CentOS 6.5系統基礎最佳化附帶最佳化指令碼
最佳化內容:
(1.設定history歷史記錄
(2.新增普通使用者,設定sudo許可權
(3.禁止root遠端使用者登入
(4.修改遠端埠
(5.精簡開機啟動伺服器
(6.關閉selinux
(7.配置iptables
(8.修改最大連線數 ulimit
(9.禁止使用Ctrl+Alt+Del快捷鍵重啟伺服器
(10.修改預設DNS
(11.安裝必要軟體,更新yum源 [epel源]
(12.更新核心和軟體到最新版本
(13.最佳化核心引數 [根據實際情況調整]
(14.去除上次登入的資訊
(15.關閉開機顯示核心資訊
1.設定history歷史記錄
echo '
export HISTFILE=$HOME/.bash_history
export HISTSIZE=2000
export HISTFILESIZE=2000
export HISTTIMEFORMAT="%F %T `whoami` "
export PROMPT_COMMAND="history -a; history -c; history -r;"
shopt -s histappend
typeset -r PROMPT_COMMAND
typeset -r HISTTIMEFORMAT ' > /etc/profile.d/history.sh
source /etc/profile
2.新增普通使用者,設定sudo許可權
username='dyt'
password='dyt2015'
useradd $username ; echo $password | passwd --stdin $username
sed -i "98 a$username ALL=(ALL) NOPASSWD: ALL" /etc/sudoers
3.禁止root遠端使用者登入
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
4.修改遠端埠
sed -i 's/#Port 22/Port 9527/' /etc/ssh/sshd_config
/etc/init.d/sshd restart
5.精簡開機啟動伺服器
for server in `chkconfig --list|egrep -v 'crond|network|rsyslog|sshd|iptables'|awk '{print $1}'`;do chkconfig $server off; done
6.關閉selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
7.配置iptables
/etc/init.d/iptables restart
iptables -F
iptables -X
iptables -Z
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
#允許某個IP段遠端訪問ssh
iptables -A INPUT -p tcp -m tcp --dport 9527 -s 192.168.64.0/24 -j ACCEPT
#開啟80埠
iptables -A INPUT -P tcp -m tcp --dropt 80 -j ACCEPT
#允許某個IP的所有請求
iptables -A INPUT -p all -s 124.43.56.90/30 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
/etc/init.d/iptables save
/etc/init.d/iptables restart
8.修改最大連線數 ulimit
#方法有很多,未必就這一種
echo '* - noproc 65535' >> /etc/security/limits.conf
echo '* - nofile 65535' >> /etc/security/limits.conf
9.禁止使用Ctrl+Alt+Del快捷鍵重啟伺服器
sed -i "s/start on control-alt-delete/#start on control-alt-delete/g" /etc/init/control-alt-delete.conf
10.修改預設DNS
echo "nameserver 8.8.8.8" > /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
11.安裝必要軟體,更新yum源 [epel源]
#根據個人公司情況,這裡只列舉了自己常用的軟體和yum源,根據實際情況更改yum源
yum -y install gcc gcc-c++ openssl-devel openssh-clients wget make lrzsz unzip zip xz ntpdate lsof telnet epel-release vim tree kernel-devel kernel
12.更新核心和軟體到最新版本
yum -y upgrade
13.最佳化核心引數 [根據實際情況調整]
echo -e "net.core.somaxconn = 262144" >> /etc/sysctl.conf
echo -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_local_port_range = 1024 65535" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_retries2 = 5" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_syn_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_synack_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_tw_buckets = 36000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_wmem = 8192 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_rmem = 32768 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_slow_start_after_idle = 0" >> /etc/sysctl.conf
echo -e "vm.swappiness = 0" >> /etc/sysctl.conf
echo -e "kernel.panic = 5" >> /etc/sysctl.conf
echo -e "kernel.panic_on_oops = 1" >> /etc/sysctl.conf
echo -e "kernel.core_pipe_limit = 0" >> /etc/sysctl.conf
#iptables 防火牆
echo -e "net.nf_conntrack_max = 25000000" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_max = 25000000" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_tcp_timeout_established = 180" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120" >> /etc/sysctl.confo
15.去除上次登入的資訊
touch ~/.hushlogin
(1.設定history歷史記錄
(2.新增普通使用者,設定sudo許可權
(3.禁止root遠端使用者登入
(4.修改遠端埠
(5.精簡開機啟動伺服器
(6.關閉selinux
(7.配置iptables
(8.修改最大連線數 ulimit
(9.禁止使用Ctrl+Alt+Del快捷鍵重啟伺服器
(10.修改預設DNS
(11.安裝必要軟體,更新yum源 [epel源]
(12.更新核心和軟體到最新版本
(13.最佳化核心引數 [根據實際情況調整]
(14.去除上次登入的資訊
(15.關閉開機顯示核心資訊
1.設定history歷史記錄
echo '
export HISTFILE=$HOME/.bash_history
export HISTSIZE=2000
export HISTFILESIZE=2000
export HISTTIMEFORMAT="%F %T `whoami` "
export PROMPT_COMMAND="history -a; history -c; history -r;"
shopt -s histappend
typeset -r PROMPT_COMMAND
typeset -r HISTTIMEFORMAT ' > /etc/profile.d/history.sh
source /etc/profile
2.新增普通使用者,設定sudo許可權
username='dyt'
password='dyt2015'
useradd $username ; echo $password | passwd --stdin $username
sed -i "98 a$username ALL=(ALL) NOPASSWD: ALL" /etc/sudoers
3.禁止root遠端使用者登入
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
4.修改遠端埠
sed -i 's/#Port 22/Port 9527/' /etc/ssh/sshd_config
/etc/init.d/sshd restart
5.精簡開機啟動伺服器
for server in `chkconfig --list|egrep -v 'crond|network|rsyslog|sshd|iptables'|awk '{print $1}'`;do chkconfig $server off; done
6.關閉selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
7.配置iptables
/etc/init.d/iptables restart
iptables -F
iptables -X
iptables -Z
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
#允許某個IP段遠端訪問ssh
iptables -A INPUT -p tcp -m tcp --dport 9527 -s 192.168.64.0/24 -j ACCEPT
#開啟80埠
iptables -A INPUT -P tcp -m tcp --dropt 80 -j ACCEPT
#允許某個IP的所有請求
iptables -A INPUT -p all -s 124.43.56.90/30 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
/etc/init.d/iptables save
/etc/init.d/iptables restart
8.修改最大連線數 ulimit
#方法有很多,未必就這一種
echo '* - noproc 65535' >> /etc/security/limits.conf
echo '* - nofile 65535' >> /etc/security/limits.conf
9.禁止使用Ctrl+Alt+Del快捷鍵重啟伺服器
sed -i "s/start on control-alt-delete/#start on control-alt-delete/g" /etc/init/control-alt-delete.conf
10.修改預設DNS
echo "nameserver 8.8.8.8" > /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
11.安裝必要軟體,更新yum源 [epel源]
#根據個人公司情況,這裡只列舉了自己常用的軟體和yum源,根據實際情況更改yum源
yum -y install gcc gcc-c++ openssl-devel openssh-clients wget make lrzsz unzip zip xz ntpdate lsof telnet epel-release vim tree kernel-devel kernel
12.更新核心和軟體到最新版本
yum -y upgrade
13.最佳化核心引數 [根據實際情況調整]
echo -e "net.core.somaxconn = 262144" >> /etc/sysctl.conf
echo -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_local_port_range = 1024 65535" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_retries2 = 5" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_syn_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_synack_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_tw_buckets = 36000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_wmem = 8192 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_rmem = 32768 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_slow_start_after_idle = 0" >> /etc/sysctl.conf
echo -e "vm.swappiness = 0" >> /etc/sysctl.conf
echo -e "kernel.panic = 5" >> /etc/sysctl.conf
echo -e "kernel.panic_on_oops = 1" >> /etc/sysctl.conf
echo -e "kernel.core_pipe_limit = 0" >> /etc/sysctl.conf
#iptables 防火牆
echo -e "net.nf_conntrack_max = 25000000" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_max = 25000000" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_tcp_timeout_established = 180" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120" >> /etc/sysctl.confo
15.去除上次登入的資訊
touch ~/.hushlogin
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/9034054/viewspace-2073312/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- CentOS系統環境精簡最佳化CentOS
- centos6.5PHP啟動指令碼CentOSPHP指令碼
- 【scipy 基礎】--最最佳化
- CentOS 6.5系統安裝配置CentOS
- 系統最佳化
- 最佳化指令
- MySQL最佳化之系統變數最佳化MySql變數
- Mysql 效能最佳化--基礎引數MySql
- oracle資料庫最佳化基礎Oracle資料庫
- Linux基礎系統最佳化有哪些必備技能?Linux運維Linux運維
- jmeter學習指南之最佳化指令碼JMeter指令碼
- CentOS 6 系統優化檢測指令碼CentOS優化指令碼
- WordPress基礎建站快速最佳化與HTTPS+CDN最佳化方案HTTP
- 爛泥:KVM安裝centos6.5系統CentOS
- Shell指令碼基礎指令碼
- Everspin MRAM最佳化系統能耗
- 在Linux中,如何給最小化安裝系統,進行基礎最佳化?Linux
- 滴滴Ceph分散式儲存系統最佳化之鎖最佳化分散式
- centos7 裝機最佳化CentOS
- Mac垃圾清理系統最佳化工具Mac
- FUSE for Mac系統最佳化軟體Mac
- 訊息通知(Notification)系統最佳化
- Windows系統增強最佳化工具Windows
- MacBooster for Mac(Mac系統最佳化工具)Mac
- 系統清理最佳化工具:AweCleaner for MacMac
- 系統最佳化例項一則
- 最佳化linux系統硬碟(轉)Linux硬碟
- Linux通用系統最佳化(轉)Linux
- 微課sql最佳化(1)、基礎概念介紹SQL
- 網站單頁面的最佳化秘籍【基礎篇】網站
- 微軟核心基礎架構最佳化CIO(轉載)微軟架構
- 探索Terraform實踐:最佳化基礎設施管理ORM
- iOS開發基礎143-效能最佳化iOS
- 資深Oracle最佳化工程師常用的34個指令碼彙總(附下載)Oracle工程師指令碼
- c#動態執行字串指令碼(最佳化版)C#字串指令碼
- CentOS7.5安裝PostgreSQL作業系統配置指令碼CentOSSQL作業系統指令碼
- UNITY指令碼基礎感悟:速度;Unity指令碼
- 指令碼迴圈基礎(2)指令碼