标签:linux基本优化
1、关闭selinux
[root@node1 ~]# setenforce 0 [root@node1 ~]# getenforce Permissive [root@node1 ~]# sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g‘ /etc/selinux/config [root@node1 ~]# grep "SELINUX=disabled" -C 2 /etc/selinux/config # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected,
2、关闭iptables
[root@node1 ~]# /etc/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] [root@node1 ~]# chkconfig --level 3 iptables off [root@node1 ~]# chkconfig --list iptables iptables 0:off 1:off 2:on 3:off 4:on 5:on 6:off 注释:如果生产环境服务器前端无硬件防火墙,并且服务器存在公网IP,则需要开启iptables
3、设置系统运行级别
[root@node1 ~]# tail /etc/inittab # Default runlevel. The runlevels used are: # 0 - halt (Do NOT set initdefault to this) # 1 - Single user mode # 2 - Multiuser, without NFS (The same as 3, if you do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:3:initdefault: 注释:生产环境无需安装桌面环境
4、设置系统主机名及解析
[root@node1 ~]# vim /etc/sysconfig/network NETWORKING=yes HOSTNAME=node1 [root@node1 ~]# echo "`ifconfig eth0|awk -F"[ :]+" ‘NR==2{print $4}‘` `hostname`" >> /etc/hosts [root@node1 ~]# tail -1 /etc/hosts 192.168.100.128 node1 [root@node1 ~]# ping node1 PING node1 (192.168.100.128) 56(84) bytes of data. 64 bytes from node1 (192.168.100.128): icmp_seq=1 ttl=64 time=0.157 ms 64 bytes from node1 (192.168.100.128): icmp_seq=2 ttl=64 time=0.043 ms 64 bytes from node1 (192.168.100.128): icmp_seq=3 ttl=64 time=0.044 ms 64 bytes from node1 (192.168.100.128): icmp_seq=4 ttl=64 time=0.100 ms 注释:相当于局域网DNS
5、精简开机自启动服务
方法1 [root@node1 ~]# for name in `chkconfig --list|grep "3:on"|awk ‘{print $1}‘|egrep -v "crond|network|rsyslog|sshd|sysstat"`;do chkconfig $name off;done 方法2 [root@node1 ~]# chkconfig --list|grep "3:on"|awk ‘{print $1}‘|egrep -v "crond|network|rsyslog|sshd|sysstat"|sed -r ‘s#(.*)#chkconfig \1 off#g‘|bash 方法3 [root@node1 ~]# chkconfig --list|grep "3:on"|awk ‘{print $1}‘|egrep -v "crond|network|rsyslog|sshd|sysstat"|awk ‘{print "chkconfig " $1 " off"}‘|bash
6、SSH远程连接优化
[root@node1 ~]# cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config_$(date +%Y%m%d) [root@node1 ~]# vim /etc/ssh/sshd_config Port 51898 ListenAddress 192.168.100.128 Protocol 2 UseDNS no PermitRootLogin no GSSAPIAuthentication no [root@node1 ~]# /etc/init.d/sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ] [root@node1 ~]# netstat -tnlup|grep "51898" tcp 0 192.168.100.128:51898 0.0.0.0:* LISTEN 2413/sshd [root@node1 ~]# ps -ef|grep "sshd"|grep -v "grep" root 1792 1 0 21:20 ? 00:00:01 sshd: root@pts/0 root 2413 1 0 23:16 ? 00:00:00 /usr/sbin/sshd
7、设置系统字符集
[root@node1 ~]# export LANG=en [root@node1 ~]# echo $LANG en [root@node1 ~]# sed -i ‘s#LANG="en_US.UTF-8"#LANG="zh_CN.UTF-8"#g‘ /etc/sysconfig/i18n [root@node1 ~]# cat /etc/sysconfig/i18n LANG="zh_CN.UTF-8" SYSFONT="latarcyrheb-sun16" [root@node1 ~]# source /etc/sysconfig/i18n [root@node1 ~]# echo $LANG zh_CN.UTF-8 注释:生产环境建议使用英文字符集,防止出现乱码
8、同步网络时间服务器
[root@node1 ~]# ntpdate 0.pool.ntp.org 30 Aug 15:38:17 ntpdate[2517]: adjust time server 120.25.108.11 offset -0.000251 sec [root@node1 ~]# hwclock Tue 30 Aug 2016 11:38:21 PM CST -0.320182 seconds [root@node1 ~]# crontab -e ####Synchronization Network Time Server#### */5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null [root@node1 ~]# crontab -l ####Synchronization Network Time Server#### */5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
9、设置系统历史命令记录数及登录超时
[root@node1 ~]# export HISTSIZE=100 [root@node1 ~]# export HISTFILESIZE=100 [root@node1 ~]# export TMOUT=300 [root@node1 ~]# echo $HISTSIZE 100 [root@node1 ~]# echo $HISTFILESIZE 100 [root@node1 ~]# echo $TMOUT 300 [root@node1 ~]# vim /etc/profile HISTSIZE=100 export HISTFILESIZE=100 export TMOUT=300 # History By LinBin At 2017-01-11 USER_IP=`who -u am i 2>/dev/null|awk ‘{print $NF}‘|sed -e ‘s/[()] //g‘` HISTDIR=/usr/share/.history if [ -z $USER_IP ] then USER_IP=`hostname` fi if [ ! -d $HISTDIR ] then mkdir -p $HISTDIR chmod 777 $HISTDIR fi if [ ! -d $HISTDIR/${LOGNAME} ] then mkdir -p $HISTDIR/${LOGNAME} chmod 300 $HISTDIR/${LOGNAME} fi DT=`date +%Y%m%d_%H%M%S` export HISTFILE="$HISTDIR/${LOGNAME}/${USER_IP}.history.$DT" export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S]" chmod 600 $HISTDIR/${LOGNAME}/*.history* 2>/dev/null [root@node1 ~]# source /etc/profile
10、设置系统文件描述符数
[root@node1 ~]# ulimit -n 1024 [root@node1 ~]# ulimit -SHn 65535 [root@node1 ~]# ulimit -n 65535 [root@node1 ~]# echo "* - nofile 65535" >> /etc/security/limits.conf
11、设置系统别名
[root@node1 ~]# alias grep=‘grep --color=auto‘ [root@node1 ~]# alias egrep=‘egrep --color=auto‘ [root@node1 ~]# alias ll=‘ls -l --color=auto --time-style=long-iso‘ [root@node1 ~]# cat >> /etc/bashrc<<EOF alias grep=‘grep --color=auto‘ alias egrep=‘egrep --color=auto‘ alias ll=‘ls -l --color=auto --time-style=long-iso‘ EOF [root@node1 ~]# tail -3 /etc/bashrc alias grep=‘grep --color=auto‘ alias egrep=‘egrep --color=auto‘ alias ll=‘ls -l --color=auto --time-style=long-iso‘ [root@node1 ~]# source /etc/bashrc
12、更新国内yum源(aliyun、163)
[root@node1 ~]# cp -a /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo-$(date +%Y%m%d) [root@node1 ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo --2016-08-30 15:54:20-- http://mirrors.aliyun.com/repo/Centos-6.repo Resolving mirrors.aliyun.com... 115.28.122.210, 112.124.140.210 Connecting to mirrors.aliyun.com|115.28.122.210|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 2572 (2.5K) [application/octet-stream] Saving to: “/etc/yum.repos.d/CentOS-Base.repo” 100%[===================================================================================================================>] 2,572 --.-K/s in 0s 2016-08-30 15:54:20 (178 MB/s) - “/etc/yum.repos.d/CentOS-Base.repo” saved [2572/2572] [root@node1 ~]# yum makecache
13、隐藏系统版本信息及设置登录提示语
[root@node1 ~]# > /etc/issue.net [root@node1 ~]# > /etc/issue [root@node1 ~]# echo "Welcom To Linux Server" >> /etc/motd [root@node1 ~]# cat /etc/motd Welcom To Linux Server Last login: Tue Aug 30 21:30:16 2016 from 192.168.100.1 Welcom To Linux Server [root@node1 ~]#
14、调整系统内核参数
[root@node1 ~]# cat >> /etc/sysctl.conf<<EOF # Kernel By LinBin At 2017-01-11 net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 EOF [root@node1 ~]# sysctl -p
15、设置grub菜单密码
[root@node1 ~]# grub-md5-crypt Password: Retype password: $1$hz0Px$imRsIcA766L/8uRRwykMW0 [root@node1 ~]# vim /boot/grub/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/sda3 # initrd /initrd-[generic-]version.img #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu password --md5 $1$hz0Px$imRsIcA766L/8uRRwykMW0 title CentOS 6 (2.6.32-504.el6.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-504.el6.x86_64 ro root=UUID=b26e3928-3456-4d4c-8e0f-142833566be5 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-504.el6.x86_64.img
本文出自 “闲来无事唠唠嗑” 博客,请务必保留此出处http://laokebang.blog.51cto.com/12486963/1891149
标签:linux基本优化
原文地址:http://laokebang.blog.51cto.com/12486963/1891149