CentOS 7.5操作系统的优化
01:更改yum源
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
02:安装常用工具我软件包
yum install -y tree lrzsz telnet wget bzip2 unzip gzip dos2unix vim net-tools lsof pinfo nc nmap ntpdate yum install -y psmisclsof sysstat yum-utils yum install -y gcc gcc-c++ make cmake libaio zlib-devel pcre-devel
03:清空系统版本显示
>/etc/issue >/etc/issue.net
04:关闭selinux
sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g‘ /etc/selinux/config setenforce 0
05:关闭及永久关闭firewalld防火墙【根据情况】
systemctl stop firewalld.service systemctl disable firewalld.service
06:让用户及密码永不过期[特别是云服务器在安装时有"优化"选项,若没有监控,后面就要出问题]
cat >>/etc/login.defs<<EOF PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 EOF
07:调整字符集为中文字符集
echo "LANG=\"zh_CN.UTF-8\"" >/etc/locale.conf
08:命令行历史保留记录10条;历史文件保留命令10行;命令行以空格开头的命令不记录,
echo "export HISTSIZE=10" >>/etc/bashrc echo "export HISTFILESIZE=10" >>/etc/bashrc echo "HISTCONTROL=ignorespace" >>/etc/bashrc source /etc/bashrc
09:更改/etc/rc.d/rc.local文件权限744[我一般把服务的启动脚本放在该文件中]
chmod 744 /etc/rc.d/rc.local
10:创建存放脚本的相关目录/server/scripts/
mkdir /server/scripts/ -p ls -ld /server/scripts/
11:给rm命令做别名,不让其使用
echo "alias rm=‘echo Do not use the rm command‘" >>/etc/bashrc source /etc/bashrc
12:修改资源限制符,分配资源限制符,并让其生效
cat >>/etc/security/limits.conf<<EOF * soft nproc 65535 * hard nproc 65535 * soft nofile 65535 * hard nofile 65535 * soft stack 65535 * hard stack 65535 EOF echo " * - nproc 65535" >/etc/security/limits.d/20-nproc.conf echo "session required pam_limits.so" >>/etc/pam.d/login
13:linux内核优化的优化【掌握了相关知识点后再进行设置,不要百度一搜就进行设置】
cat >>/etc/sysctl.conf<<EOF # disable ipv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 # tcp socket optimize net.ipv4.ip_local_port_range = 15000 65000 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_tw_recycle = 0 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_max_tw_buckets = 4096 net.ipv4.tcp_max_syn_backlog=8192 EOF sysctl -p
14:创建普通用户并设置密码,并让普通用户加入wheel组;[还是云服务器在安装系统时选择了"优化"选项]
chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow useradd chenliang -G wheel && echo "chenliang"|passwd --stdin chenliang id chenliang
15:优化ssh服务连接效率,以及禁止root用户登录,更改ssh服务的端口【生产中不要乱设置,因为有业务关联着的】
cat >>/etc/ssh/sshd_config<<EOF Port 921 PermitRootLogin no PermitEmptyPasswords no UseDNS no GSSAPIAuthentication no EOF
16:给关键文件进行加锁
chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/fstab /etc/login.defs
相关推荐
changecan 2020-11-19
ECSHOP专属建设 2020-11-13
88427810 2020-11-02
步知道 2020-10-27
Junzizhiai 2020-10-10
jackalwb 2020-10-05
小网管 2020-09-03
shiwenqiang 2020-09-14
85251846 2020-09-14
summerinsist 2020-08-21
87901735 2020-08-19
PinkBean 2020-08-11
85407718 2020-08-09
MichelinMessi 2020-07-30
suosuo 2020-07-28
CARBON 2020-07-28
lizhengfa 2020-07-27
88427810 2020-07-26