歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux綜合 >> 學習Linux

CentOS6.7優化方案

CentOS6.7優化方案


CentOS6.7優化方案


最近公司新升級了服務器系統到CentOS6.7,精心做了一套系統優化方案

centos優化

  1. 配置網卡

  2. 修改主機名

  3. 關閉selinux,清空防火牆

  4. 新建普通用戶並visudo授權

  5. 更改yum源,安裝常用軟件

  6. 定時任務,定時更新時間

  7. 精簡開機啟動項

  8. 定時任務在自動清理/var/spool/maildrop/目錄垃圾文件,防止inode占滿

  9. 更改ssh服務端口,禁止root用戶遠程連接

  10. 鎖定關鍵文件系統

  11. 調整文件描述符大小

  12. 調整字符集,使其支持中文

  13. 去除系統及內核版本登錄前的屏幕顯示

  14. 內核參數優化

1、配置網卡(此處為克隆機所以刪除了UUID和MAC)

vim/etc/sysconfig/network-scripts/ifcfg-eth0DEVICE=ethTYPE=EthernetONBOOT=yesNM_CONTROLLED=yesBOOTPROTO=noneIPV6INIT=noUSERCTL=noIPADDR=10.0.0.100GATEWAY=10.0.0.2DNS2=223.5.5.5DNS1=10.0.0.2NETMASK=255.255.255.0vim/etc/sysconfig/network-scripts/ifcfg-eth1DEVICE=eth0TYPE=EthernetONBOOT=yesNM_CONTROLLED=yesBOOTPROTO=noneIPV6INIT=noUSERCTL=noIPADDR=10.0.0.100GATEWAY=10.0.0.2DNS2=223.5.5.5DNS1=10.0.0.2NETMASK=255.255.255.0

重啟網卡eth1

ifdowneth1&&ifupeth1/etc/init.d/networkrestartecho'>/etc/udev/rules.d/70-persistent-net.rules'>>/etc/rc.localhostnamezhang(臨時修改)vim/etc/sysconfig/network

3、檢查DNS

阿裡服務器

223.5.5.5vim/etc/resolv.conf

(網卡配置文件中設置的優先啟動)

4、關閉selinux

sed-i's#SELINUX=enforcing#SELINUX=disabled#g'/etc/selinux/configgrepSELINUX=disabled/etc/selinux/configsetenforce0getenforce

清空防火牆

iptables-Fiptables-L1>>~/install.ok2>>install.bug/etc/init.d/iptablessave

5、新建普通用戶並visudo授權

useraddzhangidzhangecho'123456'|passwd--stdinzhangecho'zhangALL=(ALL)NOPASSWD:ALL'>>/etc/sudoersvisudo-c

6、更改yum源

備份本機yum源法1:自己配置好安裝源配置文件,然後上傳到linux法2:使用鏡像站點配置好的yum安裝源配置文件mv/etc/yum.repos.d/CentOS-Base.repo/etc/yum.repos.d/CentOS-Base.repo.f1.orils/etc/yum.repos.d/CentOS-Base.repo.f1.ori1>>~/install.ok2>>install.bugyummakecachewget-O/etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-6.repoyuminstalllrzsztreesysstat-yrpm-qalrzsztreenmapsysstat1>>~/install.ok2>>install.bugsysstat是用來檢測系統性能及效率的工具dos2unix將dos格式的文本轉換為unix格式nmap網絡掃描和主機檢測grep過濾變色(實驗用)echo'grep="grep--color=auto"'>>/etc/profile./etc/profilegrep'grep="grep--color=auto"'/etc/profile1>>~/install.ok2>>install.bug

7、定時任務,定時更新時間

echo'*/5****/usr/sbin/ntpdatentp1.aliyun.com>/dev/null2>&1'>>/var/spool/cron/rootcrontab-l1>>~/install.ok2>>install.bug

8、精簡開機啟動項

fornin`chkconfig--list|grep"3:on"|awk'{print$1}'`;dochkconfig$noff;donechkconfig--list|egrep'crond|network|rsyslog|sshd|sysstat'|awk'{print"chkconfig"$1"on"}'|bashchkconfig--list|grep"3:on"1>>~/install.ok2>>install.bugmkdir/server/scripts-pls-l/server/scripts/1>>~/install.ok2>>install.bugecho'#binbash\find/var/spool/postfix/maildrop-typef|xargsrm-f'>/server/scripts/clean_mail.shcat/server/scripts/clean_mail.sh1>>~/install.ok2>>install.bugecho'#clean/var/spool/postfix/maildrop\0000***/bin/sh/server/scripts/clean_mail.sh'>>/var/spool/cron/rootcrontab-l1>>~/install.ok2>>install.bug

10、更改ssh服務端口,禁止root用戶遠程連接

cp/etc/ssh/sshd_config{,f1.ori}ls/etc/ssh/sshd_config.f1.ori1>>~/install.ok2>>install.bugsed-ir'13iPort52113\nPermitRootLoginno\nPermitEmptyPasswordsno\nUseDNSno\nGSSAPIAuthenticationno'/etc/ssh/sshd_configsed-n13,17p/etc/ssh/sshd_config1>>~/install.ok2>>install.bug

11、鎖定關鍵文件系統

chattr+i/etc/passwdchattr+i/etc/inittabchattr+i/etc/groupchattr+i/etc/shadowchattr+i/etc/gshadowlsattr+i/etc/passwd1>>~/install.ok2>>install.buglsattr+i/etc/inittab1>>~/install.ok2>>install.buglsattr+i/etc/group1>>~/install.ok2>>install.buglsattr+i/etc/shadow1>>~/install.ok2>>install.buglsattr+i/etc/gshadow1>>~/install.ok2>>install.bug

使用chattr命令後,為了安全我們需要將其改名

/bin/mv/usr/bin/chattr/usr/bin/#任意名稱

13、調整字符集,使其支持中文

sed-i's#LANG="en_US.UTF-8"#LANG="zh_CN.GB18030"#'/etc/sysconfig/i18nsource/etc/sysconfig/i18n

14、去除系統及內核版本登錄前的屏幕顯示

>/etc/issue>/etc/redhat-release

老男孩28期章曾整理發布。

在這裡要感謝老男孩老師的教導。

一鍵執行優化

echo'#######克隆機清空文件#####'1>>~/install.ok2>>install.bugecho'>/etc/udev/rules.d/70-persistent-net.rules'>>/etc/rc.localtail-1/etc/rc.local1>>~/install.ok2>>install.bugecho'#######修改主機名#####'1>>~/install.ok2>>install.bughostnamezhangsed-i's#HOSTNAME=.*#HOSTNAME=zhang#g'/etc/sysconfig/networkcat/etc/sysconfig/network1>>~/install.ok2>>install.bugecho'#######關閉selinux#####'1>>~/install.ok2>>install.bugsed-i's#SELINUX=enforcing#SELINUX=disabled#g'/etc/selinux/configgrepSELINUX=disabled/etc/selinux/config1>>~/install.ok2>>install.bugsetenforce0getenforce1>>~/install.ok2>>install.bugecho'#######關閉selinux#####'1>>~/install.ok2>>install.bugiptables-Fiptables-L1>>~/install.ok2>>install.bug/etc/init.d/iptablessaveecho'#######新建用戶sudo授權#####'1>>~/install.ok2>>install.buguseraddzhangidzhang1>>~/install.ok2>>install.bugecho'123456'|passwd--stdinzhangecho'zhangALL=(ALL)NOPASSWD:ALL'>>/etc/sudoersvisudo-c1>>~/install.ok2>>install.bugecho'#######更改yum源安裝常用軟件#####'1>>~/install.ok2>>install.bugmv/etc/yum.repos.d/CentOS-Base.repo/etc/yum.repos.d/CentOS-Base.repo.backupls/etc/yum.repos.d/CentOS-Base.repo.backup1>>~/install.ok2>>install.bugwget-O/etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-6.repoyuminstalllrzsztreesysstat-yrpm-qalrzsztreenmapsysstat1>>~/install.ok2>>install.bugecho'#######grep變色#####'1>>~/install.ok2>>install.bugecho'grep="grep--color=auto"'>>/etc/profile./etc/profilegrep'grep="grep--color=auto"'/etc/profile1>>~/install.ok2>>install.bugecho'#######定時更新時間#####'1>>~/install.ok2>>install.bugecho'*/5****/usr/sbin/ntpdatentp1.aliyun.com>/dev/null2>&1'>>/var/spool/cron/rootcrontab-l1>>~/install.ok2>>install.bugecho'#######精簡開機啟動項#####'1>>~/install.ok2>>install.bugfornin`chkconfig--list|grep"3:on"|awk'{print$1}'`;dochkconfig$noff;donechkconfig--list|egrep'crond|network|rsyslog|sshd|sysstat'|awk'{print"chkconfig"$1"on"}'|bashchkconfig--list|grep"3:on"1>>~/install.ok2>>install.bugecho'#######清理臨時郵件隊列#####'1>>~/install.ok2>>install.bugmkdir/server/scripts-pls-l/server/scripts/1>>~/install.ok2>>install.bugecho'#binbash\find/var/spool/postfix/maildrop-typef|xargsrm-f'>/server/scripts/clean_mail.shcat/server/scripts/clean_mail.sh1>>~/install.ok2>>install.bugecho'#clean/var/spool/postfix/maildrop\0000***/bin/sh/server/scripts/clean_mail.sh'>>/var/spool/cron/rootcrontab-l1>>~/install.ok2>>install.bugcp/etc/ssh/sshd_config{,.f1.ori}ls/etc/ssh/sshd_config.f1.ori1>>~/install.ok2>>install.bugecho'#######ssh安全#####'1>>~/install.ok2>>install.bugsed-ir'13iPort52113\nPermitRootLoginno\nPermitEmptyPasswordsno\nUseDNSno\nGSSAPIAuthenticationno'/etc/ssh/sshd_configsed-n13,17p/etc/ssh/sshd_config1>>~/install.ok2>>install.bugecho'#######鎖定重要文件#####'1>>~/install.ok2>>install.bugchattr+i/etc/passwdchattr+i/etc/inittabchattr+i/etc/groupchattr+i/etc/shadowchattr+i/etc/gshadowlsattr+i/etc/passwd1>>~/install.ok2>>install.buglsattr+i/etc/inittab1>>~/install.ok2>>install.buglsattr+i/etc/group1>>~/install.ok2>>install.buglsattr+i/etc/shadow1>>~/install.ok2>>install.buglsattr+i/etc/gshadow1>>~/install.ok2>>install.bugecho'#######清空內核系統名#####'1>>~/install.ok2>>install.bug>/etc/issue>/etc/redhat-release

http://xxxxxx/Linuxjc/1134254.html TechArticle

Copyright © Linux教程網 All Rights Reserved