CentOS 已經發布了6.2版了,現在已經可以用在生產環境了,新版本的內核也能更好的利用硬件。寫了一個腳本,用來初始化系統環境,現在分享出來,你可以根據自己的需要,對腳本進行相應的修改。
腳本的內容如下:
1. #!/bin/bash
2. #author suzezhi
3. #this script is only for CentOS 6
4. #check the OS
5.
6. platform=`uname -i`
7. if [ $platform != "x86_64" ];then
8. echo "this script is only for 64bit Operating System !"
9. exit 1
10. fi
11. echo "the platform is ok"
12. version=`lsb_release -r |awk '{print substr($2,1,1)}'`
13. if [ $version != 6 ];then
14. echo "this script is only for CentOS 6 !"
15. exit 1
16. fi
17. cat << EOF
18. +---------------------------------------+
19. | your system is CentOS 6 x86_64 |
20. | start optimizing....... |
21. +---------------------------------------
22. EOF
23.
24. #make the 163.com as the default yum repo
25. mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
26. wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -O /etc/yum.repos.d/CentOS-Base.repo
27.
28. #add the third-party repo
29. #add the epel
30. rpm -Uvh http://download.Fedora.RedHat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
31. rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
32.
33. #add the rpmforge
34. rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
35. rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
36.
37. #update the system and set the ntp
38. yum clean all
39. yum -y update glibc\*
40. yum -y update yum\* rpm\* python\*
41. yum -y update
42. yum -y install ntp
43. echo "* 4 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1" >> /var/spool/cron/root
44. service crond restart
45.
46. #set the file limit
47. echo "ulimit -SHn 102400" >> /etc/rc.local
48. cat >> /etc/security/limits.conf << EOF
49. * soft nofile 65535
50. * hard nofile 65535
51. EOF
52.
53. #set the control-alt-delete to guard against the miSUSE
54. sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
55.
56. #disable selinux
57. sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
58.
59. #set ssh
60. sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
61. sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
62. service sshd restart
63.
64. #tune kernel parametres
65. cat >> /etc/sysctl.conf << EOF
66. net.ipv4.tcp_fin_timeout = 1
67. net.ipv4.tcp_keepalive_time = 1200
68. net.ipv4.tcp_mem = 94500000 915000000 927000000
69. net.ipv4.tcp_tw_reuse = 1
70. net.ipv4.tcp_timestamps = 0
71. net.ipv4.tcp_synack_retries = 1
72. net.ipv4.tcp_syn_retries = 1
73. net.ipv4.tcp_tw_recycle = 1
74. net.core.rmem_max = 16777216
75. net.core.wmem_max = 16777216
76. net.core.netdev_max_backlog = 262144
77. net.core.somaxconn = 262144
78. net.ipv4.tcp_max_orphans = 3276800
79. net.ipv4.tcp_max_syn_backlog = 262144
80. net.core.wmem_default = 8388608
81. net.core.rmem_default = 8388608
82. EOF
83. /sbin/sysctl -p
84.
85. #define the backspace button can erase the last character typed
86. echo 'stty erase ^H' >> /etc/profile
87. echo "syntax on" >> /root/.vimrc
88.
89. #stop some crontab
90. mkdir /etc/cron.daily.bak
91. mv /etc/cron.daily/makewhatis.cron /etc/cron.daily.bak
92. mv /etc/cron.daily/mlocate.cron /etc/cron.daily.bak
93. chkconfig bluetooth off
94. chkconfig cups off
95. chkconfig ip6tables off
96. #disable the ipv6
97. cat > /etc/modprobe.d/ipv6.conf << EOFI
98. alias net-pf-10 off
99. options ipv6 disable=1
100.EOFI
101.echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network
102.cat << EOF
103.+-------------------------------------------------+
104.| optimizer is done |
105.| it's recommond to restart this server ! |
106.+-------------------------------------------------+
107.EOF
對腳本的內容做一下說明:
1. 先對系統進行判斷,如果是Cent OS 64位,就繼續運行。
2. 先將系統的安裝源設置為網易的(網易的安裝源算是國內比較穩定的)
3. 安裝epel的源和rpmforge的源,利用第三方的源來讓yum安裝起來更方便
4. 更新軟件
5. 設置為每天凌晨四點進行時間同步(跟國家授時中心的服務器進行時間同步)
6. 將系統同時打開的文件個數增大
7. 將ctrl ALT delete鍵進行屏蔽,防止誤操作的時候服務器重啟
8. 關閉SELinux
9. 禁用GSSAPI來認證,也禁用DNS反向解析,加快SSH登陸速度
10. 優化一些內核參數
11. 調整刪除字符的按鍵為backspace(某些系統默認是delete)
12. 打開vim的語法高亮
13. 取消生成whatis數據庫和locate數據庫
14. 關閉沒用的服務
15. 關閉IPv6
http://www.linuxde.net/2011/12/5756.html