標籤:最佳化 centos 系統設定
最佳化內容:(1.設定history記錄(2.添加普通使用者,設定sudo許可權(3.關閉selinux(4.配置iptables(5.禁止root遠端使用者登入(6.修改遠程連接埠(7.精簡開機啟動伺服器(8.修改最大串連數 ulimit(9.禁止使用Ctrl+Alt+Del快速鍵重啟伺服器(10.修改預設DNS(11.最佳化核心參數 [根據實際情況調整]-------------------------------------------------------------------------------------------最佳化內容:(1.設定history記錄#/bin/bash Date=`date -d now +%Y%m%d%H%M%S`#echo $Datecp /etc/profile /etc/profile_$Date echo -ne "HISTFILESIZE=2000HISTSIZE=2000export HISTTIMEFORMAT=\"%Y%m%d-%H%M%S:\"export PROMPT_COMMAND=‘{ command=\$(history 1 | { read x y; echo \$y; } | cut -d \":\" -f2-);logger -p local1.notice -t bash \"(user=\$USER,ppid=\$PPID,from=\$SSH_CLIENT,pwd=\$PWD,ssh_tty=\$SSH_TTY,CMD=\$command)\";}‘" > /etc/profile.d/history.shsource /etc/profile(2.添加普通使用者,設定sudo許可權#!/bin/bashDate=`date -d now +%Y%m%d%H%M%S`dir=/etc#輸入使用者id,使用者名稱,密碼uid=511name=chaorenmima=chaorenbuhuifei useradd -u $uid $nameecho "$mima" | passwd --stdin $nameecho "$name add ok,密碼 $mima " cp $dir/sudoers $dir/sudoers-${Date}.bakchmod u+w $dir/sudoerssed -i ‘/^root/a ‘$name‘ \tALL=(ALL)\tNOPASSWD:ALL‘ $dir/sudoers#echo "‘$name‘ ALL=(ALL) NOPASSWD:ALL">>$dir/sudoerschmod u-w $dir/sudoersecho "${name} sudo 許可權添加成功"(3.關閉selinux(4.配置iptables(5.禁止root遠端使用者登入(6.修改遠程連接埠#!/bin/bashDate=`date -d now +%Y%m%d%H%M%S` chkconfig --list|grep iptableschkconfig iptables off cp /etc/sysconfig/iptables /etc/sysconfig/iptables_$Datesed -i ‘/--dport 22/a -A INPUT -m state --state NEW -m tcp -p tcp --dport 5959 -j ACCEPT‘ /etc/sysconfig/iptablesservice iptables stop setenforce 0sed -i -e ‘s|SELINUX=enforcing|SELINUX=disabled|‘ /etc/sysconfig/selinux cp /etc/ssh/sshd_config /etc/ssh/sshd_config_$Datesed -i ‘/#Port 22/i Port 5959‘ /etc/ssh/sshd_configsed -i ‘/#PermitRootLogin/i PermitRootLogin no‘ /etc/ssh/sshd_configservice sshd restart(7.精簡開機啟動伺服器(8.修改最大串連數 ulimit(9.禁止使用Ctrl+Alt+Del快速鍵重啟伺服器(10.修改預設DNS#!/bin/bashDate=`date -d now +%Y%m%d%H%M%S`for server in `chkconfig --list|egrep -v ‘crond|network|rsyslog|sshd|iptables‘|awk ‘{print $1}‘`;do chkconfig $server off; donecp /etc/security/limits.conf /etc/security/limits.conf_$Dateecho ‘* - noproc 65535‘ >> /etc/security/limits.confecho ‘* - nofile 65535‘ >> /etc/security/limits.conf cp /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf_$Datesed -i "s/start on control-alt-delete/#start on control-alt-delete/g" /etc/init/control-alt-delete.conf cp /etc/resolv.conf /etc/resolv.conf_$Dateecho "nameserver 202.106.0.20" > /etc/resolv.confecho "nameserver 8.8.4.4" >> /etc/resolv.conf(11.最佳化核心參數 [根據實際情況調整]#!/bin/bashDate=`date -d now +%Y%m%d%H%M%S` cp /etc/sysctl.conf /etc/sysctl.conf_$Date echo -e "net.core.somaxconn = 262144" >> /etc/sysctl.confecho -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.confecho -e "net.core.wmem_default = 8388608" >> /etc/sysctl.confecho -e "net.core.rmem_default = 8388608" >> /etc/sysctl.confecho -e "net.core.rmem_max = 16777216" >> /etc/sysctl.confecho -e "net.core.wmem_max = 16777216" >> /etc/sysctl.confecho -e "net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.confecho -e "net.ipv4.ip_local_port_range = 1024 65535" >> /etc/sysctl.confecho -e "net.ipv4.tcp_retries2 = 5" >> /etc/sysctl.confecho -e "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.confecho -e "net.ipv4.tcp_syn_retries = 1" >> /etc/sysctl.confecho -e "net.ipv4.tcp_synack_retries = 1" >> /etc/sysctl.confecho -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.confecho -e "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.confecho -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.confecho -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/sysctl.confecho -e "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.confecho -e "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.confecho -e "net.ipv4.tcp_max_tw_buckets = 36000" >> /etc/sysctl.confecho -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.confecho -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.confecho -e "net.ipv4.tcp_wmem = 8192 131072 16777216" >> /etc/sysctl.confecho -e "net.ipv4.tcp_rmem = 32768 131072 16777216" >> /etc/sysctl.confecho -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.confecho -e "net.ipv4.tcp_slow_start_after_idle = 0" >> /etc/sysctl.confecho -e "vm.swappiness = 0" >> /etc/sysctl.confecho -e "kernel.panic = 5" >> /etc/sysctl.confecho -e "kernel.panic_on_oops = 1" >> /etc/sysctl.conf echo -e "kernel.core_pipe_limit = 0" >> /etc/sysctl.conf#iptables 防火牆echo -e "net.nf_conntrack_max = 25000000" >> /etc/sysctl.confecho -e "net.netfilter.nf_conntrack_max = 25000000" >> /etc/sysctl.confecho -e "net.netfilter.nf_conntrack_tcp_timeout_established = 180" >> /etc/sysctl.confecho -e "net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120" >> /etc/sysctl.confecho -e "net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60" >> /etc/sysctl.confecho -e "net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120" >> /etc/sysctl.conf modprobe bridgeecho "modprobe bridge">> /etc/rc.local sysctl -p
本文出自 “蒲公英” 部落格,請務必保留此出處http://6720116.blog.51cto.com/6710116/1763064
Centos 6.5 裝機後安裝設定,含指令碼