centos7.2 System Basic Optimization

The system is 7.2-1511, the basic optimization after the installation is complete.

650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0003.gif "alt=" J_0003.gif "/>

1 modifying the NIC to Eth0

2 Updating the system

3 Adding Execute permissions to/etc/rc.local

4 Add User Hequan

5 disabling SELinux

6 shutting down the firewall installation iptables

7 Modifying host Names

8 Viewing and managing services

9 Setting the character set

Ten Yum

11 Configuring SSHD

12 increase the limit on the number of open files

13 Optimizing the Kernel

Set up between 14 o'clock

1 modifying the NIC to Eth0

cd  /etc/sysconfig/network-scripts/vim  ifcfg-eno16777729type=ethernetbootproto=staticipaddr=192.168.1.201netmask=255.255.255.0gateway= 192.168.1.1defroute=yespeerdns=yespeerroutes=yesipv4_failure_fatal=noname=eth0uuid= efd17b9a-a5ab-4c94-be62-d2c32eb48a7edevice=eth0onboot=yesdns1=202.106.0.20 

mv  ifcfg-eno16777729  ifcfg-eth0vi  /etc/ Sysconfig/grubgrub_timeout=5grub_distributor= "$ (sed  ' s, release .*$,,g '  /etc/ system-release) "grub_default=savedgrub_disable_submenu=truegrub_terminal_output=" Console "GRUB_CMDLINE_LINUX=" Net.ifnames=0  biosdevname=0 rhgb quiet "       #添加   Net.ifnames=0 biosdevname=0grub_disable_recovery= "true" grub2-mkconfig -o /boot/grub2/grub.cfg        #生成启动菜单Generating  grub configuration file , ..... found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64found initrd image: /boot/ initramfs-3.10.0-327.el7.x86_64.imgfound linux image: /boot/ vmlinuz-0-rescue-e8675ae79abd41309dac42388f8d9116found initrd image: /boot/ Initramfs-0-rescue-e8675ae79abd41309dac42388f8d9116.imgreboot 

IP addr or yum install Net-tools #默认centos7不支持ifconfig need to see Net-tools package ifconfig eth0 #在次查看网卡信息

2 Updating the system

Yum Update-y

3 Adding Execute permissions to/etc/rc.local

[Email protected] ~]# ll/etc/rc.locallrwxrwxrwx. 1 root root 6 07:28/etc/rc.local, Rc.d/rc.local[[email protected] ~]# ll/etc/rc.d/rc.local-rw-r--r--. 1 root root 473 may 2016/etc/rc.d/rc.local[[email protected] ~]# chmod +x/etc/rc.d/rc.local

4 Add User Hequan

[[email protected] ~]# useradd hequan[[email protected] ~]# echo  123456 | passwd  --stdin  hequanchanging password for user  Hequan.passwd: all authentication tokens updated successfully. [[email protected] ~]# usermod -g wheel  hequan[[email protected]  ~]# sed -i  ' 6s/^#//g '   /etc/pam.d/su[[email protected] ~]# grep  wheel  /etc/pam.d/su                   #只有WHEEL组的可以su # uncomment the following line to  implicitly trust users in the  "Wheel"  group. #auth             sufficient      pam_wheel.so trust  use_uid# uncomment the following line to require a user to be in the  "Wheel"  group.auth             required         pam_wheel.so use_uid

Extension: Add sudo for the user Hequan, except for all other operations that are off the computer:

[Email protected] ~]# Visudocmnd_alias SHUTDOWN =/sbin/halt,/sbin/shutdown,/sbin/poweroff,/sbin/reboot,/sbin/ Inithequan all= (All) all,! Shutdown%wheel all= (All) all,! SHUTDOWN #修改Defaults Logfile=/var/log/sudo.log

5 disabling SELinux

[Email protected] ~]# grep-i ^selinux/etc/selinux/configselinux=enforcingselinuxtype=targeted[[email protected] ~]# Sed-i '/^selinux/s/enforcing/disabled/g '/etc/selinux/config[[email protected] ~]# grep-i ^selinux/etc/selinux/con Figselinux=disabledselinuxtype=targeted[[email protected] ~]# getenforceenforcing[[email protected] ~]# reboot

6 shutting down the firewall installation iptables

Systemctl Stop firwalld systemctl disable firwalld yum install iptables-services-y #安装

7 Modifying host Names

[Email protected] ~]# hostnamectl set-hostname hequan.com[[email protected] ~]# hostnamehequan.com

8 Viewing and managing services

[[email protected] ~]# systemctl-t service[[email protected] ~]# systemctl list-unit-files-t Service

9 Setting the character set

[Email protected] ~]# echo $LANGzh _cn. Utf-8[[email protected] ~]# vi/etc/locale.conflang= "en_US. UTF-8 "[[email protected] ~]# source/etc/locale.conf

Ten Yum

Yum install gcc cmake bzip2-devel curl-devel db4-devel libjpeg-devel libpng-devel freetype-devel libxpm-devel gmp-devel li Bc-client-devel openldap-devel unixodbc-devel postgresql-devel sqlite-devel aspell-devel net-snmp-devel libxslt-devel Libxml2-devel pcre-devel mysql-devel pspell-devel libmemcached libmemcached-devel zlib-devel vim wget lrzsz Tree

Mv/etc/yum.repos.d/centos-base.repo/etc/yum.repos.d/centos-base.repo.backupcd/etc/yum.repos.d/wget/HTTP Mirrors.163.com/.help/centos7-base-163.repoyum Clean Allyum Makecache

Other

yum -y install yum-plugin-priorities   ## Install priority plug-in sed -i -e  "s/\]$/\]\npriority=1/g"  /etc/yum.repos.d/centos-base.repo  ## Set the priority for the basic Yum source to 1yum -y install epel-release   # #安装epel源sed  -i -e  s /\]$/\]\npriority=5/g " /etc/yum.repos.d/epel.repo # #设置优先级为5sed  -i -e " s/enabled=1/ Enabled=0/g " /etc/yum.repos.d/epel.repo # #禁用epel源yum  -y install http:// pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm # #安装rpmforge的源sed  -i  -e  "s/\]$/\]\npriority=10/g"  /etc/yum.repos.d/rpmforge.repo  # #设置优先级为10sed  -i  -e  "S/enabled = 1/enabled = 0/g"  /etc/yum.repos.d/rpmforge.repo ## How to disable Yum Source usage: yum --enablerepo=rpmforge install [package] 

11 Configuring sshd

sed -i -e  ' 49s/^#//g '  /etc/ssh/sshd_config             # #启用49行配置sed  -i -e  ' 49s/yes/no/g '  /etc/ssh/sshd_config          # #禁止root使用ssh登录sed  -i -e  ' 129s/#/ /g '  /etc/ ssh/sshd_config           # #禁止UseDNS  sed -i  -e  ' 129s/yes$/no/g '  /etc/ssh/sshd_configsed -i  '/^gss/s/yes/no/g '  /etc/ssh/sshd _config        # #禁用GSSAPI认证加快登录速度systemctl  restart sshd                                  # #重新启动服务systemctl   enable sshd                                  # #设置为开机启动systemctl   status sshd                                  ## View status  sshd.service - OpenSSH server daemon   Loaded: loaded  (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)     active: active  (running)  since  a  2016-06-06 00:16:26 cst; 1min 3s  ago

12 increase the limit on the number of open files

Ulimit-nulimit-avi/etc/security/limits.conf last Add * soft nofile 1024000* hard nofile 1024000hive-nofile 1024000hive -Nproc 1024000 user process limit [[email protected] ~]# sed-i ' s#4096#65535#g '/etc/security/limits.d/20-nproc.conf #加大普通用户限制 can also     To Unlimited[[email protected] ~]# egrep-v "^$|^#"/etc/security/limits.d/20-nproc.conf * Soft Nproc 65535root Soft Nproc Unlimitedreboot

13 Optimizing kernel

CAT /ETC/SYSCTL.CONF#CTCDN System Optimization Parameters # Close ipv6net.ipv6.conf.all.disable_ipv6 =  1net.ipv6.conf.default.disable_ipv6 = 1# decided to check how long the neighbor entry net.ipv4.neigh.default.gc_stale_time=120# use Arp_ Announce / arp_ignore Resolving ARP mapping problems net.ipv4.conf.default.arp_announce = 2net.ipv4.conf.all.arp_ announce=2net.ipv4.conf.lo.arp_announce=2#  Avoid amplification attacks net.ipv4.icmp_echo_ignore_broadcasts = 1#   Turn on malicious ICMP error message protection net.ipv4.icmp_ignore_bogus_error_responses = 1# turn off route forwarding net.ipv4.ip_forward =  0net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0# Turn on reverse path filtering net.ipv4.conf.all.rp_filter = 1net.ipv4.conf.default.rp_filter = 1# Package net.ipv4.conf.all.accept_source_route = 0net.ipv4.conf.default.accept_source_route = for handling passive routes  0# off SysRq function kernel.sysrq = 0#core add PID as extension in file name kernel.core_uses_pid = 1#  Open SYN Flood attack protection net.ipv4.tcp_syncookies = 1# Modify Message Queue Length kernel.msgmnb = 65536kernel.msgmax = 65536# set maximum memory share segment size byteskernel.shmmax =  Number of 68719476736kernel.shmall = 4294967296#timewait, default 180000net.ipv4.tcp_max_tw_buckets =  6000net.ipv4.tcp_sack = 1net.ipv4.tcp_window_scaling = 1net.ipv4.tcp_rmem = 4096         87380   4194304net.ipv4.tcp_wmem =  4096        16384   4194304net.core.wmem_default =  8388608net.core.rmem_default = 8388608net.core.rmem_max = 16777216net.core.wmem_max  = 16777216# the maximum number of packets that are allowed to be sent to the queue when the rate at which each network interface receives packets is faster than the rate at which the kernel processes these packets net.core.netdev_max_backlog =  The 262144# limit is only intended to prevent a simple dos  attack net.ipv4.tcp_max_orphans = 3276800# The maximum number of connection requests that do not receive client acknowledgement information Net.ipv4.tcp_max The _syn_backlog = 262144net.ipv4.tcp_timestamps = 0# kernel discards the number of synack  packets sent before the connection is established NET.IPV4.TCP_ synack_retries = 1# the kernel abandons the connection before it is establishedNumber of syn  packets sent net.ipv4.tcp_syn_retries = 1# enable timewait  Quick Recycle net.ipv4.tcp_tw_recycle =  # Open Reuse. Allows time-wait sockets  to be re-used for new tcp  connections net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_mem =  94500000 915000000 927000000net.ipv4.tcp_fin_timeout = 1# when keepalive  is employed, the TCP   Frequency of sending keepalive  messages. The default is 2  hours net.ipv4.tcp_keepalive_time = 1800net.ipv4.tcp_keepalive_probes =  3net.ipv4.tcp_keepalive_intvl = 15# allows the system to open the port range net.ipv4.ip_local_port_range = 1024     65000# Modify firewall table size, default 65536net.netfilter.nf_conntrack_max=655350net.netfilter.nf_conntrack_tcp_ timeout_established=1200#  ensures that no one can modify the routing table net.ipv4.conf.all.accept_redirects =  0net.ipv4.conf.default.accept_redirects = 0net.ipv4.conf.all.secure_redirects =  0net.ipv4.conf.default.secure_redirects = 0 This article is from   "Lanzhi"   blog, be sure to keep this source http://7826443. Blog.51cto.com/7816443/1775248sysctl -p   #生效 

Set up between 14 o'clock

Yum Install CHRONYVI/ETC/CHRONY.CONF1 server 0.CENTOS.POOL.NTP.ORG2 server 3.europe.pool.ntp.orgsystemctl enable Chronyd.servicesystemctl start chronyd.servicetimedatectl set-timezone asia/shanghaitimedatectl set-time "2015-01-21 11:50:00 "(can only modify one of them) modified date time Timedatectl view time status Chronyc sources-v view time synchronization source Chronyc sourcestats-v

This article is from the "what-all" blog, please be sure to keep this source http://hequan.blog.51cto.com/5701886/1789146

centos7.2 System Basic Optimization