CentOS System Optimization

#!/bin/bash

#0. Disable SELinux

Setenforce 0

Sed-i ' s/selinux=enforcing/selinux=permissive/g '/etc/sysconfig/selinux

#1. Set IP Address

#

#read-P "input interface Num[eth0,eth1]:" int

#read-P "Input IP address:" IP

#read-P "input netmask:" Ms

#read-P "input Gateway:" GW

#

#cat >/etc/sysconfig/network-scripts/ifcfg-$int << EOF

#DEVICE = $int

#TYPE =ethernet

#ONBOOT =yes

#NM_CONTROLLED =no

#BOOTPROTO =static

#IPADDR = $ip

#NETMASK = $ms

#GATEWAY = $GW

#EOF

#

#2. Set DNS

#read-P "input DNS server[df:114.114.114.114]:" DNS

#if [$dns = 0];then

Dns= "114.114.114.114"

echo "NameServer $dns" >>/etc/resolv.conf

#else

#echo "NameServer $dns" >>/etc/resolv.conf

#fi

#3. Set Iptables

Iptables-f

Iptables-x

Iptables-z

/etc/init.d/iptables Save

Cat >/etc/sysconfig/iptables << EOF

*filter

: INPUT DROP [0:0]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [0:0]

-A input-m state--state related,established-j ACCEPT

-A input-i lo-j ACCEPT

-A input-s 10.0.8.0/24-j ACCEPT

-A input-s 10.0.10.0/24-j ACCEPT

-A input-s 121.9.13.0/24-p tcp-m state--state new-m tcp-j ACCEPT

-A input-s 121.9.243.0/24-p tcp-m state--state new-m tcp-j ACCEPT

COMMIT

Eof

/etc/init.d/iptables restart

#4. Add Login User

#pw = "x+y-z= ' echo ${ip} | Awk-f '. ' ' {print $NF} ' "

#useradd Youboy

#echo "$PW" |passwd--stdin Youboy

#5. Modify SSH Port

#sed-i ' s/#Port 22/port 22612/'/etc/ssh/sshd_config

#sed-i ' s/#PermitRootLogin yes/permitrootlogin no/'/etc/ssh/sshd_config

#/etc/init.d/sshd Reload

#6. Sync Time

Echo ' 0 0 * * */usr/sbin/ntpdate cn.pool.ntp.org ' >>/var/spool/cron/root

#7. The kernel optimization

Cat >/etc/sysctl.conf << EOF

Net.ipv4.ip_forward = 0

Net.ipv4.conf.default.rp_filter = 1

Net.ipv4.conf.default.accept_source_route = 0

KERNEL.SYSRQ = 0

Kernel.core_uses_pid = 1

Net.ipv4.tcp_syncookies = 1

KERNEL.MSGMNB = 65536

Kernel.msgmax = 65536

Kernel.shmmax = 68719476736

Kernel.shmall = 4294967296

Net.ipv4.tcp_max_tw_buckets = 20000

Net.ipv4.tcp_sack = 1

net.ipv4.tcp_window_scaling = 1

Net.ipv4.tcp_rmem = 4096 87380 4194304

Net.ipv4.tcp_wmem = 4096 16384 4194304

Net.core.wmem_default = 8388608

Net.core.rmem_default = 8388608

Net.core.rmem_max = 16777216

Net.core.wmem_max = 16777216

Net.core.netdev_max_backlog = 262144

Net.core.somaxconn = 262144

Net.ipv4.tcp_max_orphans = 3276800

Net.ipv4.tcp_max_syn_backlog = 262144

Net.ipv4.tcp_timestamps = 0

Net.ipv4.tcp_synack_retries = 1

Net.ipv4.tcp_syn_retries = 1

Net.ipv4.tcp_tw_recycle = 1

Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_mem = 94500000 915000000 927000000

Net.ipv4.tcp_fin_timeout = 1

Net.ipv4.tcp_keepalive_time = 1200

Net.ipv4.ip_local_port_range = 1024 65535

Net.ipv4.netfilter.ip_conntrack_max = 102400

net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 86400

Eof

#8. Set Connetions limit

Cat >>/etc/security/limits.conf << EOF

* Soft Nproc 4000

* Hard Nproc 4000

* Soft Nofile 65535

* Hard Nofile 65535

* Soft Stack 4000

* Hard Stack 4000

Eof

#9. Tunoff Powered up service

For i in ' ls/etc/rc3.d/s* '

Do

Cursrv= ' echo $i |cut-c 15-'

Echo $CURSRV

Case $CURSRV in

Network | sshd | syslog | Iptables |vncserver | LIBVIRTD |  libvirt-guests |  Master |  java | SNMPD)

echo "Base services, skip!"

;;

*)

echo "Change $CURSRV to Off"

Chkconfig--level 235 $CURSRV off

Service $CURSRV Stop

;;

Esac

Done

#10. Reboot

Echo ' System init is Done,now reboot! '

#init 6

CentOS System Optimization