Optimize content: (1. Set the history record (2. Add a normal user, set sudo permissions (3. Disable SELinux (4. Configure Iptables (5. Disable root remote user login (6. Modify the remote port (7. Thin boot server (8. Modify the maximum number of connections Ulimit (9. Disable the use of Ctrl+alt+del shortcut keys to restart the server (10. Modify the default DNS (11. Optimize kernel parameters [adjust according to actual situation]---------------------------------------------- ---------------------------------------------Optimize content: (1. Set history #/bin/bash date= ' date-d now +%y%m%d%h%m%s ' #echo $DATECP/etc/profile/etc/profile_$date echo-ne "Histfilesize=2000histsize=2000export histtimeformat=\"%Y%m%d-%H%M% S:\ "Export prompt_command= ' {command=\$ (History 1 | {read x y; echo \ $y;} | cut-d \ ": \"-f2-); logger-p local1.notice-t bash \ "(user=\ $USER, ppid=\ $PPID, from=\ $SSH _client,pwd=\ $PWD, ssh_tty=\$ ssh_tty,cmd=\ $command) \ ";}" >/etc/profile.d/history.shsource/etc/profile (2. Add a normal user, set sudo permissions #!/bin/bashdate= ' date-d now +%y%m%d%h%m%s ' dir=/ etc# Enter User ID, username, password Uid=511name=chaorenmima=chaorenbuhuifei useradd-u $uid $nameecho "$mima" | passwd--stdin $nameecho "$name add OK, password $mima" cp $dir/sudoers $dir/sudoers-${date}.bakchmod u+w $dir/sudoerssed-I '/^root/a ' $name ' \tall= (All) \tnopasswd:all ' $dir/sudoers#echo "' $name ' all= (All) nopasswd:all" >> $dir/sudoer Schmod u-w $dir/sudoersecho "${name} sudo permissions added successfully" (3. Disable SELinux (4. Configure Iptables (5. Disable root remote user login (6. Modify Remote port #!/bin/bashdate= ' date-d now +%y%m%d%h%m%s ' chkconfig--list|grep iptableschkconfig iptables off Cp/etc/sysconfig/iptables/etc/sysconfig /iptables_$datesed-i '/--dport 22/a-a input-m state--state new-m tcp-p TCP--dport 5959-j ACCEPT '/ETC/SYSCONFIG/IP Tablesservice iptables Stop Setenforce 0sed-i-E ' s| Selinux=enforcing| selinux=disabled| '/etc/sysconfig/selinux cp/etc/ssh/sshd_config/etc/ssh/sshd_config_$datesed-i '/#Port 22/i Port 5959 '/etc/ssh/sshd_configsed-i '/#PermitRootLogin/I permitrootlogin no '/etc/ssh/sshd_configservice sshd Restart (7. Thin boot server (8. Modify the maximum number of connections Ulimit (9. Disable the use of Ctrl+alt+del shortcut keys to restart the server (10. Modify the default dns#!/bin/bashdate= ' date-d now +%y%m%d%h%m %s ' for server in ' Chkconfig--list|egrep-v ' crond|network|rsyslog|sshd|iptables ' |awk ' {print '} ';d o chkconfig $server off; Donecp/etc/security/limits.conf/etc/security/limits.conf_$dateecho ' *-noproc 65535 ' >>/etc/security/limits. Confecho ' *-nofile 65535 ' >>/etc/security/limits.conf cp/etc/init/control-alt-delete.conf/etc/init/control-a Lt-delete.conf_$datesed-i "S/start on control-alt-delete/#start on control-alt-delete/g"/etc/init/ control-alt-delete.conf Cp/etc/resolv.conf/etc/resolv.conf_$dateecho "NameServer 202.106.0.20" >/etc/ Resolv.confecho "NameServer 8.8.4.4" >>/etc/resolv.conf (11. Optimize kernel parameters [adjust]#!/bin/bashdate= according to actual situation] date-d now +%y%m% d%h%m%s ' cp/etc/sysctl.conf/etc/sysctl.conf_$date echo-e "net.core.somaxconn = 262144" >>/etc/sysctl.confecho- E "Net.core.netdev_max_backlog = 262144" >>/etc/sysctl.confecho-e "Net.core.wmem_default = 8388608" >>/etc /sysctl.confecho-e "Net.core.rmem_default = 8388608" >>/etc/sysctl.confecho-e "Net.core.rmem_max = 16777216" ;>/etc/sysctl.confecho-e "Net.core.wmem_max = 16777216 ">>/etc/sysctl.confecho-e" net.ipv4.route.gc_timeout = ">>/etc/sysctl.confecho-e" Net.ipv4.ip_ Local_port_range = 1024x768 65535 ">>/etc/sysctl.confecho-e" net.ipv4.tcp_retries2 = 5 ">>/etc/sysctl.confecho -E "net.ipv4.tcp_fin_timeout =" >>/etc/sysctl.confecho-e "net.ipv4.tcp_syn_retries = 1" >>/etc/sysctl.c Onfecho-e "net.ipv4.tcp_synack_retries = 1" >>/etc/sysctl.confecho-e "net.ipv4.tcp_timestamps = 0" >>/etc/ Sysctl.confecho-e "net.ipv4.tcp_tw_recycle = 1" >>/etc/sysctl.confecho-e "net.ipv4.tcp_tw_reuse = 1" >>/et C/sysctl.confecho-e "Net.ipv4.tcp_keepalive_time =" >>/etc/sysctl.confecho-e "net.ipv4.tcp_keepalive_ Probes = 3 ">>/etc/sysctl.confecho-e" NET.IPV4.TCP_KEEPALIVE_INTVL = ">>/etc/sysctl.confecho-e" NET.IPV 4.tcp_max_tw_buckets = 36000 ">>/etc/sysctl.confecho-e" Net.ipv4.tcp_max_orphans = 3276800 ">>/etc/sysctl . Confecho-e "Net.ipv4.tcp_max_syn_bacKlog = 262144 ">>/etc/sysctl.confecho-e" Net.ipv4.tcp_wmem = 8192 131072 16777216 ">>/etc/sysctl.confecho- E "Net.ipv4.tcp_rmem = 32768 131072 16777216" >>/etc/sysctl.confecho-e "Net.ipv4.tcp_mem = 94500000 915000000 9270 00000 ">>/etc/sysctl.confecho-e" net.ipv4.tcp_slow_start_after_idle = 0 ">>/etc/sysctl.confecho-e" vm.swappiness = 0 ">>/etc/sysctl.confecho-e" kernel.panic = 5 ">>/etc/sysctl.confecho-e" Kernel.panic_on_o OPS = 1 ">>/etc/sysctl.conf echo-e" kernel.core_pipe_limit = 0 ">>/etc/sysctl.conf#iptables firewall Echo-e" NE T.nf_conntrack_max = 25000000 ">>/etc/sysctl.confecho-e" Net.netfilter.nf_conntrack_max = 25000000 ">>/ Etc/sysctl.confecho-e "net.netfilter.nf_conntrack_tcp_timeout_established =" >>/etc/sysctl.confecho-e " net.netfilter.nf_conntrack_tcp_timeout_time_wait = ">>/etc/sysctl.confecho-e" Net.netfilter.nf_conntrack _tcp_timeout_close_wait = ">>/etc/sysCtl.confecho-e "net.netfilter.nf_conntrack_tcp_timeout_fin_wait =" >>/etc/sysctl.conf modprobe Bridgeecho " Modprobe Bridge ">>/etc/rc.local sysctl-p
This article is from the "Dandelion" blog, please be sure to keep this source http://6720116.blog.51cto.com/6710116/1763064
Centos 6.5 installed after installation settings, including scripts