Linux Basic optimization

1. Turn off SELinux

[[email protected] ~]# setenforce 0[[email protected] ~]# getenforcepermissive[[email protected] ~]# sed-i ' S#selinux=enf     Orcing#selinux=disabled#g '/etc/selinux/config[[email protected] ~]# grep "selinux=disabled"-C 2/etc/selinux/config# Permissive-selinux prints warnings instead of enforcing.# disabled-no SELinux policy is loaded. selinux=disabled# Selinuxtype= can take one of these, values:# targeted-targeted processes is protected,

[[Email protected] ~]# /etc/init.d/iptables stopiptables: setting chains to  policy ACCEPT: filter          [   ok  ]iptables: flushing firewall rules:                          [   OK  ]iptables: Unloading modules:                                 [  OK  ][[email protected] ~]#  chkconfig --level 3 iptables off[[email protected] ~]# chkconfig -- list iptablesiptables        0:off   1:off    2:on     3:off   4:on    5:on    6:o FF NOTE: If the front end of the production environment server has no hardware firewall and the server has a public IP, you need to turn on iptables

3. Set the operating level of the system

[Email protected] ~]# tail/etc/inittab# Default runlevel.  The runlevels used are:# 0-halt (do not set Initdefault to this) # 1-single user mode# 2-multiuser, without NFS (The same as 3, if you don't have networking) # 3-full multiuser mode# 4-unused# 5-x11# 6-reboot Set Initdefault to this) # Id:3:initdefault: Note: The production environment does not need to install the desktop environment

4, set the system hostname and resolution

[[email protected] ~]# vim /etc/sysconfig/ networknetworking=yeshostname=node1[[email protected] ~]# echo  "' Ifconfig eth0|awk  -f "[ :]+"   ' nr==2{print $4} '    ' hostname ' " >> /etc/hosts[[email  protected] ~]# tail -1 /etc/hosts192.168.100.128  node1[[email  protected] ~]# ping node1ping node1  (192.168.100.128)  56 (+)  bytes of  data.64 bytes from node1  (192.168.100.128):  icmp_seq=1 ttl=64 time= 0.157 ms64 bytes from node1  (192.168.100.128):  icmp_seq=2 ttl=64 time= 0.043 ms64 bytes from node1  (192.168.100.128):  icmp_seq=3 ttl=64 time= 0.044 ms64 bytes from node1  (192.168.100.128):  icmp_seq=4 ttl=64 time= 0.100 ms Comment: equivalent to LAN DNS 

5. Streamlined boot-up service

Method 1[[email protected] ~]# for name in ' Chkconfig--list|grep ' 3:on ' |awk ' {print '} ' |egrep-v ' crond|network|rsyslog|sshd| Sysstat "';d o chkconfig $name Off;done method 2[[email protected] ~]# chkconfig--list|grep" 3:on "|awk ' {print \ {} ' |egrep-v ' CRO Nd|network|rsyslog|sshd|sysstat "|sed-r ' s# (. *) #chkconfig \1 off#g ' |bash method 3[[email protected] ~]# chkconfig--list| grep "3:on" |awk ' {print $} ' |egrep-v ' Crond|network|rsyslog|sshd|sysstat ' |awk ' {print ' chkconfig ' ' Off '} ' |bash

6. SSH Remote Connection optimization

[[Email protected] ~]# cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config_$ (date  +%y%m%d) [[Email protected] ~]# vim /etc/ssh/sshd_configport 51898listenaddress  192.168.100.128protocol 2usedns nopermitrootlogin nogssapiauthentication no[[email  protected] ~]# /etc/init.d/sshd restartStopping sshd:                                                [  OK  ]Starting sshd:                                                [  ok  ][[email protected] ~]# netstat -tnlup|grep  "51898" tcp         0      192.168.100.128:51898                   0.0.0.0:*                     listen      2413/sshd[[email protected] ~]# ps -ef| grep  "sshd" |grep -v  "grep" root      1792      1  0 21:20 ?        00:00:01 SSHD:  [email protected]/0root      2413     1   0 23:16 ?        00:00:00 /usr/sbin/sshd

7. Setting the system character set

[Email protected] ~]# export Lang=en[[email protected] ~]# echo $LANGen [[email protected] ~]# sed-i ' s#lang= ' en_US. UTF-8 "#LANG =" zh_cn. UTF-8 "#g '/etc/sysconfig/i18n[[email protected] ~]# cat/etc/sysconfig/i18nlang=" ZH_CN. UTF-8 "sysfont=" Latarcyrheb-sun16 "[[email protected] ~]# Source/etc/sysconfig/i18n[[email protected] ~]# echo $LANGzh _ CN. UTF-8 Note: The production environment recommends using the English character set to prevent garbled characters

8. Synchronize Network time server

[Email protected] ~]# ntpdate 0.pool.ntp.org30 15:38:17 ntpdate[2517]: Adjust time server 120.25.108.11 offset-0.000 251 Sec[[email protected] ~]# hwclocktue (11:38:21 PM CST-0.320182 seconds[[email protected] ~]# crontab-e## # #Synchronization Network Time SERVER####*/5 * * * */usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null[[email protected ] ~]# crontab-l### #Synchronization Network Time SERVER####*/5 * * * */usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null

[[Email protected] ~]# export histsize=100[[email protected] ~]# export  HISTFILESIZE=100[[email protected] ~]# export TMOUT=300[[email protected]  ~]# echo  $HISTSIZE 100[[email protected] ~]# echo  $HISTFILESIZE 100[[email  protected] ~]# echo  $TMOUT 300[[email protected] ~]# vim /etc/ Profilehistsize=100export histfilesize=100export tmout=300# history by linbin at  2017-01-11user_ip= ' who -u am i 2>/dev/null|awk  ' {print  $NF} ' |sed - e  ' s/[()] //g ' histdir=/usr/share/.historyif [ -z  $USER _ip ]thenuser_ip= ' Hostname ' fiif [ ! -d  $HISTDIR  ]thenmkdir -p  $HISTDIRchmod  777 $ histdirfiif [ ! -d  $HISTDIR/${logname} ]thenmkdir -p  $HISTDIR/${logname} chmod 300  $HISTDIR/${logname}fidt= ' date +%y%m%d_%h%m%s ' export histfile= "$HISTDIR/${logname}/${user_ip}.history. $DT" export  Histtimeformat= "[%y.%m.%d %h:%m:%s]" chmod 600  $HISTDIR/${logname}/*.history* 2>/dev/ Null[[email protected] ~]# source /etc/profile

10. Set the System file descriptor number

[[email protected] ~]# ulimit-n1024[[email protected] ~]# ulimit-shn 65535[[email protected] ~]# Ulimit-n65535[[email p Rotected] ~]# echo "*-nofile 65535" >>/etc/security/limits.conf

11. Set the system alias

[[email protected] ~]# alias grep= ' grep--color=auto ' [[email protected] ~]# alias egrep= ' egrep--color=auto ' [[Email Prote CTED] ~]# alias ll= ' ls-l--color=auto--time-style=long-iso ' [[email protected] ~]# cat >>/etc/bashrc<<eofal IAS grep= ' grep--color=auto ' Alias egrep= ' Egrep--color=auto ' Alias ll= ' ls-l--color=auto--time-style=long-iso ' EOF[[ Email protected] ~]# tail-3/etc/bashrcalias grep= ' grep--color=auto ' Alias egrep= ' Egrep--color=auto ' Alias ll= ' Ls-l--co Lor=auto--time-style=long-iso ' [[email protected] ~]# SOURCE/ETC/BASHRC

12, update domestic yum source (Aliyun, 163)

[[email protected] ~]# cp -a /etc/yum.repos.d/centos-base.repo /etc/yum.repos.d/ centos-base.repo-$ (date +%y%m%d) [[email protected] ~]# wget -o /etc/yum.repos.d/ Centos-base.repo http://mirrors.aliyun.com/repo/centos-6.repo--2016-08-30 15:54:20--  http ://mirrors.aliyun.com/repo/centos-6.reporesolving mirrors.aliyun.com... 115.28.122.210,  112.124.140.210connecting to mirrors.aliyun.com|115.28.122.210|:80... connected. http request sent, awaiting response... 200 oklength: 2572  (2.5K)  [application/octet-stream]Saving to:  "/etc/yum.repos.d/centos-base.repo" 100%[================= ==================================================================================================>]  2,572      --.-k/s   in 0s2016-08-30 15:54:20  (178  MB/S)  -  "/etc/yum.repoS.d/centos-base.repo " saved [2572/2572][[email protected] ~]# yum makecache 

13. Hide the system version information and set the login prompt

[[Email protected] ~]# >/etc/issue.net[[email protected] ~]# >/etc/issue[[email protected] ~]# echo "welcom to Lin UX Server ">>/etc/motd[[email protected] ~]# cat/etc/motdwelcom to Linux serverlast login:tue 30 21:30:16 201 6 from 192.168.100.1Welcom to Linux Server[[email protected] ~]#

14, adjust the system kernel parameters

[email protected] ~]# cat >>/etc/sysctl.conf<<eof # Kernel by linbin at 2017-01-11net.ipv4.tcp_fin_timeout = 2net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_max_tw_buckets = 5000net.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.tcp_keepalive_time = 600net.ipv4.ip_local_port_range = 4000 65000net.ipv4.route.gc_timeout = 100net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_synack_retries = 1net.core.somaxconn = 16384net.core.netdev_max_backlog = 16384net.ipv4.tcp_max_orphans = 16384eof[[email protected] ~]# sysctl-p

15, Set grub menu password

[[email protected] ~]# grub-md5-cryptpassword:retype password:$1$hz0px$imrsica766l/ 8urrwykmw0[[email protected] ~]# vim /boot/grub/grub.conf# grub.conf generated  by anaconda## note that you do not have to rerun grub  after making changes to this file# notice:  you have a  /boot partition.  This means that#           all kernel and initrd paths are relative to /boot/,  eg.#          root  (hd0,0) #           kernel /vmlinuz-version ro root=/dev/sda3#           initrd /initrd-[generic-]version.img#boot=/dev/ Sdadefault=0timeout=5splashimage= (hd0, 0)/grub/splash.xpm.gzhiddenmenupassword --md5 $1$hz0px$imrsica766l/8urrwykmw0title centos  6  (2.6.32-504.el6.x86_64)         root  (hd0,0)          kernel /vmlinuz-2.6.32-504.el6.x86_64 ro root=uuid= B26e3928-3456-4d4c-8e0f-142833566be5 rd_no_luks rd_no_lvm lang=en_us. utf-8 rd_no_md sysfont=latarcyrheb-sun16 crashkernel=auto  keyboardtype=pc  keytable=us rd_no_dm rhgb quiet        initrd / Initramfs-2.6.32-504.el6.x86_64.img

This article is from the "idle to chit chat when" blog, please be sure to keep this source http://laokebang.blog.51cto.com/12486963/1891149

Linux Basic optimization