recently the company upgraded the server system to CentOS6.7 , and carefully made a set of system optimization plan
CentOS Optimized
Configuring the NIC
Modify Host Name
Turn off SELinux and empty the firewall
Create a new normal user and Visudo authorization
Change Yum source to install common software
Timed tasks, timed update time
Thin Boot Startup items
Timed tasks automatically cleans up/var/spool/maildrop/directory junk files to prevent inode fills up
Change the SSH service port to prevent the root user from connecting remotely
Lock critical file Systems
resizing file descriptors
Adjust the character set so that it supports Chinese
Removal of screen display before system and kernel version login
Kernel parameter optimization
1 , configure the network card (this is the clone machine, so delete UUID and the MAC )
vim/etc/sysconfig/network-scripts/ifcfg-eth0device=ethtype=ethernetonboot=yesnm_controlled=yesbootproto= noneipv6init=nouserctl=noipaddr=10.0.0.100gateway=10.0.0.2dns2=223.5.5.5dns1=10.0.0.2netmask=255.255.255.0 VIM/ etc/sysconfig/network-scripts/ifcfg-eth1device=eth0type=ethernetonboot=yesnm_controlled=yesbootproto= noneipv6init=nouserctl=noipaddr=10.0.0.100gateway=10.0.0.2dns2=223.5.5.5dns1=10.0.0.2netmask=255.255.255.0
Restart the Nic eth1
Ifdown eth1&&ifup eth1/etc/init.d/network Restart
Echo ' >/etc/udev/rules.d/70-persistent-net.rules ' >>/etc/rc.local
Hostname Zhang (temporarily modified) vim/etc/sysconfig/network
3 , check DNS
Ali Server
223.5.5.5vim/etc/resolv.conf
(priority boot set in NIC configuration file)
4 , close SELinux
Sed-i ' s#selinux=enforcing#selinux=disabled#g '/etc/selinux/configgrep selinux=disabled/etc/selinux/ Configsetenforce 0getenforce
Empty the firewall
Iptables-f
Iptables-l 1>>~/install.ok 2>>install.bug
/etc/init.d/iptables Save
5 , create a new normal user, and Visudo Authorized
Useradd zhangid zhangecho ' 123456 ' |passwd--stdin Zhangecho ' Zhang All= (all) Nopasswd:all ' >>/ETC/SUDOERSV Isudo-c
6 change yum source
backup native Yum Source Method 1: Configure the installation source configuration file yourself and upload it to Linux Law 2: Configure the Yum installation source profile with the mirror site mv /etc/ yum.repos.d/centos-base.repo /etc/yum.repos.d/centos-base.repo.f1.orils /etc/yum.repos.d/ centos-base.repo.f1.ori 1>>~/install.ok 2>>install.bugyum makecachewget -o /etc/yum.repos.d/centos-base.repo http://mirrors.aliyun.com/repo/centos-6.repoyum install lrzsz tree sysstat -yrpm -qa lrzsz tree nmap sysstat 1>>~/install.ok 2>>install.bugsysstat is a tool for detecting system performance and efficiency Dos2unix convert DOS formatted text to UNIX format nmap network scan and host detection grep Filter discoloration (for experimental use) echo ' grep= "Grep --color=auto" ' >>/etc/profile. /etc/profilegrep ' grep= ' Grep --color=auto ' /etc/profile 1>>~/install.ok 2>> Install.bug
7 , Scheduled Tasks, timing update Time
Echo ' */5 * * * * */usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1 ' >>/var/spool/cron/rootcrontab-l 1> ; >~/install.ok 2>>install.bug
8 , thin boot Startup items
For n in ' chkconfig--list|grep "3:on" |awk ' {print '} '; Do chkconfig $n off; Done Chkconfig--list|egrep ' crond|network|rsyslog|sshd|sysstat ' |awk ' {print ' chkconfig ' $ ' on '} ' |bashchkconfig--li St|grep "3:on" 1>>~/install.ok 2>>install.bug
Mkdir/server/scripts-pls-l/server/scripts/1>>~/install.ok 2>>install.bug
Echo ' #bin bash find/var/spool/postfix/maildrop-type f|xargs rm-f ' >/server/scripts/clean_mail.shcat/server/ scripts/clean_mail.sh 1>>~/install.ok 2>>install.bugecho ' #clean/var/spool/postfix/maildrop 00 00 * * */ Bin/sh/server/scripts/clean_mail.sh ' >>/var/spool/cron/rootcrontab-l 1>>~/install.ok 2>> Install.bug
Ten , Change SSH service port, disable Root User remote Connection
Cp/etc/ssh/sshd_config{,f1.ori}ls/etc/ssh/sshd_config.f1.ori 1>>~/install.ok 2>>install.bugsed-ir ' 13 Iport 52113\npermitrootlogin no\npermitemptypasswords no\nusedns no\ngssapiauthentication No '/etc/ssh/sshd_ Configsed-n 13,17p/etc/ssh/sshd_config 1>>~/install.ok 2>>install.bug
One , locking critical file systems
Chattr +i/etc/passwdchattr +i/etc/inittabchattr +i/etc/groupchattr +i/etc/shadowchattr +i/etc/gshadowlsattr +i/etc/p ASSWD 1>>~/install.ok 2>>install.buglsattr +i/etc/inittab 1>>~/install.ok 2>> Install.buglsattr +i/etc/group 1>>~/install.ok 2>>install.buglsattr +i/etc/shadow 1>>~/install.ok 2>>install.buglsattr +i/etc/gshadow 1>>~/install.ok 2>>install.bug
Use chattr after the command, we need to rename it for security.
/bin/mv/usr/bin/chattr/usr/bin/#任意名称
- , adjust the character set so that it supports Chinese
Sed-i ' s#lang= ' en_US. UTF-8 "#LANG =" zh_cn. GB18030 "# '/etc/sysconfig/i18nsource/etc/sysconfig/i18n
- , remove system and kernel version before login screen display
>/etc/issue>/etc/redhat-release
old boy - period Zhang Zeng finishing release.
here to thank the old boy teacher's teachings .
One-click execution optimization
echo ' ###### #克隆机清空文件 ##### ' 1>>~/install.ok 2>>install.bugecho ' >/etc/udev/ Rules.d/70-persistent-net.rules ' >>/etc/rc.local tail -1 /etc/rc.local 1> >~/install.ok 2>>install.bugecho ' ###### #修改主机名 ##### ' 1>>~/install.ok 2> >install.bughostname zhangsed -i ' s#hostname=.* #HOSTNAME =zhang#g ' /etc/sysconfig/ networkcat /etc/sysconfig/network 1>>~/install.ok 2>>install.bugecho ' ####### Close selinux##### ' 1>>~/install.ok 2>>install.bugsed -i ' s#selinux=enforcing# Selinux=disabled#g ' /etc/selinux/configgrep SELINUX=disabled /etc/selinux/config 1>> ~/install.ok 2>>install.bugsetenforce 0getenforce 1>>~/install.ok 2>> install.bugecho ' ###### #关闭selinux ##### ' 1>>~/install.ok 2>>install.bugiptables -fiptables -l 1>>~/install.ok 2>>install.bug/etc/init.d/iptables saveecho ' ###### #新建用户sudo授权 ##### ' 1>>~/install.ok 2>>install.buguseradd zhangid zhang 1>>~/ install.ok 2>>install.bugecho ' 123456 ' |passwd --stdin zhangecho ' zhang all= (All) nopasswd: all ' >>/etc/ sudoersvisudo -c 1>>~/install.ok 2>>install.bugecho ' ###### #更改yum源安装常用软件 ##### ' 1>>~/install.ok 2>>install.bugmv /etc/yum.repos.d/centos-base.repo /etc/ Yum.repos.d/centos-base.repo.backupls /etc/yum.repos.d/centos-base.repo.backup 1>>~/install.ok 2>>install.bugwget -o /etc/yum.repos.d/centos-base.repo http://mirrors.aliyun.com/ Repo/centos-6.repoyum install lrzsz tree sysstat -yrpm -qa lrzsz tree nmap sysstat 1>>~/install.ok 2>>install.bugecho ' ###### #grep变色 ##### ' 1>>~/install.ok 2>>install.bugecho ' grep= "Grep --color=auto" ' >>/etc/profile. /etc/profilegrep ' grep= ' Grep --color=auto ' /etc/profile 1>>~/install.ok 2>> install.bugecho ' ###### #定时更新时间 ##### ' 1>>~/install.ok 2>>install.bugecho ' */5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1 ' >>/var/spool/cron/rootcrontab -l 1>>~/install.ok 2>>install.bugecho ' ###### #精简开机启动项 ##### ' 1>>~/install.ok 2>>install.bugfor n in ' chkconfig --list|grep "3:on" |awk ' {print $1} '; do chkconfig $n off; done chkconfig --list|egrep ' crond|network|rsyslog|sshd| Sysstat ' |awk ' {print "chkconfig "$" on "} ' |bashchkconfig --list|grep " 3:on " 1>>~/install.ok 2> >install.bugecho ' ###### #清理临时邮件队列 ##### ' 1>>~/install.ok 2>>install.bugmkdir /server/scripts -pls -l /server/scripts/ 1>>~/install.ok 2>> install.bugecho ' #bin bash find /var/spool/postfix/maildrop -type f|xargs Rm -f ' >/server/scripts/clean_mail.shcat /server/scripts/clean_mail.sh 1>>~/ install.ok 2>>install.bugecho ' #clean /var/spool/postfix/maildrop 00 00 * * * /bin/sh /server/scripts/clean_mail.sh ' >>/var/spool/cron/rootcrontab -l 1>>~/install.ok 2>>install.bugcp /etc/ssh/sshd_config{,.f1.ori}ls /etc/ssh/ sshd_config.f1.ori 1>>~/install.ok 2>>install.bugecho ' ###### #ssh安全 ##### ' 1 >>~/install.ok 2>>install.bugsed -ir ' 13 iport 52113\npermitrootlogin no\npermitemptypasswords No\nusedns no\ngssapiauthentication no ' /etc/ssh/sshd_configsed -n 13,17p /etc/ ssh/sshd_config 1>>~/install.ok 2>>install.bugecho ' ###### #锁定重要文件 ##### ' 1> >~/install.ok 2>>install.bugchattr +i /etc/passwdchattr +i /etc/ Inittabchattr +i /etc/groupchattr +i /etc/shadowchattr +i /etc/gshadowlsattr +i /etc/passwd 1>>~/install.ok 2>>install.buglsattr +i /etc/inittab 1>>~/install.ok 2>>install.buglsattr +i /etc/group 1>>~/install.ok 2>>install.buglsattr +i /etc/shadow 1>>~/install.ok 2>> install.buglsattr +i /etc/gshadow 1>>~/install.ok 2>>install.bugecho ' # # # # # # #清空内核系统名 ##### ' 1>>~/instalL.ok 2>>install.bug>/etc/issue>/etc/redhat-release
This article is from "How to say?" "Blog, be sure to keep this provenance http://834148284.blog.51cto.com/10222692/1775786
CentOS6.7 optimization Scheme