Centos7安装完成后做简单调整
1.安装必备的组件
yum install wget perl perl-devel net-tools kernel-devel (telnet可选性,我决定在其中一台安装就可以,我平时主要用于调试交换机)
2.安装开发工具
yum groupinstall ‘Development tools‘ -y
3.安装epel和remi第三方软件源
yum install epel-release.noarch
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm 也可以选择阿里http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
3.1启用remi安装源,编辑remi.repo文件
vim /etc/yum.repos.d/remi.repo
[remi]
enabled=0 第段0修改成1
4.关闭firewall防火墙
systemctl stop firewalld.service 关闭防火墙
systemctl disable firewall.service 禁用开机自启动
systemctl mask firewall.service 屏蔽这个服务
5.1检查是否安装iptables
service iptables status
5.2安装iptables
yum install -y iptables
5.3升级iptables
yum update iptables
5.4安装iptables-service |systemctl start iptables.service|systemctl enable iptables.service
yum install iptables-service
5.5为了防止表中有拒绝的链先允许所有,避免不必要的悲剧。
iptables -P INPUT ACCEPT
5.6清楚默认规则
iptables -F
5.7清楚所有自定义规则
iptables -X
5.8所有计数归0
iptables -Z
6.关闭selinux
sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/selinux/config
setenforce 0
7.设置主机名和网络配置(环境是双网卡内外网)
hostnamectl --static set-hostname centos7
[root@localhost ~]# more /etc/sysconfig/network-scripts/ifcfg-em1
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=em1
UUID=fe86080f-5f70-4c56-bd75-8604bc323958
DEVICE=em1
ONBOOT=no
以上是centos7安装完成后的默认配置但是很多用不到精简一下
DEVICE=eth1
ONBOOT=yes
PEERDNS=yes
BOOTPROTO=static
IPADDR=139.196.235.201
NETMASK=255.255.252.0
GATEWAY=139.196.235.1
DNS1=223.5.5.5
DNS2=223.6.6.6
7.1修改主机名
more /etc/sysconfig/network 默认是空
PEERNTP=no
NETWORKING_IPV6=no
#GATEWAY=139.196.235.1 这里我把网关写到了网卡配置文件
HOSTNAME=centos7
7.2使用7中设置主机名默认是添加到/etc/hostname内存中没有写入磁盘需要手动添加/etc/hosts中
127.0.0.1 centos7 localhost
172.16.20.10 centos7 #这是内网ip如同上述步骤
8.优化sysctl.conf禁用ipv6
[root@localhost ~]# cat >>/etc/sysctl.conf <<EOP
> vm.swappiness = 0
> net.ipv4.neigh.default.gc_stale_time=120
> net.ipv4.conf.all.rp_filter=0
> net.ipv4.conf.default.rp_filter=0
> net.ipv4.conf.default.arp_announce = 2
> net.ipv4.conf.all.arp_announce=2
> net.ipv4.tcp_max_tw_buckets = 5000
> net.ipv4.tcp_syncookies = 1
> net.ipv4.tcp_max_syn_backlog = 1024
> net.ipv4.tcp_synack_retries = 2
> net.ipv6.conf.all.disable_ipv6 = 1
> net.ipv6.conf.default.disable_ipv6 = 1
> net.ipv6.conf.lo.disable_ipv6 = 1
> net.ipv4.conf.lo.arp_announce=2
> fs.file-max=65535
> fs.inotify.max_user_instances = 8192
> net.ipv4.tcp_fin_timeout = 30
> net.ipv4.tcp_tw_reuse = 1
> net.ipv4.tcp_tw_recycle = 1
> net.ipv4.ip_local_port_range = 1024 65000
> net.ipv4.tcp_max_syn_backlog = 65536
> net.ipv4.tcp_max_tw_buckets = 6000
> net.ipv4.route.gc_timeout = 100
> net.ipv4.tcp_syn_retries = 1
> net.ipv4.tcp_synack_retries = 1
> net.core.somaxconn = 65535
> net.core.netdev_max_backlog = 262144
> net.ipv4.tcp_timestamps = 0
> net.ipv4.tcp_max_orphans = 262144
> net.netfilter.nf_conntrack_max = 1048576
> net.netfilter.nf_conntrack_tcp_timeout_established = 1200
> EOP
9.修改limit限制
cat >> /etc/security/limits.conf <<EOF
# End of file
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF
sed -i ‘s/4096/unlimited/g‘ /etc/security/limits.d/20-nproc.conf 这个地方可以修改成unlimited也可以修改成数字,还可以直接删除这个文件保险起见还是修改吧
注意:在修改配置文件时候一定要先备份,养成良好的习惯
本文出自 “记录现在,回忆未来。” 博客,请务必保留此出处http://zhangchengjie.blog.51cto.com/1223266/1842362
原文地址:http://zhangchengjie.blog.51cto.com/1223266/1842362
