1. Turn off SELinux
[[email protected] ~]# setenforce 0[[email protected] ~]# getenforcepermissive[[email protected] ~]# sed-i ' S#selinux=enf Orcing#selinux=disabled#g '/etc/selinux/config[[email protected] ~]# grep "selinux=disabled"-C 2/etc/selinux/config# Permissive-selinux prints warnings instead of enforcing.# disabled-no SELinux policy is loaded. selinux=disabled# Selinuxtype= can take one of these, values:# targeted-targeted processes is protected,
[[Email protected] ~]# /etc/init.d/iptables stopiptables: setting chains to policy ACCEPT: filter [ ok ]iptables: flushing firewall rules: [ OK ]iptables: Unloading modules: [ OK ][[email protected] ~]# chkconfig --level 3 iptables off[[email protected] ~]# chkconfig -- list iptablesiptables 0:off 1:off 2:on 3:off 4:on 5:on 6:o FF NOTE: If the front end of the production environment server has no hardware firewall and the server has a public IP, you need to turn on iptables
3. Set the operating level of the system
[Email protected] ~]# tail/etc/inittab# Default runlevel. The runlevels used are:# 0-halt (do not set Initdefault to this) # 1-single user mode# 2-multiuser, without NFS (The same as 3, if you don't have networking) # 3-full multiuser mode# 4-unused# 5-x11# 6-reboot Set Initdefault to this) # Id:3:initdefault: Note: The production environment does not need to install the desktop environment
4, set the system hostname and resolution
[[email protected] ~]# vim /etc/sysconfig/ networknetworking=yeshostname=node1[[email protected] ~]# echo "' Ifconfig eth0|awk -f "[ :]+" ' nr==2{print $4} ' ' hostname ' " >> /etc/hosts[[email protected] ~]# tail -1 /etc/hosts192.168.100.128 node1[[email protected] ~]# ping node1ping node1 (192.168.100.128) 56 (+) bytes of data.64 bytes from node1 (192.168.100.128): icmp_seq=1 ttl=64 time= 0.157 ms64 bytes from node1 (192.168.100.128): icmp_seq=2 ttl=64 time= 0.043 ms64 bytes from node1 (192.168.100.128): icmp_seq=3 ttl=64 time= 0.044 ms64 bytes from node1 (192.168.100.128): icmp_seq=4 ttl=64 time= 0.100 ms Comment: equivalent to LAN DNS
5. Streamlined boot-up service
Method 1[[email protected] ~]# for name in ' Chkconfig--list|grep ' 3:on ' |awk ' {print '} ' |egrep-v ' crond|network|rsyslog|sshd| Sysstat "';d o chkconfig $name Off;done method 2[[email protected] ~]# chkconfig--list|grep" 3:on "|awk ' {print \ {} ' |egrep-v ' CRO Nd|network|rsyslog|sshd|sysstat "|sed-r ' s# (. *) #chkconfig \1 off#g ' |bash method 3[[email protected] ~]# chkconfig--list| grep "3:on" |awk ' {print $} ' |egrep-v ' Crond|network|rsyslog|sshd|sysstat ' |awk ' {print ' chkconfig ' ' Off '} ' |bash
6. SSH Remote Connection optimization
[[Email protected] ~]# cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config_$ (date +%y%m%d) [[Email protected] ~]# vim /etc/ssh/sshd_configport 51898listenaddress 192.168.100.128protocol 2usedns nopermitrootlogin nogssapiauthentication no[[email protected] ~]# /etc/init.d/sshd restartStopping sshd: [ OK ]Starting sshd: [ ok ][[email protected] ~]# netstat -tnlup|grep "51898" tcp 0 192.168.100.128:51898 0.0.0.0:* listen 2413/sshd[[email protected] ~]# ps -ef| grep "sshd" |grep -v "grep" root 1792  1  0 21:20 ?        00:00:01 SSHD: [email protected]/0root 2413 1 0 23:16 ? 00:00:00 /usr/sbin/sshd
7. Setting the system character set
[Email protected] ~]# export Lang=en[[email protected] ~]# echo $LANGen [[email protected] ~]# sed-i ' s#lang= ' en_US. UTF-8 "#LANG =" zh_cn. UTF-8 "#g '/etc/sysconfig/i18n[[email protected] ~]# cat/etc/sysconfig/i18nlang=" ZH_CN. UTF-8 "sysfont=" Latarcyrheb-sun16 "[[email protected] ~]# Source/etc/sysconfig/i18n[[email protected] ~]# echo $LANGzh _ CN. UTF-8 Note: The production environment recommends using the English character set to prevent garbled characters
8. Synchronize Network time server
[Email protected] ~]# ntpdate 0.pool.ntp.org30 15:38:17 ntpdate[2517]: Adjust time server 120.25.108.11 offset-0.000 251 Sec[[email protected] ~]# hwclocktue (11:38:21 PM CST-0.320182 seconds[[email protected] ~]# crontab-e## # #Synchronization Network Time SERVER####*/5 * * * */usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null[[email protected ] ~]# crontab-l### #Synchronization Network Time SERVER####*/5 * * * */usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
[[Email protected] ~]# export histsize=100[[email protected] ~]# export HISTFILESIZE=100[[email protected] ~]# export TMOUT=300[[email protected] ~]# echo $HISTSIZE 100[[email protected] ~]# echo $HISTFILESIZE 100[[email protected] ~]# echo $TMOUT 300[[email protected] ~]# vim /etc/ Profilehistsize=100export histfilesize=100export tmout=300# history by linbin at 2017-01-11user_ip= ' who -u am i 2>/dev/null|awk ' {print $NF} ' |sed - e ' s/[()] //g ' histdir=/usr/share/.historyif [ -z $USER _ip ]thenuser_ip= ' Hostname ' fiif [ ! -d $HISTDIR ]thenmkdir -p $HISTDIRchmod 777 $ histdirfiif [ ! -d $HISTDIR/${logname} ]thenmkdir -p $HISTDIR/${logname} chmod 300 $HISTDIR/${logname}fidt= ' date +%y%m%d_%h%m%s ' export histfile= "$HISTDIR/${logname}/${user_ip}.history. $DT" export Histtimeformat= "[%y.%m.%d %h:%m:%s]" chmod 600 $HISTDIR/${logname}/*.history* 2>/dev/ Null[[email protected] ~]# source /etc/profile
10. Set the System file descriptor number
[[email protected] ~]# ulimit-n1024[[email protected] ~]# ulimit-shn 65535[[email protected] ~]# Ulimit-n65535[[email p Rotected] ~]# echo "*-nofile 65535" >>/etc/security/limits.conf
11. Set the system alias
[[email protected] ~]# alias grep= ' grep--color=auto ' [[email protected] ~]# alias egrep= ' egrep--color=auto ' [[Email Prote CTED] ~]# alias ll= ' ls-l--color=auto--time-style=long-iso ' [[email protected] ~]# cat >>/etc/bashrc<<eofal IAS grep= ' grep--color=auto ' Alias egrep= ' Egrep--color=auto ' Alias ll= ' ls-l--color=auto--time-style=long-iso ' EOF[[ Email protected] ~]# tail-3/etc/bashrcalias grep= ' grep--color=auto ' Alias egrep= ' Egrep--color=auto ' Alias ll= ' Ls-l--co Lor=auto--time-style=long-iso ' [[email protected] ~]# SOURCE/ETC/BASHRC
12, update domestic yum source (Aliyun, 163)
[[email protected] ~]# cp -a /etc/yum.repos.d/centos-base.repo /etc/yum.repos.d/ centos-base.repo-$ (date +%y%m%d) [[email protected] ~]# wget -o /etc/yum.repos.d/ Centos-base.repo http://mirrors.aliyun.com/repo/centos-6.repo--2016-08-30 15:54:20-- http ://mirrors.aliyun.com/repo/centos-6.reporesolving mirrors.aliyun.com... 115.28.122.210, 112.124.140.210connecting to mirrors.aliyun.com|115.28.122.210|:80... connected. http request sent, awaiting response... 200 oklength: 2572 (2.5K) [application/octet-stream]Saving to: "/etc/yum.repos.d/centos-base.repo" 100%[================= ==================================================================================================>] 2,572 --.-k/s in 0s2016-08-30 15:54:20 (178 &NBSP;MB/S) - "/etc/yum.repoS.d/centos-base.repo " saved [2572/2572][[email protected] ~]# yum makecache
13. Hide the system version information and set the login prompt
[[Email protected] ~]# >/etc/issue.net[[email protected] ~]# >/etc/issue[[email protected] ~]# echo "welcom to Lin UX Server ">>/etc/motd[[email protected] ~]# cat/etc/motdwelcom to Linux serverlast login:tue 30 21:30:16 201 6 from 192.168.100.1Welcom to Linux Server[[email protected] ~]#
14, adjust the system kernel parameters
[email protected] ~]# cat >>/etc/sysctl.conf<<eof # Kernel by linbin at 2017-01-11net.ipv4.tcp_fin_timeout = 2net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_max_tw_buckets = 5000net.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.tcp_keepalive_time = 600net.ipv4.ip_local_port_range = 4000 65000net.ipv4.route.gc_timeout = 100net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_synack_retries = 1net.core.somaxconn = 16384net.core.netdev_max_backlog = 16384net.ipv4.tcp_max_orphans = 16384eof[[email protected] ~]# sysctl-p
15, Set grub menu password
[[email protected] ~]# grub-md5-cryptpassword:retype password:$1$hz0px$imrsica766l/ 8urrwykmw0[[email protected] ~]# vim /boot/grub/grub.conf# grub.conf generated by anaconda## note that you do not have to rerun grub after making changes to this file# notice: you have a /boot partition. This means that# all kernel and initrd paths are relative to /boot/, eg.# root (hd0,0) # kernel /vmlinuz-version ro root=/dev/sda3# initrd /initrd-[generic-]version.img#boot=/dev/ Sdadefault=0timeout=5splashimage= (hd0, 0)/grub/splash.xpm.gzhiddenmenupassword --md5 $1$hz0px$imrsica766l/8urrwykmw0title centos 6 (2.6.32-504.el6.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-504.el6.x86_64 ro root=uuid= B26e3928-3456-4d4c-8e0f-142833566be5 rd_no_luks rd_no_lvm lang=en_us. utf-8 rd_no_md sysfont=latarcyrheb-sun16 crashkernel=auto keyboardtype=pc keytable=us rd_no_dm rhgb quiet initrd / Initramfs-2.6.32-504.el6.x86_64.img
This article is from the "idle to chit chat when" blog, please be sure to keep this source http://laokebang.blog.51cto.com/12486963/1891149
Linux Basic optimization