码迷,mamicode.com
首页 > 系统相关 > 详细

Linux基本优化

时间:2017-01-12 03:23:17      阅读:74      评论:0      收藏:0      [点我收藏+]

标签:linux基本优化

1、关闭selinux

[[email protected] ~]# setenforce 0
[[email protected] ~]# getenforce
Permissive
[[email protected] ~]# sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g‘ /etc/selinux/config
[[email protected] ~]# grep "SELINUX=disabled" -C 2 /etc/selinux/config
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,


2、关闭iptables

[[email protected] ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[[email protected] ~]# chkconfig --level 3 iptables off
[[email protected] ~]# chkconfig --list iptables
iptables        0:off   1:off   2:on    3:off   4:on    5:on    6:off
注释:如果生产环境服务器前端无硬件防火墙,并且服务器存在公网IP,则需要开启iptables


3、设置系统运行级别

[[email protected] ~]# tail /etc/inittab
# Default runlevel. The runlevels used are:
#   0 - halt (Do NOT set initdefault to this)
#   1 - Single user mode
#   2 - Multiuser, without NFS (The same as 3, if you do not have networking)
#   3 - Full multiuser mode
#   4 - unused
#   5 - X11
#   6 - reboot (Do NOT set initdefault to this)
# 
id:3:initdefault:
注释:生产环境无需安装桌面环境


4、设置系统主机名及解析

[[email protected] ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node1
[[email protected] ~]# echo "`ifconfig eth0|awk -F"[ :]+" ‘NR==2{print $4}‘`  `hostname`" >> /etc/hosts
[[email protected] ~]# tail -1 /etc/hosts
192.168.100.128  node1
[[email protected] ~]# ping node1
PING node1 (192.168.100.128) 56(84) bytes of data.
64 bytes from node1 (192.168.100.128): icmp_seq=1 ttl=64 time=0.157 ms
64 bytes from node1 (192.168.100.128): icmp_seq=2 ttl=64 time=0.043 ms
64 bytes from node1 (192.168.100.128): icmp_seq=3 ttl=64 time=0.044 ms
64 bytes from node1 (192.168.100.128): icmp_seq=4 ttl=64 time=0.100 ms
注释:相当于局域网DNS


5、精简开机自启动服务

方法1
[[email protected] ~]# for name in `chkconfig --list|grep "3:on"|awk ‘{print $1}‘|egrep -v "crond|network|rsyslog|sshd|sysstat"`;do chkconfig $name off;done

方法2
[[email protected] ~]# chkconfig --list|grep "3:on"|awk ‘{print $1}‘|egrep -v "crond|network|rsyslog|sshd|sysstat"|sed -r ‘s#(.*)#chkconfig \1 off#g‘|bash

方法3
[[email protected] ~]# chkconfig --list|grep "3:on"|awk ‘{print $1}‘|egrep -v "crond|network|rsyslog|sshd|sysstat"|awk ‘{print "chkconfig " $1 " off"}‘|bash


6、SSH远程连接优化

[[email protected] ~]# cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config_$(date +%Y%m%d)
[[email protected] ~]# vim /etc/ssh/sshd_config
Port 51898
ListenAddress 192.168.100.128
Protocol 2
UseDNS no
PermitRootLogin no
GSSAPIAuthentication no
[[email protected] ~]# /etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]
[[email protected] ~]# netstat -tnlup|grep "51898"
tcp        0      192.168.100.128:51898                  0.0.0.0:*                   LISTEN      2413/sshd
[[email protected] ~]# ps -ef|grep "sshd"|grep -v "grep"
root      1792     1  0 21:20 ?        00:00:01 sshd: [email protected]/0
root      2413     1  0 23:16 ?        00:00:00 /usr/sbin/sshd


7、设置系统字符集

[[email protected] ~]# export LANG=en
[[email protected] ~]# echo $LANG
en
[[email protected] ~]# sed -i ‘s#LANG="en_US.UTF-8"#LANG="zh_CN.UTF-8"#g‘ /etc/sysconfig/i18n
[[email protected] ~]# cat /etc/sysconfig/i18n
LANG="zh_CN.UTF-8"
SYSFONT="latarcyrheb-sun16"
[[email protected] ~]# source /etc/sysconfig/i18n
[[email protected] ~]# echo $LANG
zh_CN.UTF-8
注释:生产环境建议使用英文字符集,防止出现乱码


8、同步网络时间服务器

[[email protected] ~]# ntpdate 0.pool.ntp.org
30 Aug 15:38:17 ntpdate[2517]: adjust time server 120.25.108.11 offset -0.000251 sec
[[email protected] ~]# hwclock
Tue 30 Aug 2016 11:38:21 PM CST  -0.320182 seconds
[[email protected] ~]# crontab -e
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
[[email protected] ~]# crontab -l
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null


9、设置系统历史命令记录数及登录超时

[[email protected] ~]# export HISTSIZE=100
[[email protected] ~]# export HISTFILESIZE=100
[[email protected] ~]# export TMOUT=300
[[email protected] ~]# echo $HISTSIZE
100
[[email protected] ~]# echo $HISTFILESIZE
100
[[email protected] ~]# echo $TMOUT
300
[[email protected] ~]# vim /etc/profile
HISTSIZE=100
export HISTFILESIZE=100
export TMOUT=300
# History By LinBin At 2017-01-11
USER_IP=`who -u am i 2>/dev/null|awk ‘{print $NF}‘|sed -e ‘s/[()] //g‘`
HISTDIR=/usr/share/.history
if [ -z $USER_IP ]
then
USER_IP=`hostname`
fi
if [ ! -d $HISTDIR ]
then
mkdir -p $HISTDIR
chmod 777 $HISTDIR
fi
if [ ! -d $HISTDIR/${LOGNAME} ]
then
mkdir -p $HISTDIR/${LOGNAME}
chmod 300 $HISTDIR/${LOGNAME}
fi
DT=`date +%Y%m%d_%H%M%S`
export HISTFILE="$HISTDIR/${LOGNAME}/${USER_IP}.history.$DT"
export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S]"
chmod 600 $HISTDIR/${LOGNAME}/*.history* 2>/dev/null
[[email protected] ~]# source /etc/profile


10、设置系统文件描述符数

[[email protected] ~]# ulimit -n
1024
[[email protected] ~]# ulimit -SHn 65535
[[email protected] ~]# ulimit -n
65535
[[email protected] ~]# echo "*               -       nofile          65535" >> /etc/security/limits.conf


11、设置系统别名

[[email protected] ~]# alias grep=‘grep --color=auto‘
[[email protected] ~]# alias egrep=‘egrep --color=auto‘
[[email protected] ~]# alias ll=‘ls -l --color=auto --time-style=long-iso‘
[[email protected] ~]# cat >> /etc/bashrc<<EOF
alias grep=‘grep --color=auto‘
alias egrep=‘egrep --color=auto‘
alias ll=‘ls -l --color=auto --time-style=long-iso‘
EOF
[[email protected] ~]# tail -3 /etc/bashrc
alias grep=‘grep --color=auto‘
alias egrep=‘egrep --color=auto‘
alias ll=‘ls -l --color=auto --time-style=long-iso‘
[[email protected] ~]# source /etc/bashrc


12、更新国内yum源(aliyun、163)

[[email protected] ~]# cp -a /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo-$(date +%Y%m%d)
[[email protected] ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
--2016-08-30 15:54:20--  http://mirrors.aliyun.com/repo/Centos-6.repo
Resolving mirrors.aliyun.com... 115.28.122.210, 112.124.140.210
Connecting to mirrors.aliyun.com|115.28.122.210|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2572 (2.5K) [application/octet-stream]
Saving to: “/etc/yum.repos.d/CentOS-Base.repo”
100%[===================================================================================================================>] 2,572      --.-K/s   in 0s

2016-08-30 15:54:20 (178 MB/s) - “/etc/yum.repos.d/CentOS-Base.repo” saved [2572/2572]
[[email protected] ~]# yum makecache


13、隐藏系统版本信息及设置登录提示语

[[email protected] ~]# > /etc/issue.net
[[email protected] ~]# > /etc/issue
[[email protected] ~]# echo "Welcom To Linux Server" >> /etc/motd
[[email protected] ~]# cat /etc/motd
Welcom To Linux Server
Last login: Tue Aug 30 21:30:16 2016 from 192.168.100.1
Welcom To Linux Server
[[email protected] ~]#


14、调整系统内核参数

[[email protected] ~]# cat >> /etc/sysctl.conf<<EOF
 
# Kernel By LinBin At 2017-01-11
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
EOF
[[email protected] ~]# sysctl -p


15、设置grub菜单密码

[[email protected] ~]# grub-md5-crypt
Password:
Retype password:
$1$hz0Px$imRsIcA766L/8uRRwykMW0
[[email protected] ~]# vim /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/sda3
#          initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$hz0Px$imRsIcA766L/8uRRwykMW0
title CentOS 6 (2.6.32-504.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-504.el6.x86_64 ro root=UUID=b26e3928-3456-4d4c-8e0f-142833566be5 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /initramfs-2.6.32-504.el6.x86_64.img



本文出自 “闲来无事唠唠嗑” 博客,请务必保留此出处http://laokebang.blog.51cto.com/12486963/1891149

Linux基本优化

标签:linux基本优化

(0)
(0)
   
举报
评论 一句话评论(0
0条  
登录后才能评论!
© 2014 mamicode.com 版权所有 京ICP备13008772号-2
迷上了代码!