Linux system optimization

Source: Internet
Author: User
Tags gpg i18n snmp stdin syslog rsyslog metalink aliyun

1. Configure the network Yum source
# 1 Yum Adjustments
Mkdir/etc/yum.repos.d/bak-p
mv/etc/yum.repos.d/*/etc/yum.repos.d/bak
Cat >/etc/yum.repos.d/centos-base.repo << EOF
[Base]
Name=centos-\ $releasever-base-mirrors.aliyun.com
Failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/\ $releasever/os/\ $basearch/
http://mirrors.aliyuncs.com/centos/\ $releasever/os/\ $basearch/
#mirrorlist =http://mirrorlist.centos.org/?release=\ $releasever &arch=\ $basearch &repo=os
Gpgcheck=1
Gpgkey=http://mirrors.aliyun.com/centos/rpm-gpg-key-centos-6

#released Updates
[Updates]
Name=centos-\ $releasever-updates-mirrors.aliyun.com
Failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/\ $releasever/updates/\ $basearch/
http://mirrors.aliyuncs.com/centos/\ $releasever/updates/\ $basearch/
#mirrorlist =http://mirrorlist.centos.org/?release=\ $releasever &arch=\ $basearch &repo=updates
Gpgcheck=1
Gpgkey=http://mirrors.aliyun.com/centos/rpm-gpg-key-centos-6

#additional packages that could be useful
[Extras]
Name=centos-\ $releasever-extras-mirrors.aliyun.com
Failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/\ $releasever/extras/\ $basearch/
http://mirrors.aliyuncs.com/centos/\ $releasever/extras/\ $basearch/
#mirrorlist =http://mirrorlist.centos.org/?release=\ $releasever &arch=\ $basearch &repo=extras
Gpgcheck=1
Gpgkey=http://mirrors.aliyun.com/centos/rpm-gpg-key-centos-6

#additional packages that extend functionality of existing packages
[Centosplus]
Name=centos-\ $releasever-plus-mirrors.aliyun.com
Failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/\ $releasever/centosplus/\ $basearch/
http://mirrors.aliyuncs.com/centos/\ $releasever/centosplus/\ $basearch/
#mirrorlist =http://mirrorlist.centos.org/?release=\ $releasever &arch=\ $basearch &repo=centosplus
Gpgcheck=1
Enabled=0
Gpgkey=http://mirrors.aliyun.com/centos/rpm-gpg-key-centos-6

#contrib-packages by Centos Users
[Contrib]
Name=centos-\ $releasever-contrib-mirrors.aliyun.com
Failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/\ $releasever/contrib/\ $basearch/
http://mirrors.aliyuncs.com/centos/\ $releasever/contrib/\ $basearch/
#mirrorlist =http://mirrorlist.centos.org/?release=\ $releasever &arch=\ $basearch &repo=contrib
Gpgcheck=1
Enabled=0
Gpgkey=http://mirrors.aliyun.com/centos/rpm-gpg-key-centos-6
Eof

Cat >/etc/yum.repos.d/epel.repo << EOF
[Epel]
Name=extra Packages for Enterprise Linux 6-\ $basearch
Baseurl=http://mirrors.aliyun.com/epel/6/\ $basearch
Http://mirrors.aliyuncs.com/epel/6/\ $basearch
#mirrorlist =https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=\ $basearch
Failovermethod=priority
Enabled=1
Gpgcheck=0
Gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-epel-6

[Epel-debuginfo]
Name=extra Packages for Enterprise Linux 6-\ $basearch-debug
Baseurl=http://mirrors.aliyun.com/epel/6/\ $basearch/debug
Http://mirrors.aliyuncs.com/epel/6/\ $basearch/debug
#mirrorlist =https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=\ $basearch
Failovermethod=priority
Enabled=0
Gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-epel-6
Gpgcheck=0

[Epel-source]
Name=extra Packages for Enterprise Linux 6-\ $basearch-source
Baseurl=http://mirrors.aliyun.com/epel/6/srpms
Http://mirrors.aliyuncs.com/epel/6/SRPMS
#mirrorlist =https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=\ $basearch
Failovermethod=priority
Enabled=0
Gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-epel-6
Gpgcheck=0
Eof
2. Turn off SELinux
#查看selinux的状态
Cat/etc/selinux/config | grep "selinux=" | Egrep-v "^#"
Selinux=enforcing
#关闭selinux, change the status to Disabled
[Email protected] ~]# sed-i "S#selinux=enforcing#selinux=disabled#g"/etc/selinux/config
[[email protected] ~]# Getenforce View the status of SELinux under the command line
Enforcing
[[email protected] ~]# Setenforce 0 allow SELinux to take effect under the command line
[[email protected] ~]# Getenforce Check the status of SELinux again
Permissive

3. Turn off the unused boot start item
How to use #CentOS 6
For Oldboy in ' chkconfig--list|grep 3:on|awk ' {print '} ';d o chkconfig--level 3 $oldboy off;done
For Oldboy in Crond network Rsyslog sshd;do chkconfig--level 3 $oldboy on;done
Chkconfig--list | grep 3:on

How to use #CentOS 5
For Oldboy in ' chkconfig--list|grep 3:on|awk ' {print '} ';d o chkconfig--level 3 $oldboy off;done
For Oldboy in Crond network syslog sshd;do chkconfig--level 3 $oldboy on;done
Chkconfig--list | grep 3:on


4. Close Iptables Firewall
[[email protected] ~]#/etc/init.d/iptables stop
iptables:flushing firewall rules: [OK]
Iptables:setting chains to Policy Accept:filter [OK]
iptables:unloading modules: [OK]
[Email protected] ~]#/etc/init.d/iptables status
Iptables:firewall is not running.

5. Modify the SSH configuration
cd/etc/ssh/
/BIN/CP sshd_config sshd_config.rfjer. ' Date +%y%m%d '
#修改远程登陆端口
[Email protected] ssh]# sed-i "s#\ #Port 22#port 52113#g" Sshd_config
[email protected] ssh]# Cat Sshd_config | grep "Port"
#禁止root登陆
Sed-i "s#\ #PermitRootLogin yes#permitrootlogin no#g" Sshd_config
Cat Sshd_config | grep "Permitrootlogin"
#禁止空密码登陆
Sed-i "s#\ #PermitEmptyPasswords no#permitemptypasswords no#g" Sshd_config
Cat Sshd_config | grep "Permitemptypasswords"
#不使用DNS
Sed-i "s#\ #UseDNS yes#usedns no#g" Sshd_config
Cat Sshd_config | grep "Usedns"
/etc/init.d/sshd restart

6. Modify the Chinese character set
Cp/etc/sysconfig/i18n/etc/sysconfig/i18n.rfjer. ' Date +%y%m%d '
Echo ' lang= ' ZH_CN. UTF-8 "' >/etc/sysconfig/i18n
source/etc/sysconfig/i18n

7. Time synchronization

Yum-y install wget unzip vim man BC GCC gcc-c++ OpenSSL openssl-devel kernel kernel-devel kernel-headers rsync lftp Bash Bash-completion bash-argsparse ncurses ncurses-devel bison bison-devel openssh-clients automake autoconf cmake gd Gd-deve L Curl curl-devel libxml2 libxml2-devel sysstat telnet net-snmp net-snmp-devel pcre pcre-devel mlocate libmcrypt libmcrypt -devel libxslt libxslt-devel lrzsz glibc ntpdate iftop lsof


\cp/usr/share/zoneinfo/asia/shanghai/etc/localtime-rf
Echo ' */5 * * * * */usr/sbin/ntpdate ntp.sjtu.edu.cn ' >>/var/spool/cron/root
Echo ' timezone= ' Asia/shanghai ' >/etc/sysconfig/clock
/usr/sbin/ntpdate ntp.sjtu.edu.cn

#CentOS 6
/usr/sbin/ntpdate time.nist.gov
echo ' #time sync by Rfjer at ' date +%y%m%d ' >>/var/spool/cron/root
Echo ' */5 * * * * */usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1 ' >>/var/spool/cron/root

#CentOS 5
/sbin/ntpdate time.nist.gov
echo ' #time sync by Rfjer at ' date +%y%m%d ' >>/var/spool/cron/root
Echo ' */5 * * * * */sbin/ntpdate time.nist.gov >/dev/null 2>&1 ' >>/var/spool/cron/root

8. enlarge File Descriptor
Echo ' *-nofile 65535 ' >>/etc/security/limits.conf


6. Adjust kernel parameters
/bin/cp/etc/sysctl.conf/etc/sysctl.conf.rfjer. ' Date +%y%m%d '
Cat >>/etc/sysctl.conf<<eof
Net.ipv4.tcp_fin_timeout = 2
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_keepalive_time = 600
Net.ipv4.ip_local_port_range = 4000 65000
Net.ipv4.tcp_max_syn_backlog = 16384
Net.ipv4.tcp_max_tw_buckets = 36000
Net.ipv4.route.gc_timeout = 100
Net.ipv4.tcp_syn_retries = 1
Net.ipv4.tcp_synack_retries = 1
Net.core.somaxconn = 16384
Net.core.netdev_max_backlog = 16384
Net.ipv4.tcp_max_orphans = 16384
Net.ipv4.ip_conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_max=25000000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
Net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120
Eof
[Email protected] ssh]# sysctl-p

If the above error is reported, it can not be used and, this is due to the iptables shutdown caused by


CentOS 5 Optimized Batch Script
cd/etc/yum.repos.d/
/BIN/MV Centos-base.repo centos-base.repo.rfjer. ' Date +%y%m%d '
wget Http://mirrors.sohu.com/help/CentOS-Base-sohu.repo
/BIN/MV Centos-base-sohu.repo Centos-base.repo
Yum Makecache
Yum-y Install Lrzsz Sysstat
Yum-y Upgrade
Sed-i "S#selinux=enforcing#selinux=disabled#g"/etc/selinux/config
Setenforce 0
For Oldboy in ' chkconfig--list|grep 3:on|awk ' {print '} ';d o chkconfig--level 3 $oldboy off;done
For Oldboy in Crond network syslog sshd;do chkconfig--level 3 $oldboy on;done
Chkconfig--list | grep 3:on
/etc/init.d/iptables stop
cd/etc/ssh/
/BIN/CP sshd_config sshd_config.rfjer. ' Date +%y%m%d '
Sed-i "s#\ #Port 22#port 52113#g" Sshd_config
Sed-i "s#\ #PermitRootLogin yes#permitrootlogin no#g" Sshd_config
Sed-i "s#\ #PermitEmptyPasswords no#permitemptypasswords no#g" Sshd_config
Sed-i "s#\ #UseDNS yes#usedns no#g" Sshd_config
/etc/init.d/sshd restart
Cp/etc/sysconfig/i18n/etc/sysconfig/i18n.rfjer. ' Date +%y%m%d '
Echo ' lang= ' zh_cn.gb18030 ' >/etc/sysconfig/i18n
source/etc/sysconfig/i18n
/sbin/ntpdate time.nist.gov
echo ' #time sync by Rfjer at ' date +%y%m%d ' >>/var/spool/cron/root
Echo ' */5 * * * * */sbin/ntpdate time.nist.gov >/dev/null 2>&1 ' >>/var/spool/cron/root
Echo ' *-nofile 65535 ' >>/etc/security/limits.conf
/bin/cp/etc/sysctl.conf/etc/sysctl.conf.rfjer. ' Date +%y%m%d '
Cat >>/etc/sysctl.conf<<eof
Net.ipv4.tcp_fin_timeout = 2
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_keepalive_time = 600
Net.ipv4.ip_local_port_range = 4000 65000
Net.ipv4.tcp_max_syn_backlog = 16384
Net.ipv4.tcp_max_tw_buckets = 36000
Net.ipv4.route.gc_timeout = 100
Net.ipv4.tcp_syn_retries = 1
Net.ipv4.tcp_synack_retries = 1
Net.core.somaxconn = 16384
Net.core.netdev_max_backlog = 16384
Net.ipv4.tcp_max_orphans = 16384
Net.ipv4.ip_conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_max=25000000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
Net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120
Eof
Sysctl-p
Useradd Rfjer
echo ' Junfeng ' | passwd--stdin Rfjer
Sed-i ' Grep-n "^root"/etc/sudoers | Cut-d ': '-F 1 ' a Rfjer all= (all) all '/etc/sudoers
History-c



CentOS 6 Optimized Batch Script
cd/etc/yum.repos.d/
/BIN/MV Centos-base.repo centos-base.repo.rfjer. ' Date +%y%m%d '
wget Http://mirrors.163.com/.help/CentOS6-Base-163.repo
/BIN/MV Centos6-base-163.repo Centos-base.repo
Yum Makecache
Yum-y Install Lrzsz Sysstat
Yum-y Upgrade
Sed-i "S#selinux=enforcing#selinux=disabled#g"/etc/selinux/config
Setenforce 0
For Oldboy in ' chkconfig--list|grep 3:on|awk ' {print '} ';d o chkconfig--level 3 $oldboy off;done
For Oldboy in Crond network Rsyslog sshd;do chkconfig--level 3 $oldboy on;done
Chkconfig--list | grep 3:on
/etc/init.d/iptables stop
cd/etc/ssh/
/BIN/CP sshd_config sshd_config.rfjer. ' Date +%y%m%d '
Sed-i "s#\ #Port 22#port 52113#g" Sshd_config
Sed-i "s#\ #PermitRootLogin yes#permitrootlogin no#g" Sshd_config
Sed-i "s#\ #PermitEmptyPasswords no#permitemptypasswords no#g" Sshd_config
Sed-i "s#\ #UseDNS yes#usedns no#g" Sshd_config
/etc/init.d/sshd restart
Cp/etc/sysconfig/i18n/etc/sysconfig/i18n.rfjer. ' Date +%y%m%d '
Echo ' lang= ' zh_cn.gb2312 ' >/etc/sysconfig/i18n
source/etc/sysconfig/i18n
/usr/sbin/ntpdate time.nist.gov
echo ' #time sync by Rfjer at ' date +%y%m%d ' >>/var/spool/cron/root
Echo ' */5 * * * * */usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1 ' >>/var/spool/cron/root
Echo ' *-nofile 65535 ' >>/etc/security/limits.conf
/bin/cp/etc/sysctl.conf/etc/sysctl.conf.rfjer. ' Date +%y%m%d '
Cat >>/etc/sysctl.conf<<eof
Net.ipv4.tcp_fin_timeout = 2
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_keepalive_time = 600
Net.ipv4.ip_local_port_range = 4000 65000
Net.ipv4.tcp_max_syn_backlog = 16384
Net.ipv4.tcp_max_tw_buckets = 36000
Net.ipv4.route.gc_timeout = 100
Net.ipv4.tcp_syn_retries = 1
Net.ipv4.tcp_synack_retries = 1
Net.core.somaxconn = 16384
Net.core.netdev_max_backlog = 16384
Net.ipv4.tcp_max_orphans = 16384
Net.ipv4.ip_conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_max=25000000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
Net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120
Eof
Sysctl-p
Useradd Rfjer
echo ' Junfeng ' | passwd--stdin Rfjer
Sed-i ' Grep-n "^root"/etc/sudoers | Cut-d ': '-F 1 ' a Rfjer all= (all) all '/etc/sudoers
History-c


This article from "Ignorance is better than nothing" blog, please be sure to keep this source http://19930412.blog.51cto.com/6974556/1760983

Linux system optimization

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.