CentOS 7.5操作系统的优化

01:更改yum源

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

02:安装常用工具我软件包

yum install -y tree lrzsz telnet wget bzip2 unzip gzip dos2unix vim net-tools lsof pinfo nc nmap ntpdate
yum install -y psmisclsof sysstat yum-utils
yum install -y gcc gcc-c++ make cmake libaio zlib-devel pcre-devel

03:清空系统版本显示

>/etc/issue
>/etc/issue.net

04:关闭selinux

sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g‘ /etc/selinux/config
setenforce 0

05:关闭及永久关闭firewalld防火墙【根据情况】

systemctl stop firewalld.service
systemctl disable firewalld.service

06:让用户及密码永不过期[特别是云服务器在安装时有"优化"选项,若没有监控,后面就要出问题]

cat >>/etc/login.defs<<EOF
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7
EOF

07:调整字符集为中文字符集

echo "LANG=\"zh_CN.UTF-8\"" >/etc/locale.conf

08:命令行历史保留记录10条;历史文件保留命令10行;命令行以空格开头的命令不记录,

echo "export HISTSIZE=10" >>/etc/bashrc
echo "export HISTFILESIZE=10" >>/etc/bashrc
echo "HISTCONTROL=ignorespace" >>/etc/bashrc
source /etc/bashrc

09:更改/etc/rc.d/rc.local文件权限744[我一般把服务的启动脚本放在该文件中]

chmod 744 /etc/rc.d/rc.local

10:创建存放脚本的相关目录/server/scripts/

mkdir /server/scripts/ -p
ls -ld /server/scripts/

11:给rm命令做别名,不让其使用

echo "alias rm=‘echo Do not use the rm command‘" >>/etc/bashrc
source /etc/bashrc

12:修改资源限制符,分配资源限制符,并让其生效

cat >>/etc/security/limits.conf<<EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
* soft stack 65535
* hard stack 65535
EOF

echo " * - nproc 65535" >/etc/security/limits.d/20-nproc.conf
echo "session    required    pam_limits.so" >>/etc/pam.d/login

13:linux内核优化的优化【掌握了相关知识点后再进行设置,不要百度一搜就进行设置】

cat >>/etc/sysctl.conf<<EOF
# disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

# tcp socket optimize
net.ipv4.ip_local_port_range = 15000 65000
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_max_tw_buckets = 4096
net.ipv4.tcp_max_syn_backlog=8192
EOF

sysctl -p

14:创建普通用户并设置密码,并让普通用户加入wheel组;[还是云服务器在安装系统时选择了"优化"选项]

chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow
useradd chenliang -G wheel && echo "chenliang"|passwd --stdin chenliang
id chenliang

15:优化ssh服务连接效率,以及禁止root用户登录,更改ssh服务的端口【生产中不要乱设置,因为有业务关联着的】

cat >>/etc/ssh/sshd_config<<EOF
Port 921
PermitRootLogin no
PermitEmptyPasswords no
UseDNS no
GSSAPIAuthentication no
EOF

16:给关键文件进行加锁

chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/fstab /etc/login.defs

相关推荐