#!/bin/sh## #open iptables service, allow this ports access 80, 3307, 21### #function firewall () { service iptables start for port in 21 80 3307 do iptables -I INPUT 5 -m state --state NEW -m tcp -p tcp --dport $Port -j ACCEPT done /etc/init.d/iptables save}## #disable selinux service## #function safety () { /usr/sbin/setenforce 0 sed -i ' s/^selinux=enforcing/selinux=disabled/' /etc/sysconfig/selinux}## #edit os runlevel, 3 - full multiuser mode## #function runlevel () { sed -i ' s/^id:[0-9]:initdefault:/id:3:initdefault:/' /etc/inittab}### Thin systrv, initation system open this service: crond, iptables, network, sshd, rsyslog### #function &NBSP;SYSTRV () { srv_list= ' chkconfig --list|grep 3:on| awk ' {print $1} ' for i in $SRV _list do chkconfig --level 3 $i off done for j in crond iptables network sshd rsyslog do chkconfig --level 3 $j on done}## #add common user zkyw as operation account### Function adduser () &NBSP;{&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;/USR/SBIN/USERADD&NBSP;ZKYW echo "[email protected]" | passwd zkyw --stdin}## #Optimization ssh service, alter default port 22, disable root login##### #function myssh () { sed -i ' s/^ #Port 22/port 16182/' /etc/ssh/sshd_config #alter ssh default port 16182 sed -i ' S/^permitrootlogin yes/permitrootlogin no /' /etc/ssh/sshd_config sed -i ' s/^# permitemptypasswords no/permitemptypasswords no/' /etc/ssh/sshd_config sed -i ' s/^ #MaxAuthTries 6/maxauthtries 3/' /etc/ssh/sshd_ config sed -i ' $aAllowUsers zkyw ' /etc/ssh/ sshd_config #allow common user zkyw ssh login /etc/init.d/sshd reload}## #clock Synchronous with internet time## #function ntpclock () { /usr/sbin/ntpdate 202.120.2.101 echo "30 22 * * * / usr/sbin/ntpdate 202.120.2.101 " >> /var/spool/cron/root /etc/init.d/crond reload}## #lock the key files including: passwd, group, Shadow, Gshadow, inittab#### #function lockfile () { for file in passwd group shadow gshadow inittab do chattr +i /etc/$file done}## #alter max nofile and max user processes### #function userlimit () { sed -i ' $a * soft nofile 65536\n* hard nofile 65536 ' /etc/security/limits.conf sed -i ' s/^/#/' /etc/security/limits.d/90-nproc.conf sed -i ' $a * soft nproc 51200\nroot soft nproc unlimited ' /etc/security/limits.d/90-nproc.conf}## #optimization system kernel parameters, including tcp/ip protocal, iptables and so on### #function syskernel () { cp /etc/sysctl.conf /etc/sysctl.conf.eri modprobe bridge ( cat << eofnet.ipv4.tcp_fin_timeout = 2net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_syncookies = 1net.ipv4.tcp_keepalive_time = 600net.ipv4.ip_local_port_range = 4000 65000net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.tcp_max_tw_buckets = 36000net.ipv4.route.gc_timeout = 100net.ipv4.tcp _syn_retries = 1net.ipv4.tcp_synack_retries = 1net.core.somaxconn = 16384net.core.netdev_max_backlog = 16384net.ipv4.tcp_max_orphans = 16384net.nf_conntrack_ Max = 25000000net.netfilter.nf_conntrack_max = 25000000net.netfilter.nf_conntrack_tcp_ timeout_established = 180net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60net.netfilter.nf_conntrack_tcp_timeout_fin_ wait = 120eof ) >> /etc/sysctl.conf /sbin/sysctl -p >/dev/null 2>&1 }## #delete some of no great importance users and groups### #function cleanusers () { for user in adm lp sync shutdown halt uucp operator games gopher ftp do /usr/sbin/ userdel $user done for gp in adm lp dip do /usr/sbin/groupdel $gp done}echo "iptables Optimization starting ... "firewallecho " selinux disabled starting ... "safetyecho " Runlevel optimization starTing ... "runlevelecho " system init service optimization starting ... "systrvecho " Add zkyw common account starting ... "adduserecho " ssh service optimization starting ... "mysshecho " clock synchronous optimization starting ... "ntpclockecho "Max nofile and user processes optimization starting ..." userlimitecho " System kernel parameters optimization starting ... "Syskernel
This article is from the "Qing Feng to the Wind" blog, please be sure to keep this source http://crazy123.blog.51cto.com/1029610/1688186
Linux System Foundation Optimization Script--What you must do when you install the OS