1.更换yum源(这里使用的阿里源)
cd/etc/yum.repos.d tarcfrepo_bak_$(date+%Y%m%d).tar.gz./* rm-rf*.repo curl-o/etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-6.repo curl-o/etc/yum.repos.d/epel.repoyumcleanall yummakecache
2.安装必要的安装包
yuminstall-ygcccmakegcc-c++treelrzszvimopensslntpdatesysstatlsofnloadwget
3.基本设置
时间同步
ntpdatecn.ntp.org.cn echo"0003***ntpdatecn.ntp.org.cn>>/dev/null2>&1">>/etc/crontab
时区设置
rm-f/etc/localtime cp-f/usr/share/zoneinfo/Asia/Shanghai/etc/localtime
系统默认语言
cat>/etc/sysconfig/i18n<<EFO LANG="en_US.UTF-8" EFO
启动级别
sed-i's/^id:5:/id:3:/'/etc/inittab
开机启动项
LANG=en_US-UTF-8 forsunin`chkconfig--list|grep3:on|awk'{print$1}'`;dochkconfig--level3$sunoff;done forsunincrondrsyslogsshdnetwork;dochkconfig--level3$sunon;done
打开文件数设置
echo"ulimit-SHn102400">>/etc/rc.local cat>>/etc/security/limits.conf<<EFO *softnofile65536 *hardnofile65536 *softnproc65536 *hardnproc65536 EFO
sshd 基础设置(这里不设置root禁止登陆以及更换端口,请自行选择)
sed-i's/^GSSAPIAuthenticationyes$/GSSAPIAuthenticationno/'/etc/ssh/sshd_config sed-i's/#UseDNSyes/UseDNSno/'/etc/ssh/sshd_config
vim 基础设置
echo"Syntaxon">>/root/.vimrc echo"setnu">>/root/.vimrc echo"setts=4">>/root/.vimrc
其他设置
sed-i's#exec/sbin/shutdown-rnow#\#exec/sbin/shutdown-rnow#'/etc/init/control-alt-delete.conf sed-i's/SELINUX=enforcing/SELINUX=disabled/'/etc/selinux/config cat>/etc/modprobe.d/ipv6.conf<<EOFI aliasnet-pf-10off optionsipv6disable=1 EOFI
4. kernel优化设置
modprobeip_conntrack echo"modprobeip_conntrack">>/etc/rc.local cp/etc/sysctl.conf{,_bak$(date+%Y%m%d)} cat>/etc/sysctl.conf<<EOF net.ipv4.ip_forward=0 net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.default.accept_source_route=0 kernel.sysrq=0 kernel.core_uses_pid=1 kernel.msgmnb=65536 kernel.msgmax=65536 kernel.shmmax=68719476736 kernel.shmall=4294967296 net.ipv4.tcp_max_tw_buckets=60000 net.ipv4.tcp_sack=1 net.ipv4.tcp_window_scaling=1 net.ipv4.tcp_rmem=4096873804194304 net.ipv4.tcp_wmem=4096163844194304 net.core.wmem_default=8388608 net.core.rmem_default=8388608 net.core.rmem_max=16777216 net.core.wmem_max=16777216 net.core.netdev_max_backlog=500000 net.core.somaxconn=262144 net.ipv4.tcp_max_orphans=3276800 net.ipv4.tcp_syncookies=1 net.ipv4.tcp_max_syn_backlog=262144 net.ipv4.tcp_timestamps=0 net.ipv4.tcp_synack_retries=1 net.ipv4.tcp_syn_retries=1 net.ipv4.tcp_tw_recycle=1 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_mem=94500000915000000927000000 net.ipv4.tcp_fin_timeout=1 net.ipv4.tcp_keepalive_time=1200 net.ipv4.ip_local_port_range=102465535 net.nf_conntrack_max=25000000 net.netfilter.nf_conntrack_max=25000000 net.netfilter.nf_conntrack_tcp_timeout_established=180 net.netfilter.nf_conntrack_tcp_timeout_time_wait=120 net.netfilter.nf_conntrack_tcp_timeout_close_wait=60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait=120 vm.swappiness=0 EOF /sbin/sysctl-p
userdeladm userdellp userdelsync userdelshutdown userdelhalt userdeluucp userdeloperator userdelgames userdelgopher groupdeladm groupdellp groupdeluucp groupdelgames groupdeldip groupdelpppusers groupdelpopusers groupdelslipuser
6.设置history 以时间格式显示,并更改储存目录(可选)
将下面内容放在 /etc/profile 文件中,然后重新使用root登陆一次即可。会生成/var/log/.hist目录/登陆用户名/登陆源ip.hist.登日期,并只有root能够查看里面的文件。
#history exportHISTTIMEFORMAT="[%Y.%m.%d%H:%M:%S]" USER_IP=`who-uami2>/dev/null|awk'{print$NF}'|sed-e's/[()]//g'` HISTDIR=/var/log/.hist if[-z$USER_IP] then USER_IP=`hostname` fi flat=$(who-uami|grep-ctty) if[$flat-eq1];then USER_IP="console" fi if[!-d$HISTDIR] then mkdir-p$HISTDIR chmod777$HISTDIR fi if[!-d$HISTDIR/${LOGNAME}] then mkdir-p$HISTDIR/${LOGNAME} chmod300$HISTDIR/${LOGNAME} fi exportHISTSIZE=4096 #DT=`date+%Y%m%d_%H%M%S` DT=$(date+%Y%m%d) exportHISTFILE="$HISTDIR/${LOGNAME}/${USER_IP}.hist.$DT" chmod600$HISTDIR/${LOGNAME}/*.hist*2>/dev/null