centos6生产上安装之后优化

前端之家收集整理的这篇文章主要介绍了centos6生产上安装之后优化前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。


1.更换yum源(这里使用的阿里源)

cd/etc/yum.repos.d
tarcfrepo_bak_$(date+%Y%m%d).tar.gz./*
rm-rf*.repo
curl-o/etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-6.repo
curl-o/etc/yum.repos.d/epel.repoyumcleanall
yummakecache

2.安装必要的安装包

yuminstall-ygcccmakegcc-c++treelrzszvimopensslntpdatesysstatlsofnloadwget

3.基本设置

时间同步

ntpdatecn.ntp.org.cn
echo"0003***ntpdatecn.ntp.org.cn>>/dev/null2>&1">>/etc/crontab

时区设置

rm-f/etc/localtime
cp-f/usr/share/zoneinfo/Asia/Shanghai/etc/localtime

系统默认语言

cat>/etc/sysconfig/i18n<<EFO
LANG="en_US.UTF-8"
EFO

启动级别

sed-i's/^id:5:/id:3:/'/etc/inittab

开机启动项

LANG=en_US-UTF-8
forsunin`chkconfig--list|grep3:on|awk'{print$1}'`;dochkconfig--level3$sunoff;done
forsunincrondrsyslogsshdnetwork;dochkconfig--level3$sunon;done

打开文件数设置

echo"ulimit-SHn102400">>/etc/rc.local
cat>>/etc/security/limits.conf<<EFO
*softnofile65536
*hardnofile65536
*softnproc65536
*hardnproc65536
EFO

sshd 基础设置(这里不设置root禁止登陆以及更换端口,请自行选择)

sed-i's/^GSSAPIAuthenticationyes$/GSSAPIAuthenticationno/'/etc/ssh/sshd_config
sed-i's/#UseDNSyes/UseDNSno/'/etc/ssh/sshd_config

vim 基础设置

echo"Syntaxon">>/root/.vimrc
echo"setnu">>/root/.vimrc
echo"setts=4">>/root/.vimrc

其他设置

sed-i's#exec/sbin/shutdown-rnow#\#exec/sbin/shutdown-rnow#'/etc/init/control-alt-delete.conf
sed-i's/SELINUX=enforcing/SELINUX=disabled/'/etc/selinux/config
cat>/etc/modprobe.d/ipv6.conf<<EOFI
aliasnet-pf-10off
optionsipv6disable=1
EOFI

4. kernel优化设置

modprobeip_conntrack
echo"modprobeip_conntrack">>/etc/rc.local
cp/etc/sysctl.conf{,_bak$(date+%Y%m%d)}
cat>/etc/sysctl.conf<<EOF
net.ipv4.ip_forward=0
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.default.accept_source_route=0
kernel.sysrq=0
kernel.core_uses_pid=1
kernel.msgmnb=65536
kernel.msgmax=65536
kernel.shmmax=68719476736
kernel.shmall=4294967296
net.ipv4.tcp_max_tw_buckets=60000
net.ipv4.tcp_sack=1
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_rmem=4096873804194304
net.ipv4.tcp_wmem=4096163844194304
net.core.wmem_default=8388608
net.core.rmem_default=8388608
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.core.netdev_max_backlog=500000
net.core.somaxconn=262144
net.ipv4.tcp_max_orphans=3276800
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_syn_backlog=262144
net.ipv4.tcp_timestamps=0
net.ipv4.tcp_synack_retries=1
net.ipv4.tcp_syn_retries=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_mem=94500000915000000927000000
net.ipv4.tcp_fin_timeout=1
net.ipv4.tcp_keepalive_time=1200
net.ipv4.ip_local_port_range=102465535
net.nf_conntrack_max=25000000
net.netfilter.nf_conntrack_max=25000000
net.netfilter.nf_conntrack_tcp_timeout_established=180
net.netfilter.nf_conntrack_tcp_timeout_time_wait=120
net.netfilter.nf_conntrack_tcp_timeout_close_wait=60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait=120
vm.swappiness=0
EOF
/sbin/sysctl-p

5. 删除不必要的用户和组(可选)

userdeladm
userdellp
userdelsync
userdelshutdown
userdelhalt
userdeluucp
userdeloperator
userdelgames
userdelgopher
groupdeladm
groupdellp
groupdeluucp
groupdelgames
groupdeldip
groupdelpppusers
groupdelpopusers
groupdelslipuser

6.设置history 以时间格式显示,并更改储存目录(可选)

将下面内容放在 /etc/profile 文件中,然后重新使用root登陆一次即可。会生成/var/log/.hist目录/登陆用户名/登陆源ip.hist.登日期,并只有root能够查看里面的文件

#history
exportHISTTIMEFORMAT="[%Y.%m.%d%H:%M:%S]"
USER_IP=`who-uami2>/dev/null|awk'{print$NF}'|sed-e's/[()]//g'`
HISTDIR=/var/log/.hist
if[-z$USER_IP]
then
USER_IP=`hostname`
fi
flat=$(who-uami|grep-ctty)
if[$flat-eq1];then
USER_IP="console"
fi
if[!-d$HISTDIR]
then
mkdir-p$HISTDIR
chmod777$HISTDIR
fi
if[!-d$HISTDIR/${LOGNAME}]
then
mkdir-p$HISTDIR/${LOGNAME}
chmod300$HISTDIR/${LOGNAME}
fi
exportHISTSIZE=4096
#DT=`date+%Y%m%d_%H%M%S`
DT=$(date+%Y%m%d)
exportHISTFILE="$HISTDIR/${LOGNAME}/${USER_IP}.hist.$DT"
chmod600$HISTDIR/${LOGNAME}/*.hist*2>/dev/null

猜你在找的CentOS相关文章