Linux System Foundation Optimization Script--What you must do when you install the OS

Last Update:2015-08-26 Source: Internet

Author: User

Tags rsyslog

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

#!/bin/sh## #open  iptables service, allow this ports access 80, 3307,  21### #function  firewall ()  {        service  iptables start        for port in 21 80  3307           do                  iptables -I INPUT 5   -m state --state NEW -m tcp -p tcp --dport  $Port  -j  ACCEPT          done         /etc/init.d/iptables save}## #disable  selinux service## #function  safety ()  {        /usr/sbin/setenforce 0         sed -i  ' s/^selinux=enforcing/selinux=disabled/'  /etc/sysconfig/selinux}## #edit  os runlevel,  3 - full multiuser mode## #function  runlevel ()  {         sed -i  ' s/^id:[0-9]:initdefault:/id:3:initdefault:/'  /etc/inittab}### Thin systrv, initation system open this service: crond, iptables,  network, sshd, rsyslog### #function &NBSP;SYSTRV ()  {         srv_list= ' chkconfig --list|grep 3:on| awk  ' {print $1} '          for i in  $SRV _list           do                  chkconfig --level 3  $i  off        done         for j in crond iptables network sshd rsyslog           do                 chkconfig --level 3  $j  on         done}## #add  common user zkyw as operation account### Function adduser () &NBSP;{&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;/USR/SBIN/USERADD&NBSP;ZKYW         echo  "[email protected]"  | passwd  zkyw --stdin}## #Optimization  ssh service, alter default port 22,  disable root login##### #function  myssh ()  {         sed -i  ' s/^ #Port  22/port 16182/'  /etc/ssh/sshd_config   #alter  ssh  default port 16182        sed -i  ' S/^permitrootlogin yes/permitrootlogin no /'  /etc/ssh/sshd_config        sed -i  ' s/^# permitemptypasswords no/permitemptypasswords no/'  /etc/ssh/sshd_config         sed -i  ' s/^ #MaxAuthTries  6/maxauthtries 3/'  /etc/ssh/sshd_ config        sed -i  ' $aAllowUsers  zkyw '  /etc/ssh/ sshd_config   #allow  common user zkyw ssh login         /etc/init.d/sshd reload}## #clock  Synchronous with internet  time## #function  ntpclock ()  {        /usr/sbin/ntpdate  202.120.2.101        echo  "30 22 * * * / usr/sbin/ntpdate 202.120.2.101 " >> /var/spool/cron/root        /etc/init.d/crond  reload}## #lock  the key files including: passwd, group, Shadow, Gshadow, inittab#### #function  lockfile ()  {        for file in  passwd group shadow gshadow inittab           do                chattr  +i /etc/$file         done}## #alter  max nofile  and max user processes### #function  userlimit ()  {         sed -i  ' $a *  soft    nofile  65536\n*   hard    nofile  65536 '  /etc/security/limits.conf         sed -i  ' s/^/#/'  /etc/security/limits.d/90-nproc.conf         sed -i  ' $a *     soft    nproc    51200\nroot     soft    nproc   unlimited '  /etc/security/limits.d/90-nproc.conf}## #optimization  system kernel parameters,  including tcp/ip protocal, iptables and so on### #function  syskernel ()   {        cp /etc/sysctl.conf /etc/sysctl.conf.eri         modprobe bridge         (        cat << eofnet.ipv4.tcp_fin_timeout =  2net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_syncookies =  1net.ipv4.tcp_keepalive_time = 600net.ipv4.ip_local_port_range = 4000 65000net.ipv4.tcp_max_syn_backlog  = 16384net.ipv4.tcp_max_tw_buckets = 36000net.ipv4.route.gc_timeout = 100net.ipv4.tcp _syn_retries = 1net.ipv4.tcp_synack_retries = 1net.core.somaxconn =  16384net.core.netdev_max_backlog = 16384net.ipv4.tcp_max_orphans = 16384net.nf_conntrack_ Max = 25000000net.netfilter.nf_conntrack_max = 25000000net.netfilter.nf_conntrack_tcp_ timeout_established = 180net.netfilter.nf_conntrack_tcp_timeout_time_wait =  120net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60net.netfilter.nf_conntrack_tcp_timeout_fin_ wait = 120eof        )  >> /etc/sysctl.conf         /sbin/sysctl -p  >/dev/null 2>&1 }## #delete  some of no great importance users and groups### #function  cleanusers ()  {         for user in adm lp sync shutdown halt  uucp operator games gopher ftp           do                /usr/sbin/ userdel  $user         done         for gp in adm lp dip           do                 /usr/sbin/groupdel  $gp         done}echo  "iptables  Optimization starting ... "firewallecho " selinux disabled starting ... "safetyecho " Runlevel optimization starTing ... "runlevelecho " system init service optimization starting ... "systrvecho " Add zkyw common account starting ... "adduserecho " ssh service optimization  starting ... "mysshecho " clock synchronous optimization starting ... "ntpclockecho  "Max nofile and user processes optimization starting ..." userlimitecho  " System kernel parameters optimization starting ... "Syskernel

This article is from the "Qing Feng to the Wind" blog, please be sure to keep this source http://crazy123.blog.51cto.com/1029610/1688186

Linux System Foundation Optimization Script--What you must do when you install the OS

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More