Centos6.5 64-bit simple optimization and reinforcement script

 

# Update OS
Yum Update-y

# SELinux
Sed-I's/SELinux = enforcing/SELinux = disabled/G'/etc/sysconfig/SELinux
Setenforce 0

# Welcome Message
Echo 'web Server'>/etc/issue
Echo 'web Server'>/etc/RedHat-release

# Stop iptables
Service iptables stop
Chkconfig auditd off
Chkconfig BLK-availability off
Chkconfig ip6tables off
Chkconfig Postfix off
Chkconfig netfs off

# Del user
Userdel Adm
Userdel lp
Userdel Shutdown
Userdel halt
Userdel uuucp
Userdel Operator
Userdel games
Userdel Gopher

# Create administrator useuucp

Useradd user
Echo "123456" | passwd -- stdin user

Echo 'userall = (all) all'>/etc/sudoers

Echo 'Net. ipv4.tcp _ syncookies = 1'>/etc/sysctl. conf #1 enables syn cookies. When a SYN wait queue overflows, cookies are enabled to prevent a small number of SYN attacks. The default value is 0.
Echo 'Net. ipv4.tcp _ tw_reuse = 1'>/etc/sysctl. conf #1 is to enable reuse and allow time_ait sockets to be used for new TCP connections again. The default value is 0.
Echo 'Net. ipv4.tcp _ tw_recycle = 1'>/etc/sysctl. conf # number of TCP retransmission failures. The default value is 15. Reduce the number of times to release kernel resources.
Echo 'Net. ipv4.ip _ local_port_range = 4096 65000 '>/etc/sysctl. conf # port range available for Applications
Echo 'Net. ipv4.tcp _ max_tw_buckets = 5000 '>/etc/sysctl. conf # The system maintains the maximum number of time_wait sockets at the same time. If this number is exceeded, the time_wati socket is immediately cleared and the warning message is printed. The default value is 180000.
Echo 'Net. ipv4.tcp _ max_syn_backlog = 4096 '>/etc/sysctl. conf # enter the maximum Request queue of SYN flood. The default value is 1024.
Echo 'Net. Core. netdev_max_backlog = 100'>/etc/sysctl. conf # maximum device queue of data packets allowed to be sent to the queue. The default value is 10240.
Echo 'Net. Core. somaxconn = 000000'>/etc/sysctl. conf # maximum number of listen pending requests. The default value is 2048.
Echo 'Net. Core. wmem_default = 8388608 '>/etc/sysctl. conf # default value of the size of the sending Cache
Echo 'Net. Core. rmem_default = 8388608 '>/etc/sysctl. conf # accept the default value of the socket buffer size (in bytes)
Echo 'Net. Core. rmem_max = 16777216 '>/etc/sysctl. conf # maximum size of the receiving buffer
Echo 'Net. Core. wmem_max = 16777216 '>/etc/sysctl. conf # maximum size of the sending Buffer
Echo 'Net. ipv4.tcp _ synack_retries = 2'>/etc/sysctl. conf # Number of Retries in the SYN-ACK handshake status, 5 by default
Echo 'Net. ipv4.tcp _ syn_retries = 2'>/etc/sysctl. conf # Number of external SYN handshake retries. The default value is 4.
Echo 'Net. ipv4.tcp _ tw_recycle = 1'>/etc/sysctl. conf # enable quick recovery of time_wait sockets in TCP connections. The default value is 0.
Echo 'Net. ipv4.tcp _ max_orphans = 3276800 '>/etc/sysctl. conf # the maximum number of TCP sockets in the system is not associated with any user file handle. If this number is exceeded, the orphan connection is reset immediately and a warning is printed.
Echo 'Net. ipv4.tcp _ mem = 94500000 915000000 927000000 '>/etc/sysctl. conf

# Install packages
Yum-y install lrzsz GCC gcc-C ++ make PCRE-devel zlib-devel OpenSSL-devel NTP ntpdate rsync wget

Ntpdate cn.pool.ntp.org; clock-W

# Crontab ntpdate
#10 ***/usr/sbin/ntpdate cn.pool.ntp.org; clock-W

Echo '* Soft nofile 65536'>/etc/security/limits. conf
Echo '* hard nofile 65536'>/etc/security/limits. conf

Echo 'session required/lib/security/pam_limits.so '>/etc/PAM. d/login

Sed-I's/# permitrootlogin Yes/permitrootlogin no/G'/etc/ssh/sshd_config
Sed-I's/# permitemptypasswords no/G'/etc/ssh/sshd_config
Sed-I's/# usedns Yes/usedns no/G'/etc/ssh/sshd_config

# Iptables config
Iptables-F # clear firewall rules
Iptables-L # view firewall rules
Iptables-A input-p tcp -- dport 80-J accept
Iptables-A input-p tcp -- dport 22-J accept
Iptables-A input-p icmp-J accept
Iptables-P input drop

Echo "alias Vi = 'vim '">/root/. bashrc
Source/root/. bashrc

Centos6.5 64-bit simple optimization and reinforcement script