1. Configure the network Yum source
# 1 Yum Adjustments
Mkdir/etc/yum.repos.d/bak-p
mv/etc/yum.repos.d/*/etc/yum.repos.d/bak
Cat >/etc/yum.repos.d/centos-base.repo << EOF
[Base]
Name=centos-\ $releasever-base-mirrors.aliyun.com
Failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/\ $releasever/os/\ $basearch/
http://mirrors.aliyuncs.com/centos/\ $releasever/os/\ $basearch/
#mirrorlist =http://mirrorlist.centos.org/?release=\ $releasever &arch=\ $basearch &repo=os
Gpgcheck=1
Gpgkey=http://mirrors.aliyun.com/centos/rpm-gpg-key-centos-6
#released Updates
[Updates]
Name=centos-\ $releasever-updates-mirrors.aliyun.com
Failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/\ $releasever/updates/\ $basearch/
http://mirrors.aliyuncs.com/centos/\ $releasever/updates/\ $basearch/
#mirrorlist =http://mirrorlist.centos.org/?release=\ $releasever &arch=\ $basearch &repo=updates
Gpgcheck=1
Gpgkey=http://mirrors.aliyun.com/centos/rpm-gpg-key-centos-6
#additional packages that could be useful
[Extras]
Name=centos-\ $releasever-extras-mirrors.aliyun.com
Failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/\ $releasever/extras/\ $basearch/
http://mirrors.aliyuncs.com/centos/\ $releasever/extras/\ $basearch/
#mirrorlist =http://mirrorlist.centos.org/?release=\ $releasever &arch=\ $basearch &repo=extras
Gpgcheck=1
Gpgkey=http://mirrors.aliyun.com/centos/rpm-gpg-key-centos-6
#additional packages that extend functionality of existing packages
[Centosplus]
Name=centos-\ $releasever-plus-mirrors.aliyun.com
Failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/\ $releasever/centosplus/\ $basearch/
http://mirrors.aliyuncs.com/centos/\ $releasever/centosplus/\ $basearch/
#mirrorlist =http://mirrorlist.centos.org/?release=\ $releasever &arch=\ $basearch &repo=centosplus
Gpgcheck=1
Enabled=0
Gpgkey=http://mirrors.aliyun.com/centos/rpm-gpg-key-centos-6
#contrib-packages by Centos Users
[Contrib]
Name=centos-\ $releasever-contrib-mirrors.aliyun.com
Failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/\ $releasever/contrib/\ $basearch/
http://mirrors.aliyuncs.com/centos/\ $releasever/contrib/\ $basearch/
#mirrorlist =http://mirrorlist.centos.org/?release=\ $releasever &arch=\ $basearch &repo=contrib
Gpgcheck=1
Enabled=0
Gpgkey=http://mirrors.aliyun.com/centos/rpm-gpg-key-centos-6
Eof
Cat >/etc/yum.repos.d/epel.repo << EOF
[Epel]
Name=extra Packages for Enterprise Linux 6-\ $basearch
Baseurl=http://mirrors.aliyun.com/epel/6/\ $basearch
Http://mirrors.aliyuncs.com/epel/6/\ $basearch
#mirrorlist =https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=\ $basearch
Failovermethod=priority
Enabled=1
Gpgcheck=0
Gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-epel-6
[Epel-debuginfo]
Name=extra Packages for Enterprise Linux 6-\ $basearch-debug
Baseurl=http://mirrors.aliyun.com/epel/6/\ $basearch/debug
Http://mirrors.aliyuncs.com/epel/6/\ $basearch/debug
#mirrorlist =https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=\ $basearch
Failovermethod=priority
Enabled=0
Gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-epel-6
Gpgcheck=0
[Epel-source]
Name=extra Packages for Enterprise Linux 6-\ $basearch-source
Baseurl=http://mirrors.aliyun.com/epel/6/srpms
Http://mirrors.aliyuncs.com/epel/6/SRPMS
#mirrorlist =https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=\ $basearch
Failovermethod=priority
Enabled=0
Gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-epel-6
Gpgcheck=0
Eof
2. Turn off SELinux
#查看selinux的状态
Cat/etc/selinux/config | grep "selinux=" | Egrep-v "^#"
Selinux=enforcing
#关闭selinux, change the status to Disabled
[Email protected] ~]# sed-i "S#selinux=enforcing#selinux=disabled#g"/etc/selinux/config
[[email protected] ~]# Getenforce View the status of SELinux under the command line
Enforcing
[[email protected] ~]# Setenforce 0 allow SELinux to take effect under the command line
[[email protected] ~]# Getenforce Check the status of SELinux again
Permissive
3. Turn off the unused boot start item
How to use #CentOS 6
For Oldboy in ' chkconfig--list|grep 3:on|awk ' {print '} ';d o chkconfig--level 3 $oldboy off;done
For Oldboy in Crond network Rsyslog sshd;do chkconfig--level 3 $oldboy on;done
Chkconfig--list | grep 3:on
How to use #CentOS 5
For Oldboy in ' chkconfig--list|grep 3:on|awk ' {print '} ';d o chkconfig--level 3 $oldboy off;done
For Oldboy in Crond network syslog sshd;do chkconfig--level 3 $oldboy on;done
Chkconfig--list | grep 3:on
4. Close Iptables Firewall
[[email protected] ~]#/etc/init.d/iptables stop
iptables:flushing firewall rules: [OK]
Iptables:setting chains to Policy Accept:filter [OK]
iptables:unloading modules: [OK]
[Email protected] ~]#/etc/init.d/iptables status
Iptables:firewall is not running.
5. Modify the SSH configuration
cd/etc/ssh/
/BIN/CP sshd_config sshd_config.rfjer. ' Date +%y%m%d '
#修改远程登陆端口
[Email protected] ssh]# sed-i "s#\ #Port 22#port 52113#g" Sshd_config
[email protected] ssh]# Cat Sshd_config | grep "Port"
#禁止root登陆
Sed-i "s#\ #PermitRootLogin yes#permitrootlogin no#g" Sshd_config
Cat Sshd_config | grep "Permitrootlogin"
#禁止空密码登陆
Sed-i "s#\ #PermitEmptyPasswords no#permitemptypasswords no#g" Sshd_config
Cat Sshd_config | grep "Permitemptypasswords"
#不使用DNS
Sed-i "s#\ #UseDNS yes#usedns no#g" Sshd_config
Cat Sshd_config | grep "Usedns"
/etc/init.d/sshd restart
6. Modify the Chinese character set
Cp/etc/sysconfig/i18n/etc/sysconfig/i18n.rfjer. ' Date +%y%m%d '
Echo ' lang= ' ZH_CN. UTF-8 "' >/etc/sysconfig/i18n
source/etc/sysconfig/i18n
7. Time synchronization
Yum-y install wget unzip vim man BC GCC gcc-c++ OpenSSL openssl-devel kernel kernel-devel kernel-headers rsync lftp Bash Bash-completion bash-argsparse ncurses ncurses-devel bison bison-devel openssh-clients automake autoconf cmake gd Gd-deve L Curl curl-devel libxml2 libxml2-devel sysstat telnet net-snmp net-snmp-devel pcre pcre-devel mlocate libmcrypt libmcrypt -devel libxslt libxslt-devel lrzsz glibc ntpdate iftop lsof
\cp/usr/share/zoneinfo/asia/shanghai/etc/localtime-rf
Echo ' */5 * * * * */usr/sbin/ntpdate ntp.sjtu.edu.cn ' >>/var/spool/cron/root
Echo ' timezone= ' Asia/shanghai ' >/etc/sysconfig/clock
/usr/sbin/ntpdate ntp.sjtu.edu.cn
#CentOS 6
/usr/sbin/ntpdate time.nist.gov
echo ' #time sync by Rfjer at ' date +%y%m%d ' >>/var/spool/cron/root
Echo ' */5 * * * * */usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1 ' >>/var/spool/cron/root
#CentOS 5
/sbin/ntpdate time.nist.gov
echo ' #time sync by Rfjer at ' date +%y%m%d ' >>/var/spool/cron/root
Echo ' */5 * * * * */sbin/ntpdate time.nist.gov >/dev/null 2>&1 ' >>/var/spool/cron/root
8. enlarge File Descriptor
Echo ' *-nofile 65535 ' >>/etc/security/limits.conf
6. Adjust kernel parameters
/bin/cp/etc/sysctl.conf/etc/sysctl.conf.rfjer. ' Date +%y%m%d '
Cat >>/etc/sysctl.conf<<eof
Net.ipv4.tcp_fin_timeout = 2
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_keepalive_time = 600
Net.ipv4.ip_local_port_range = 4000 65000
Net.ipv4.tcp_max_syn_backlog = 16384
Net.ipv4.tcp_max_tw_buckets = 36000
Net.ipv4.route.gc_timeout = 100
Net.ipv4.tcp_syn_retries = 1
Net.ipv4.tcp_synack_retries = 1
Net.core.somaxconn = 16384
Net.core.netdev_max_backlog = 16384
Net.ipv4.tcp_max_orphans = 16384
Net.ipv4.ip_conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_max=25000000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
Net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120
Eof
[Email protected] ssh]# sysctl-p
If the above error is reported, it can not be used and, this is due to the iptables shutdown caused by
CentOS 5 Optimized Batch Script
cd/etc/yum.repos.d/
/BIN/MV Centos-base.repo centos-base.repo.rfjer. ' Date +%y%m%d '
wget Http://mirrors.sohu.com/help/CentOS-Base-sohu.repo
/BIN/MV Centos-base-sohu.repo Centos-base.repo
Yum Makecache
Yum-y Install Lrzsz Sysstat
Yum-y Upgrade
Sed-i "S#selinux=enforcing#selinux=disabled#g"/etc/selinux/config
Setenforce 0
For Oldboy in ' chkconfig--list|grep 3:on|awk ' {print '} ';d o chkconfig--level 3 $oldboy off;done
For Oldboy in Crond network syslog sshd;do chkconfig--level 3 $oldboy on;done
Chkconfig--list | grep 3:on
/etc/init.d/iptables stop
cd/etc/ssh/
/BIN/CP sshd_config sshd_config.rfjer. ' Date +%y%m%d '
Sed-i "s#\ #Port 22#port 52113#g" Sshd_config
Sed-i "s#\ #PermitRootLogin yes#permitrootlogin no#g" Sshd_config
Sed-i "s#\ #PermitEmptyPasswords no#permitemptypasswords no#g" Sshd_config
Sed-i "s#\ #UseDNS yes#usedns no#g" Sshd_config
/etc/init.d/sshd restart
Cp/etc/sysconfig/i18n/etc/sysconfig/i18n.rfjer. ' Date +%y%m%d '
Echo ' lang= ' zh_cn.gb18030 ' >/etc/sysconfig/i18n
source/etc/sysconfig/i18n
/sbin/ntpdate time.nist.gov
echo ' #time sync by Rfjer at ' date +%y%m%d ' >>/var/spool/cron/root
Echo ' */5 * * * * */sbin/ntpdate time.nist.gov >/dev/null 2>&1 ' >>/var/spool/cron/root
Echo ' *-nofile 65535 ' >>/etc/security/limits.conf
/bin/cp/etc/sysctl.conf/etc/sysctl.conf.rfjer. ' Date +%y%m%d '
Cat >>/etc/sysctl.conf<<eof
Net.ipv4.tcp_fin_timeout = 2
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_keepalive_time = 600
Net.ipv4.ip_local_port_range = 4000 65000
Net.ipv4.tcp_max_syn_backlog = 16384
Net.ipv4.tcp_max_tw_buckets = 36000
Net.ipv4.route.gc_timeout = 100
Net.ipv4.tcp_syn_retries = 1
Net.ipv4.tcp_synack_retries = 1
Net.core.somaxconn = 16384
Net.core.netdev_max_backlog = 16384
Net.ipv4.tcp_max_orphans = 16384
Net.ipv4.ip_conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_max=25000000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
Net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120
Eof
Sysctl-p
Useradd Rfjer
echo ' Junfeng ' | passwd--stdin Rfjer
Sed-i ' Grep-n "^root"/etc/sudoers | Cut-d ': '-F 1 ' a Rfjer all= (all) all '/etc/sudoers
History-c
CentOS 6 Optimized Batch Script
cd/etc/yum.repos.d/
/BIN/MV Centos-base.repo centos-base.repo.rfjer. ' Date +%y%m%d '
wget Http://mirrors.163.com/.help/CentOS6-Base-163.repo
/BIN/MV Centos6-base-163.repo Centos-base.repo
Yum Makecache
Yum-y Install Lrzsz Sysstat
Yum-y Upgrade
Sed-i "S#selinux=enforcing#selinux=disabled#g"/etc/selinux/config
Setenforce 0
For Oldboy in ' chkconfig--list|grep 3:on|awk ' {print '} ';d o chkconfig--level 3 $oldboy off;done
For Oldboy in Crond network Rsyslog sshd;do chkconfig--level 3 $oldboy on;done
Chkconfig--list | grep 3:on
/etc/init.d/iptables stop
cd/etc/ssh/
/BIN/CP sshd_config sshd_config.rfjer. ' Date +%y%m%d '
Sed-i "s#\ #Port 22#port 52113#g" Sshd_config
Sed-i "s#\ #PermitRootLogin yes#permitrootlogin no#g" Sshd_config
Sed-i "s#\ #PermitEmptyPasswords no#permitemptypasswords no#g" Sshd_config
Sed-i "s#\ #UseDNS yes#usedns no#g" Sshd_config
/etc/init.d/sshd restart
Cp/etc/sysconfig/i18n/etc/sysconfig/i18n.rfjer. ' Date +%y%m%d '
Echo ' lang= ' zh_cn.gb2312 ' >/etc/sysconfig/i18n
source/etc/sysconfig/i18n
/usr/sbin/ntpdate time.nist.gov
echo ' #time sync by Rfjer at ' date +%y%m%d ' >>/var/spool/cron/root
Echo ' */5 * * * * */usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1 ' >>/var/spool/cron/root
Echo ' *-nofile 65535 ' >>/etc/security/limits.conf
/bin/cp/etc/sysctl.conf/etc/sysctl.conf.rfjer. ' Date +%y%m%d '
Cat >>/etc/sysctl.conf<<eof
Net.ipv4.tcp_fin_timeout = 2
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_keepalive_time = 600
Net.ipv4.ip_local_port_range = 4000 65000
Net.ipv4.tcp_max_syn_backlog = 16384
Net.ipv4.tcp_max_tw_buckets = 36000
Net.ipv4.route.gc_timeout = 100
Net.ipv4.tcp_syn_retries = 1
Net.ipv4.tcp_synack_retries = 1
Net.core.somaxconn = 16384
Net.core.netdev_max_backlog = 16384
Net.ipv4.tcp_max_orphans = 16384
Net.ipv4.ip_conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_max=25000000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
Net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120
Eof
Sysctl-p
Useradd Rfjer
echo ' Junfeng ' | passwd--stdin Rfjer
Sed-i ' Grep-n "^root"/etc/sudoers | Cut-d ': '-F 1 ' a Rfjer all= (all) all '/etc/sudoers
History-c
This article from "Ignorance is better than nothing" blog, please be sure to keep this source http://19930412.blog.51cto.com/6974556/1760983
Linux system optimization