CentOS-6.5 System Foundation optimization, with optimization script

Source: Internet
Author: User
Tags nameserver

Optimize content:

(1. Set the history record

(2. Add a normal user, set sudo permissions

(3. Disable root remote user login

(4. Modify the remote port

(5. Thin boot server

(6. Turn off SELinux

(7. Configure Iptables

(8. Modify the maximum number of connections Ulimit

(9. Disable the use of Ctrl+alt+del shortcuts to restart the server

(10. Modify the default DNS

(11. Install the necessary software, update the Yum source [Epel Source]

(12. Update the kernel and software to the latest version

(13. Optimize the kernel parameters [adjust according to the actual situation]

(14. Remove The last login information

(15. Turn off the boot display kernel information


1. Set History

Echo ' Export histfile= $HOME/.bash_historyexport histsize=2000export histfilesize=2000export histtimeformat= "%F%T" WhoAmI ' "Export prompt_command=" HISTORY-A; History-c; History-r; " Shopt-s histappendtypeset-r prompt_commandtypeset-r histtimeformat ' >/etc/profile.d/history.shsource/etc/ Profile

2. Add a normal user, set sudo permissions

Username= ' Dyt ' password= ' dyt2015 ' useradd $username; echo $password | passwd--stdin $usernamesed-i "98 a$username all= (All) Nopasswd:all"/etc/sudoers

3. Disable root remote user login

Sed-i ' s/#PermitRootLogin yes/permitrootlogin no/'/etc/ssh/sshd_config

4. Modify the remote port

Sed-i ' s/#Port 22/port 9527/'/etc/ssh/sshd_config/etc/init.d/sshd restart

5. Lite Boot Server

For server in ' Chkconfig--list|egrep-v ' crond|network|rsyslog|sshd|iptables ' |awk ' {print '} ';d o chkconfig $server off ; Done

6. Turn off SELinux

Sed-i ' s/selinux=enforcing/selinux=disabled/'/etc/selinux/configsetenforce 0

7. Configure Iptables

/etc/init.d/iptables restartiptables-fiptables-xiptables-ziptables-a input-p icmp-j acceptiptables-a input-i lo-j  accept# allow an IP segment remote access sshiptables-a input-p tcp-m tcp--dport 9527-s 192.168.64.0/24-j accept# Open 80 port iptables-a input-p Tcp-m TCP--dropt 80-j accept# allow all requests for an IP iptables-a input-p all-s 124.43.56.90/30-j acceptiptables-a input-m Stat E--state related,established-j acceptiptables-p INPUT dropiptables-p OUTPUT acceptiptables-p FORWARD drop/etc/init.d/ Iptables save/etc/init.d/iptables Restart

8. Modify the maximum number of connections Ulimit

#方法有很多, not necessarily this kind of echo ' *-noproc 65535 ' >>/etc/security/limits.confecho ' *-nofile 65535 ' >>/etc/securit Y/limits.conf

9. Disable the use of Ctrl+alt+del shortcut keys to restart the server

Sed-i "S/start on control-alt-delete/#start on control-alt-delete/g"/etc/init/control-alt-delete.conf

10. Modify the default DNS

echo "NameServer 8.8.8.8" >/etc/resolv.confecho "nameserver 8.8.4.4" >>/etc/resolv.conf

11. Install the necessary software and update the Yum source [Epel Source]

#根据个人公司情况, here are just a list of your favorite software and yum sources, change the Yum source yum-y install gcc gcc-c++ openssl-devel openssh-clients wget make Lrzsz unzip Z according to the actual situation IP xz ntpdate lsof telnet epel-release vim tree kernel-devel kernel

12. Update the kernel and software to the latest version

Yum-y Upgrade

13. Optimize kernel parameters [adjust according to the actual situation]

echo -e  "net.core.somaxconn = 262144"  >> /etc/sysctl.confecho -e   "net.core.netdev_max_backlog = 262144"  >> /etc/sysctl.confecho -e  " net.core.wmem_default = 8388608 " >> /etc/sysctl.confecho -e " Net.core.rmem _default = 8388608 " >> /etc/sysctl.confecho -e " net.core.rmem_max =  16777216 " >> /etc/sysctl.confecho -e " net.core.wmem_max = 16777216 "  >> /etc/sysctl.confecho -e  "Net.ipv4.route.gc_timeout = 20"  >>  /etc/sysctl.confecho -e  "net.ipv4.ip_local_port_range = 1024 65535"  > > /etc/sysctl.confecho -e  "Net.ipv4.tcp_retries2 = 5"  >> /etc/ sysctl.confecho -e  "Net.ipv4.tcp_fin_timeout = 30"  >> /etc/sysctl.confecho  -e  "net.ipv4.tCp_syn_retries = 1 " >> /etc/sysctl.confecho -e " Net.ipv4.tcp_synack_ Retries = 1 " >> /etc/sysctl.confecho -e " net.ipv4.tcp_timestamps =  0 " >> /etc/sysctl.confecho -e " net.ipv4.tcp_tw_recycle = 1 "  >> /etc/sysctl.confecho -e  "Net.ipv4.tcp_tw_reuse = 1"  >> /etc/ sysctl.confecho -e  "net.ipv4.tcp_keepalive_time = 120"  >> /etc/ sysctl.confecho -e  "Net.ipv4.tcp_keepalive_probes = 3"  >> /etc/ sysctl.confecho -e  "Net.ipv4.tcp_keepalive_intvl = 15"  >> /etc/ sysctl.confecho -e  "net.ipv4.tcp_max_tw_buckets = 36000"  >> /etc/ sysctl.confecho -e  "net.ipv4.tcp_max_orphans = 3276800"  >> /etc/ sysctl.confecho -e  "net.ipv4.tcp_max_syn_backlog = 262144 " >> /etc/sysctl.confecho -e " net.ipv4.tcp_wmem = 8192 131072  16777216 " >> /etc/sysctl.confecho -e " net.ipv4.tcp_rmem = 32768  131072 16777216 " >> /etc/sysctl.confecho -e " net.ipv4.tcp_mem =  94500000 915000000 927000000 " >> /etc/sysctl.confecho -e " Net.ipv4.tcp_slow_start_after_idle = 0 " >> /etc/sysctl.confecho -e " Vm.swappiness = 0 " >> /etc/sysctl.confecho -e " kernel.panic = 5 "  >> /etc/sysctl.confecho -e  "Kernel.panic_on_oops = 1"  >>  /etc/sysctl.conf  echo -e  "Kernel.core_pipe_limit = 0"  >> /etc/ sysctl.conf#iptables  firewall echo -e  "net.nf_conntrack_max = 25000000"  >>  /etc/sysctl.confecho -e  "Net.netfilter.nf_conntrack_max = 25000000 " >> /etc/sysctl.confecho -e " net.netfilter.nf_conntrack_tcp_timeout_established = 180 " >> /etc/sysctl.confecho  -e  "net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120"  >> /etc/ sysctl.confecho -e  "Net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60"  >>  /etc/sysctl.confecho -e  "net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120"  >> /etc/sysctl.confo

Removal of last login information

Touch ~/.hushlogin

This article is from the "ˉt, Stand Wentao ┃﹎" blog, please be sure to keep this source http://hypocritical.blog.51cto.com/3388028/1675289

CentOS-6.5 System Foundation optimization, with optimization script

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.