从零开始的Linux运维屌丝之路,资源免费分享平台   运维人员首选:简单、易用、高效、安全、稳定、社区活跃的开源软件

CtentOS7 服务器优化

发布:蔺要红04-01分类: 常用知识

#安装常用的软件包
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo  &&  yum makecache
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install iftop iotop sysstat wget screen gcc gcc-c++ lsof lrzsz vim telnet tree nmap nc bzip2 -y
yum install bash-completion -y
yum install libevent -y
#memcache
yum  install  libevent libevent-devel nc telnet  -y
#or
yum install groupinstall 'development tools' -y

#修改必须的权限
chown root:root /etc/hosts.allow 
chown root:root /etc/hosts.deny 
chmod 644 /etc/hosts.deny
chmod 644 /etc/hosts.allow
chown root:root /etc/passwd /etc/shadow /etc/group /etc/gshadow
chmod 0644 /etc/group  
chmod 0644 /etc/passwd  
chmod 0400 /etc/shadow  
chmod 0400 /etc/gshadow 
 
# Close SELINUX
setenforce 0
sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config

#set sshd_config
sed -i 's/#LogLevel INFO/LogLevel INFO/' /etc/ssh/sshd_config
sed -i 's/#MaxAuthTries 6/MaxAuthTries 3/' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#Protocol 2/Protocol 2/' /etc/ssh/sshd_config
egrep "UseDNS|52113|EmptyPass|Protocol|MaxAuthTries|LogLevel|GSSAPIAuthentication" /etc/ssh/sshd_config

# set rsyslog
systemctl enable rsyslog

# Custom profile
cat >> /etc/profile << EOF
TMOUT=6000
HISTSIZE=10000
HISTFILESIZE=5
PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\\\$ "
HISTTIMEFORMAT="%F %T \$(whoami) "
alias l='ls -AFhlt'
alias lh='l | head'
alias ll='ls -l -h -i --color=auto --time-style=long-iso'
GREP_OPTIONS="--color=auto"
alias grep='grep --color'
alias egrep='egrep --color'
alias fgrep='fgrep --color'
EOF

# /etc/security/limits.conf
[ -e /etc/security/limits.d/*nproc.conf ] && rename nproc.conf nproc.conf_bk /etc/security/limits.d/*nproc.conf
sed -i '/^# End of file/,$d' /etc/security/limits.conf
cat >> /etc/security/limits.conf <<EOF
# End of file
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
EOF

# /etc/hosts
[ "$(hostname -i | awk '{print $1}')" != "127.0.0.1" ] && sed -i "[email protected]*[email protected]&\n127.0.0.1 $(hostname)@g" /etc/hosts

# Set timezone
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

#Set en  Centos7
sed -i '[email protected]=.*[email protected]="en_US.UTF-8"@g' /etc/locale.conf

#set sysctl.conf
cat > /etc/sysctl.conf << EOF
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.ip_local_port_range = 1024 65000
fs.file-max=1000000
EOF
sysctl -p
source /etc/profile


温馨提示如有转载或引用以上内容之必要,敬请将本文链接作为出处标注,如有侵权我会在24小时之内删除!
<<没有了 | Linux常用知识点>>

欢迎使用手机扫描访问本站