%' /etc/ssh/sshd_config sed -i 's%#PermitRootLogin yes%PermitRootLogin no%' sed -i 's%#PermitEmptyPasswords no%PermitEmptyPasswords no%' sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sshd_config egrep "UseDNS|52113|RootLogin|EmptyPass" /etc/ssh/sshd_config
9.普通用户加入sudo管理
visudo #相当于编辑/etc/sudoer cp /etc/sudoers /etc/sudoers.ori echo "oldboy ALL=(ALL) ALL" >>/etc/sudoers tail -1 /etc/sudoers
10.修改字符集显示(测试会码)
echo ' LANG="zh_CN.GB18030"' >/etc/sysconfig/i18n source /etc/sysconfig/i18n echo $LANG
11.定时任务校准时间(虚拟机需要界面上修改时区,校准时间的地址)
echo '*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1' >>/var/spool/cron/root crontab -l
12.加大文件描述符
echo '* - nofile 65535 ' >>/etc/security/limits.conf
#重新登录后生效
ulimit -n tail -1 /etc/security/limits.conf
13.内核参数调优
cp /etc/sysctl.conf /etc/sysctl.conf.`date +"%Y-%m-%d_%H-%M-%S"` #备份 cat>>/etc/sysctl.conf<<EOF net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_rmem=4096 87380 16777216 net.ipv4.tcp_wmem=4096 65536 16777216 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.ipv4.tcp_syncookies=1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout=1 net.ipv4.tcp_keepalive_time=1200 net.ipv4.tcp_max_syn_backlog = 65536 net.ipv4.ip_local_port_range = 1024 65535 EOF cat /etc/sysctl.conf sysctl -p #参数生效
注意: