Centos 6.5 装机后安装设置，含脚本

标签：优化   centos   系统设置   

优化内容：
（1.设置history历史记录
（2.添加普通用户，设置sudo权限
（3.关闭selinux
（4.配置iptables
（5.禁止root远程用户登录
（6.修改远程端口
（7.精简开机启动服务器
（8.修改最大连接数 ulimit
（9.禁止使用Ctrl+Alt+Del快捷键重启服务器
（10.修改默认DNS
（11.优化内核参数 [根据实际情况调整]
-------------------------------------------------------------------------------------------
优化内容：
（1.设置history历史记录
#/bin/bash
 
Date=`date -d now +%Y%m%d%H%M%S`
#echo $Date
cp /etc/profile /etc/profile_$Date
 
echo -ne "HISTFILESIZE=2000
HISTSIZE=2000
export HISTTIMEFORMAT=\"%Y%m%d-%H%M%S:\"
export PROMPT_COMMAND=‘{ command=\$(history 1 | { read x y; echo \$y; } | cut -d \":\" -f2-);
logger -p local1.notice -t bash \"(user=\$USER,ppid=\$PPID,from=\$SSH_CLIENT,pwd=\$PWD,ssh_tty=\$SSH_TTY,CMD=\$command)\";}‘
" > /etc/profile.d/history.sh
source /etc/profile


（2.添加普通用户，设置sudo权限
#!/bin/bash
Date=`date -d now +%Y%m%d%H%M%S`
dir=/etc
#输入用户id，用户名，密码
uid=511
name=chaoren
mima=chaorenbuhuifei
 
useradd -u $uid $name
echo "$mima" | passwd --stdin $name
echo "$name add ok,密码 $mima "
 
cp $dir/sudoers $dir/sudoers-${Date}.bak
chmod u+w $dir/sudoers
sed -i ‘/^root/a ‘$name‘ \tALL=(ALL)\tNOPASSWD:ALL‘ $dir/sudoers
#echo "‘$name‘  ALL=(ALL)    NOPASSWD:ALL">>$dir/sudoers
chmod u-w $dir/sudoers
echo "${name} sudo 权限添加成功"
（3.关闭selinux
（4.配置iptables
（5.禁止root远程用户登录
（6.修改远程端口
#!/bin/bash
Date=`date -d now +%Y%m%d%H%M%S`
 
chkconfig --list|grep iptables
chkconfig iptables off 
cp /etc/sysconfig/iptables /etc/sysconfig/iptables_$Date
sed -i ‘/--dport 22/a -A INPUT -m state --state NEW -m tcp -p tcp --dport 5959 -j ACCEPT‘ /etc/sysconfig/iptables
service iptables stop
 
setenforce 0
sed -i -e ‘s|SELINUX=enforcing|SELINUX=disabled|‘ /etc/sysconfig/selinux
 
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_$Date
sed -i ‘/#Port 22/i Port 5959‘ /etc/ssh/sshd_config
sed -i ‘/#PermitRootLogin/i PermitRootLogin no‘ /etc/ssh/sshd_config
service sshd restart
（7.精简开机启动服务器
（8.修改最大连接数 ulimit
（9.禁止使用Ctrl+Alt+Del快捷键重启服务器
（10.修改默认DNS
#!/bin/bash
Date=`date -d now +%Y%m%d%H%M%S`
for server in `chkconfig --list|egrep -v ‘crond|network|rsyslog|sshd|iptables‘|awk ‘{print $1}‘`;do chkconfig $server off; done
cp /etc/security/limits.conf /etc/security/limits.conf_$Date
echo ‘*  -  noproc  65535‘ >> /etc/security/limits.conf
echo ‘*  -  nofile  65535‘ >> /etc/security/limits.conf
 
cp /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf_$Date
sed -i "s/start on control-alt-delete/#start on control-alt-delete/g"  /etc/init/control-alt-delete.conf
 
cp /etc/resolv.conf /etc/resolv.conf_$Date
echo "nameserver 202.106.0.20" > /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
（11.优化内核参数 [根据实际情况调整]
#!/bin/bash
Date=`date -d now +%Y%m%d%H%M%S`
 
cp /etc/sysctl.conf /etc/sysctl.conf_$Date
 
echo -e "net.core.somaxconn = 262144" >> /etc/sysctl.conf
echo -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_local_port_range = 1024 65535" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_retries2 = 5" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_syn_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_synack_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_tw_buckets = 36000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_wmem = 8192 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_rmem = 32768 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_slow_start_after_idle = 0" >> /etc/sysctl.conf
echo -e "vm.swappiness = 0" >> /etc/sysctl.conf
echo -e "kernel.panic = 5" >> /etc/sysctl.conf
echo -e "kernel.panic_on_oops = 1" >> /etc/sysctl.conf  
echo -e "kernel.core_pipe_limit = 0" >> /etc/sysctl.conf
#iptables 防火墙
echo -e "net.nf_conntrack_max = 25000000" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_max = 25000000" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_tcp_timeout_established = 180" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60" >> /etc/sysctl.conf
echo -e "net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120" >> /etc/sysctl.conf
 
modprobe bridge
echo "modprobe bridge">> /etc/rc.local
 
sysctl -p

本文出自 “蒲公英” 博客，请务必保留此出处http://6720116.blog.51cto.com/6710116/1763064

Centos 6.5 装机后安装设置，含脚本

标签：优化   centos   系统设置   

原文地址：http://6720116.blog.51cto.com/6710116/1763064