CentOS6.7 optimization Scheme

Last Update:2016-05-22 Source: Internet

Author: User

Tags rsyslog aliyun egrep

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

recently the company upgraded the server system to CentOS6.7 , and carefully made a set of system optimization plan

CentOS Optimized

Configuring the NIC
Modify Host Name
Turn off SELinux and empty the firewall
Create a new normal user and Visudo authorization
Change Yum source to install common software
Timed tasks, timed update time
Thin Boot Startup items
Timed tasks automatically cleans up/var/spool/maildrop/directory junk files to prevent inode fills up
Change the SSH service port to prevent the root user from connecting remotely
Lock critical file Systems
resizing file descriptors
Adjust the character set so that it supports Chinese
Removal of screen display before system and kernel version login
Kernel parameter optimization

1 , configure the network card (this is the clone machine, so delete UUID and the MAC )

vim/etc/sysconfig/network-scripts/ifcfg-eth0device=ethtype=ethernetonboot=yesnm_controlled=yesbootproto= noneipv6init=nouserctl=noipaddr=10.0.0.100gateway=10.0.0.2dns2=223.5.5.5dns1=10.0.0.2netmask=255.255.255.0 VIM/ etc/sysconfig/network-scripts/ifcfg-eth1device=eth0type=ethernetonboot=yesnm_controlled=yesbootproto= noneipv6init=nouserctl=noipaddr=10.0.0.100gateway=10.0.0.2dns2=223.5.5.5dns1=10.0.0.2netmask=255.255.255.0

Restart the Nic eth1

Ifdown eth1&&ifup eth1/etc/init.d/network Restart

Echo ' >/etc/udev/rules.d/70-persistent-net.rules ' >>/etc/rc.local

Hostname Zhang (temporarily modified) vim/etc/sysconfig/network

3 , check DNS

Ali Server

223.5.5.5vim/etc/resolv.conf

(priority boot set in NIC configuration file)

4 , close SELinux

Sed-i ' s#selinux=enforcing#selinux=disabled#g '/etc/selinux/configgrep selinux=disabled/etc/selinux/ Configsetenforce 0getenforce

Empty the firewall

Iptables-f

Iptables-l 1>>~/install.ok 2>>install.bug

/etc/init.d/iptables Save

5 , create a new normal user, and Visudo Authorized

Useradd zhangid zhangecho ' 123456 ' |passwd--stdin Zhangecho ' Zhang All= (all) Nopasswd:all ' >>/ETC/SUDOERSV Isudo-c

6 change yum source

 backup native Yum Source Method 1: Configure the installation source configuration file yourself and upload it to Linux Law 2: Configure the Yum installation source profile with the mirror site mv /etc/ yum.repos.d/centos-base.repo /etc/yum.repos.d/centos-base.repo.f1.orils /etc/yum.repos.d/ centos-base.repo.f1.ori  1>>~/install.ok 2>>install.bugyum makecachewget  -o /etc/yum.repos.d/centos-base.repo http://mirrors.aliyun.com/repo/centos-6.repoyum install  lrzsz tree sysstat -yrpm -qa lrzsz tree nmap sysstat   1>>~/install.ok 2>>install.bugsysstat    is a tool for detecting system performance and efficiency   Dos2unix convert DOS formatted text to UNIX format nmap       network scan and host detection grep        Filter discoloration (for experimental use) echo  ' grep= "Grep --color=auto" '  >>/etc/profile. /etc/profilegrep   ' grep= ' Grep --color=auto '  /etc/profile  1>>~/install.ok 2>> Install.bug

7 , Scheduled Tasks, timing update Time

Echo ' */5 * * * * */usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1 ' >>/var/spool/cron/rootcrontab-l 1> ; >~/install.ok 2>>install.bug

8 , thin boot Startup items

For n in ' chkconfig--list|grep "3:on" |awk ' {print '} '; Do chkconfig $n off; Done Chkconfig--list|egrep ' crond|network|rsyslog|sshd|sysstat ' |awk ' {print ' chkconfig ' $ ' on '} ' |bashchkconfig--li St|grep "3:on" 1>>~/install.ok 2>>install.bug

Mkdir/server/scripts-pls-l/server/scripts/1>>~/install.ok 2>>install.bug

Echo ' #bin bash find/var/spool/postfix/maildrop-type f|xargs rm-f ' >/server/scripts/clean_mail.shcat/server/ scripts/clean_mail.sh 1>>~/install.ok 2>>install.bugecho ' #clean/var/spool/postfix/maildrop 00 00 * * */ Bin/sh/server/scripts/clean_mail.sh ' >>/var/spool/cron/rootcrontab-l 1>>~/install.ok 2>> Install.bug

Ten , Change SSH service port, disable Root User remote Connection

Cp/etc/ssh/sshd_config{,f1.ori}ls/etc/ssh/sshd_config.f1.ori 1>>~/install.ok 2>>install.bugsed-ir ' 13 Iport 52113\npermitrootlogin no\npermitemptypasswords no\nusedns no\ngssapiauthentication No '/etc/ssh/sshd_ Configsed-n 13,17p/etc/ssh/sshd_config 1>>~/install.ok 2>>install.bug

One , locking critical file systems

Chattr +i/etc/passwdchattr +i/etc/inittabchattr +i/etc/groupchattr +i/etc/shadowchattr +i/etc/gshadowlsattr +i/etc/p ASSWD 1>>~/install.ok 2>>install.buglsattr +i/etc/inittab 1>>~/install.ok 2>> Install.buglsattr +i/etc/group 1>>~/install.ok 2>>install.buglsattr +i/etc/shadow 1>>~/install.ok 2>>install.buglsattr +i/etc/gshadow 1>>~/install.ok 2>>install.bug

Use chattr after the command, we need to rename it for security.

/bin/mv/usr/bin/chattr/usr/bin/#任意名称

- , adjust the character set so that it supports Chinese

Sed-i ' s#lang= ' en_US. UTF-8 "#LANG =" zh_cn. GB18030 "# '/etc/sysconfig/i18nsource/etc/sysconfig/i18n

- , remove system and kernel version before login screen display

>/etc/issue>/etc/redhat-release

old boy - period Zhang Zeng finishing release.

here to thank the old boy teacher's teachings .

One-click execution optimization

echo  ' ###### #克隆机清空文件 ##### '  1>>~/install.ok 2>>install.bugecho  ' >/etc/udev/ Rules.d/70-persistent-net.rules '  >>/etc/rc.local tail -1 /etc/rc.local 1> >~/install.ok 2>>install.bugecho  ' ###### #修改主机名 ##### '  1>>~/install.ok 2> >install.bughostname zhangsed -i  ' s#hostname=.* #HOSTNAME =zhang#g '  /etc/sysconfig/ networkcat /etc/sysconfig/network 1>>~/install.ok 2>>install.bugecho  ' ####### Close selinux##### '  1>>~/install.ok 2>>install.bugsed -i  ' s#selinux=enforcing# Selinux=disabled#g '  /etc/selinux/configgrep SELINUX=disabled /etc/selinux/config 1>> ~/install.ok 2>>install.bugsetenforce 0getenforce 1>>~/install.ok 2>> install.bugecho  ' ###### #关闭selinux ##### '  1>>~/install.ok 2>>install.bugiptables  -fiptables -l 1>>~/install.ok 2>>install.bug/etc/init.d/iptables saveecho  ' ###### #新建用户sudo授权 ##### '  1>>~/install.ok 2>>install.buguseradd zhangid zhang 1>>~/ install.ok 2>>install.bugecho  ' 123456 ' |passwd --stdin zhangecho  ' zhang     all= (All)        nopasswd: all '  >>/etc/ sudoersvisudo -c 1>>~/install.ok 2>>install.bugecho  ' ###### #更改yum源安装常用软件 ##### '  1>>~/install.ok 2>>install.bugmv /etc/yum.repos.d/centos-base.repo /etc/ Yum.repos.d/centos-base.repo.backupls /etc/yum.repos.d/centos-base.repo.backup 1>>~/install.ok  2>>install.bugwget -o /etc/yum.repos.d/centos-base.repo http://mirrors.aliyun.com/ Repo/centos-6.repoyum install lrzsz tree sysstat -yrpm -qa lrzsz tree  nmap sysstat  1>>~/install.ok 2>>install.bugecho  ' ###### #grep变色 ##### '  1>>~/install.ok  2>>install.bugecho  ' grep= "Grep --color=auto" '  >>/etc/profile. /etc/profilegrep   ' grep= ' Grep --color=auto '  /etc/profile  1>>~/install.ok 2>> install.bugecho  ' ###### #定时更新时间 ##### '  1>>~/install.ok 2>>install.bugecho  ' */5  * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1 '  >>/var/spool/cron/rootcrontab -l 1>>~/install.ok 2>>install.bugecho   ' ###### #精简开机启动项 ##### '  1>>~/install.ok 2>>install.bugfor n in  ' chkconfig --list|grep  "3:on" |awk  ' {print $1} '; do chkconfig  $n  off;  done      chkconfig --list|egrep  ' crond|network|rsyslog|sshd| Sysstat ' |awk  ' {print  "chkconfig  "$"  on "} ' |bashchkconfig --list|grep " 3:on " 1>>~/install.ok 2> >install.bugecho  ' ###### #清理临时邮件队列 ##### '  1>>~/install.ok 2>>install.bugmkdir  /server/scripts -pls -l /server/scripts/ 1>>~/install.ok 2>> install.bugecho  ' #bin  bash find /var/spool/postfix/maildrop -type f|xargs  Rm -f '  >/server/scripts/clean_mail.shcat /server/scripts/clean_mail.sh 1>>~/ install.ok 2>>install.bugecho  ' #clean  /var/spool/postfix/maildrop 00 00 *  * * /bin/sh /server/scripts/clean_mail.sh '  >>/var/spool/cron/rootcrontab  -l 1>>~/install.ok 2>>install.bugcp /etc/ssh/sshd_config{,.f1.ori}ls /etc/ssh/ sshd_config.f1.ori 1>>~/install.ok 2>>install.bugecho  ' ###### #ssh安全 ##### '  1 >>~/install.ok 2>>install.bugsed -ir  ' 13 iport 52113\npermitrootlogin no\npermitemptypasswords  No\nusedns no\ngssapiauthentication no '  /etc/ssh/sshd_configsed -n 13,17p /etc/ ssh/sshd_config 1>>~/install.ok 2>>install.bugecho  ' ###### #锁定重要文件 ##### '  1> >~/install.ok 2>>install.bugchattr +i /etc/passwdchattr +i /etc/ Inittabchattr +i /etc/groupchattr +i /etc/shadowchattr +i /etc/gshadowlsattr  +i /etc/passwd 1>>~/install.ok 2>>install.buglsattr +i /etc/inittab  1>>~/install.ok 2>>install.buglsattr +i /etc/group 1>>~/install.ok  2>>install.buglsattr +i /etc/shadow 1>>~/install.ok 2>> install.buglsattr +i /etc/gshadow 1>>~/install.ok 2>>install.bugecho  ' # # # # # # #清空内核系统名 ##### '  1>>~/instalL.ok 2>>install.bug>/etc/issue>/etc/redhat-release

This article is from "How to say?" "Blog, be sure to keep this provenance http://834148284.blog.51cto.com/10222692/1775786

CentOS6.7 optimization Scheme

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More