linux系统基础调优
|
728
|
0
|
未分类

871 字
|
5 分钟

linux系统基础调优

  1. 关闭selinux,清空iptables

sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config

grep SELINUX=disabled /etc/selinux/config

setenforce 0

iptables -F

iptables -X

iptables -Z

iptables -L

/etc/init.d/iptables save

/etc/init.d/iptables stop

chkconfig iptables off

  1. 添加普通用户并进行sudo授权管理

useradd liwen

echo ‘123456’|passwd –stdin liwen&&history -c

echo ‘liwen       ALL=(ALL)      NOPASSWD: ALL’ >>/etc/sudoers

tail /etc/sudoers

  1. 更新yum源及必要软件安装

yum install -y wget

cd /etc/yum.repos.d/

/bin/mv CentOS-Base.repo CentOS-Base.repo.bak

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo

sed -i ‘s#$releasever#6#g’ CentOS-Base.repo

yum clean all

yum makecache

yum install lrzsz ntpdate sysstat openssh openssl expect telnet tree dos2unix nmap -y

  1. 定时自动更新服务器时间

echo ‘*/5 * * * * /usr/sbin/ntpdate -u ntp.api.bz && /sbin/hwclock -w ‘ >>/var/spool/cron/root

  1. 精简开机自启动服务

for sun in `chkconfig –list|grep 3:on|awk ‘{print $1}’`;do chkconfig –level 3 $sun off;done

for sun in crond rsyslog sshd network;do chkconfig –level 3 $sun on;done

chkconfig –list|grep 3:on

  1. 修改字符集支持中文

cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%Y%m%d%k%I%M)

cat >/etc/sysconfig/i18n<<EOF

LANG=”zh_CN.UTF-8″

SYSFONT=”latarcyrheb-sun16″

EOF

source /etc/sysconfig/i18n

临时更改:export LANG=”en_US.UTF-8″和export LANGUAGE=”en_US:en”

  1. 变更默认的ssh服务端口,禁止root用户远程连接

sed -i ‘s/#Port 22/Port 52113/g’ /etc/ssh/sshd_config

sed -i ‘s/#PermitRootLogin yes/PermitRootLogin no/g’ /etc/ssh/sshd_config

sed -i ‘s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g’ /etc/ssh/sshd_config

sed -i ‘s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g’ /etc/ssh/sshd_config

sed -i ‘s/#UseDNS yes/UseDNS no/g’ /etc/ssh/sshd_config

cat /etc/ssh/sshd_config|egrep ‘PermitEmptyPasswords|UseDNS|Port|GSSAPIAuthentication|PermitRootLogin’

/etc/init.d/sshd restart

对于云服务器可添加如下防止ssh连接中断

ClientAliveInterval 60

ClientAliveCountMax 86400

  1. 添加历史命令记录

[root@node1 ~]# vim /etc/profile            #添加如下

LOG_DIR=/var/log/.history

USER_IP=`who -u am i 2>/dev/null| awk ‘{print $NF}’|sed -e ‘s/[()]//g’`

if [ “$USER_IP” = “” ]; then

USER_IP=`hostname`

fi

 

if [ ! -d $LOG_DIR ]; then

mkdir $LOG_DIR

chmod 777 $LOG_DIR

fi

 

if [ ! -d ${LOG_DIR}/${LOGNAME} ];then

mkdir ${LOG_DIR}/${LOGNAME}

chmod 300 ${LOG_DIR}/${LOGNAME}

fi

export HISTSIZE=4096

DT=`date +”%F_%H%M%S”`

export HISTFILE=”${LOG_DIR}/${LOGNAME}/${DT}_${USER_IP}.history”

chmod 600 ${LOG_DIR}/${LOGNAME}/*history* 2>/tmp/history.error.log

readonly PROMPT_COMMAND='{ date “+%F %T ##### $(who am i |awk “{print \$1\” \”\$2\” \”\$5}”) #### $(pwd) #### $(history 1 | { read x cmd; echo “$cmd”; })”; } >> $HISTFILE’ 2>/tmp/history.error.log

  1. 锁定关键文件系统

chattr +i /etc/passwd

chattr +i /etc/inittab

chattr +i /etc/shadow

chattr +i /etc/group

chattr +i /etc/gshadow

使用chattr命令后,为了安全我们需要将其改名

/bin/mv /usr/bin/chattr /usr/bin/任意名称

  1. 调整文件描述符大小

ulimit –n

echo ‘*  –  nofile  65535’ >> /etc/security/limits.conf

  1. 调整字符集,使其支持中文

sed -i ‘s#LANG=.*$#LANG=”zh_CN.UTF-8″#g’ /etc/sysconfig/i18n

source /etc/sysconfig/i18n

  1. 去除系统及内核版本登录前的屏幕显示

>/etc/redhat-release

>/etc/issue

>/etc/issue.net

>/etc/motd

  1. 内核参数优化

本优化适合apache,nginx,squid多种等web应用,特殊的业务也可能需要略作调整

cat >>/etc/sysctl.conf<<EOF

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_synack_retries = 1

net.ipv4.tcp_keepalive_time = 600

net.ipv4.tcp_keepalive_probes = 3

net.ipv4.tcp_keepalive_intvl =15

net.ipv4.tcp_retries2 = 5

net.ipv4.tcp_fin_timeout = 2

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_max_orphans = 32768

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_wmem = 8192 131072 16777216

net.ipv4.tcp_rmem = 32768 131072 16777216

net.ipv4.tcp_mem = 786432 1048576 1572864

net.ipv4.ip_local_port_range = 1024 65000

net.core.somaxconn = 16384

net.core.netdev_max_backlog = 16384

EOF

tail /etc/sysctl.conf

/sbin/sysctl -p

将上面的内核参数值加入/etc/sysctl.conf文件中然后/sbin/sysctl -p使其生效

防火墙的优化参数

net.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_tcp_timeout_established = 180

net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120

net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

 

 

暂无评论

发送评论 编辑评论 


				

			

						

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
							
						

					

				

			

			
			

				

					
				

			

				

											

							
							
						

																				
					
											
						

	

		
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	

	

		
颜文字
Emoji
小恐龙
花!
	


									

			

			
			
		

	






上一篇
下一篇