Optimize content:
(1. Set the history record
(2. Add a normal user, set sudo permissions
(3. Disable root remote user login
(4. Modify the remote port
(5. Thin boot server
(6. Turn off SELinux
(7. Configure Iptables
(8. Modify the maximum number of connections Ulimit
(9. Disable the use of Ctrl+alt+del shortcuts to restart the server
(10. Modify the default DNS
(11. Install the necessary software, update the Yum source [Epel Source]
(12. Update the kernel and software to the latest version
(13. Optimize the kernel parameters [adjust according to the actual situation]
(14. Remove The last login information
(15. Turn off the boot display kernel information
1. Set History
Echo ' Export histfile= $HOME/.bash_historyexport histsize=2000export histfilesize=2000export histtimeformat= "%F%T" WhoAmI ' "Export prompt_command=" HISTORY-A; History-c; History-r; " Shopt-s histappendtypeset-r prompt_commandtypeset-r histtimeformat ' >/etc/profile.d/history.shsource/etc/ Profile
2. Add a normal user, set sudo permissions
Username= ' Dyt ' password= ' dyt2015 ' useradd $username; echo $password | passwd--stdin $usernamesed-i "98 a$username all= (All) Nopasswd:all"/etc/sudoers
3. Disable root remote user login
Sed-i ' s/#PermitRootLogin yes/permitrootlogin no/'/etc/ssh/sshd_config
4. Modify the remote port
Sed-i ' s/#Port 22/port 9527/'/etc/ssh/sshd_config/etc/init.d/sshd restart
5. Lite Boot Server
For server in ' Chkconfig--list|egrep-v ' crond|network|rsyslog|sshd|iptables ' |awk ' {print '} ';d o chkconfig $server off ; Done
6. Turn off SELinux
Sed-i ' s/selinux=enforcing/selinux=disabled/'/etc/selinux/configsetenforce 0
7. Configure Iptables
/etc/init.d/iptables restartiptables-fiptables-xiptables-ziptables-a input-p icmp-j acceptiptables-a input-i lo-j accept# allow an IP segment remote access sshiptables-a input-p tcp-m tcp--dport 9527-s 192.168.64.0/24-j accept# Open 80 port iptables-a input-p Tcp-m TCP--dropt 80-j accept# allow all requests for an IP iptables-a input-p all-s 124.43.56.90/30-j acceptiptables-a input-m Stat E--state related,established-j acceptiptables-p INPUT dropiptables-p OUTPUT acceptiptables-p FORWARD drop/etc/init.d/ Iptables save/etc/init.d/iptables Restart
8. Modify the maximum number of connections Ulimit
#方法有很多, not necessarily this kind of echo ' *-noproc 65535 ' >>/etc/security/limits.confecho ' *-nofile 65535 ' >>/etc/securit Y/limits.conf
9. Disable the use of Ctrl+alt+del shortcut keys to restart the server
Sed-i "S/start on control-alt-delete/#start on control-alt-delete/g"/etc/init/control-alt-delete.conf
10. Modify the default DNS
echo "NameServer 8.8.8.8" >/etc/resolv.confecho "nameserver 8.8.4.4" >>/etc/resolv.conf
11. Install the necessary software and update the Yum source [Epel Source]
#根据个人公司情况, here are just a list of your favorite software and yum sources, change the Yum source yum-y install gcc gcc-c++ openssl-devel openssh-clients wget make Lrzsz unzip Z according to the actual situation IP xz ntpdate lsof telnet epel-release vim tree kernel-devel kernel
12. Update the kernel and software to the latest version
Yum-y Upgrade
13. Optimize kernel parameters [adjust according to the actual situation]
echo -e "net.core.somaxconn = 262144" >> /etc/sysctl.confecho -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.confecho -e " net.core.wmem_default = 8388608 " >> /etc/sysctl.confecho -e " Net.core.rmem _default = 8388608 " >> /etc/sysctl.confecho -e " net.core.rmem_max = 16777216 " >> /etc/sysctl.confecho -e " net.core.wmem_max = 16777216 " >> /etc/sysctl.confecho -e "Net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.confecho -e "net.ipv4.ip_local_port_range = 1024 65535" > > /etc/sysctl.confecho -e "Net.ipv4.tcp_retries2 = 5" >> /etc/ sysctl.confecho -e "Net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.confecho -e "net.ipv4.tCp_syn_retries = 1 " >> /etc/sysctl.confecho -e " Net.ipv4.tcp_synack_ Retries = 1 " >> /etc/sysctl.confecho -e " net.ipv4.tcp_timestamps = 0 " >> /etc/sysctl.confecho -e " net.ipv4.tcp_tw_recycle = 1 " >> /etc/sysctl.confecho -e "Net.ipv4.tcp_tw_reuse = 1" >> /etc/ sysctl.confecho -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/ sysctl.confecho -e "Net.ipv4.tcp_keepalive_probes = 3" >> /etc/ sysctl.confecho -e "Net.ipv4.tcp_keepalive_intvl = 15" >> /etc/ sysctl.confecho -e "net.ipv4.tcp_max_tw_buckets = 36000" >> /etc/ sysctl.confecho -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/ sysctl.confecho -e "net.ipv4.tcp_max_syn_backlog = 262144 " >> /etc/sysctl.confecho -e " net.ipv4.tcp_wmem = 8192 131072 16777216 " >> /etc/sysctl.confecho -e " net.ipv4.tcp_rmem = 32768 131072 16777216 " >> /etc/sysctl.confecho -e " net.ipv4.tcp_mem = 94500000 915000000 927000000 " >> /etc/sysctl.confecho -e " Net.ipv4.tcp_slow_start_after_idle = 0 " >> /etc/sysctl.confecho -e " Vm.swappiness = 0 " >> /etc/sysctl.confecho -e " kernel.panic = 5 " >> /etc/sysctl.confecho -e "Kernel.panic_on_oops = 1" >> /etc/sysctl.conf echo -e "Kernel.core_pipe_limit = 0" >> /etc/ sysctl.conf#iptables firewall echo -e "net.nf_conntrack_max = 25000000" >> /etc/sysctl.confecho -e "Net.netfilter.nf_conntrack_max = 25000000 " >> /etc/sysctl.confecho -e " net.netfilter.nf_conntrack_tcp_timeout_established = 180 " >> /etc/sysctl.confecho -e "net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120" >> /etc/ sysctl.confecho -e "Net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60" >> /etc/sysctl.confecho -e "net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120" >> /etc/sysctl.confo
Removal of last login information
Touch ~/.hushlogin
This article is from the "ˉt, Stand Wentao ┃﹎" blog, please be sure to keep this source http://hypocritical.blog.51cto.com/3388028/1675289
CentOS-6.5 System Foundation optimization, with optimization script