CentOS7.X 系统优化

# 1 对hosts文件进行配置

\cp /etc/hosts{,.bak}

cat >/etc/hosts<<EOF

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# ip地址        主机名称

192.168.40.22   web01

192.168.40.23   web02

192.168.40.24   web03

EOF

# 检查

cat /etc/hosts{,.bak}

# 2 对yum源进行配置并安装包

CentOS 6

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-6.repo

或者

curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-6.repo

CentOS 7

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

或者

curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

CentOS 8

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo

或者

curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo

epel(RHEL 6)

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

epel(RHEL 7)

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

epel(RHEL 8)

1）安装 epel 配置包

yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm

2）将 repo 配置中的地址替换为阿里云镜像站地址

sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*

sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*

# 检查

yum repolist 

# 2.1 安装所需软件

yum install -y tree nmap nc dos2unix lrzsz lsof wget tcpdump htop iftop iotop nethogs sysstat telnet ntpdate

# tcpdump 抓包、监听重要排错工具   htop系统进程信息  iftop查看主机网卡带宽  

# nethogs显示进程网络流量  nc文件传输、端口检查

# CentOS7安装的工具包

yum install -y psmisc net-tools bash-completion bash-completion-extras vim-enhanced 

# 3 关闭防火墙和selinux

systemctl disable firewalld

systemctl stop firewalld

systemctl status firewalld

setenforce 0

sed -ri 's/^(SELINUX=).*/\1disabled/' /etc/selinux/config

sestatus

# 4 用户配置(可选配置)

useradd le

echo 123|passwd --stdin le

\cp /etc/sudoers{,.bak}

echo "le ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers

tail -1 /etc/sudoers

visudo -c 

# 5 字符集

localectl set-locale LANG="en_US.UTF-8"

localectl

# 6 时间同步(可选配置)

yum install ntpdate -y

echo '*/55 * * * * /usr/sbin/ntpdate ntpdate ntp3.aliyun.com &>/dev/null' >>/var/spool/cron/root

crontab -l    # crontab -e

# 7 文件描述

echo '*               -    nofile             65535' >>/etc/security/limits.conf

tail -1 /etc/security/limits.conf

. /etc/security/limits.conf

ulimit -n

# 8 内核优化

cat >>/etc/sysctl.conf<<EOF

#kernel_flay

net.ipv4.tcp_fin_timeout = 2

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_keepalive_time = 600

net.ipv4.ip_local_port_range = 4000 65000

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.route.gc_timeout = 100

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_synack_retries = 1

net.core.somaxconn = 16384

net.core.netdev_max_backlog = 16384

net.ipv4.tcp_max_orphans = 16384

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

#iptables

net.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_tcp_timeout_established = 180

net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120

net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

EOF

sysctl -p

# 9 ssh优化

sed -i 's/#UseDNS yes/UseDNS no/g;s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config

egrep -i 'usedns|gssapiauth' /etc/ssh/sshd_config

systemctl restart sshd

# 10 设置PS1(可选配置)

vim /etc/profile

PS1="[\[\e[1;31m\]\u\[\e[0m\]@\[\e[1;32m\]\h \W\[\e[0m\]]\\$"

11. 修改启动等待时间为1秒(可选配置)

sed -ri 's/^(GRUB_TIMEOUT=).*/\11/' /etc/default/grub

grub2-mkconfig >/boot/grub2/grub.cfg

# grub2-mkconfig -o /boot/grub2/grub.cfg   如需指定文件名使用参数-o

# 如果是UEFI启动方式

grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

12.忘记root密码

启动按e键，在linux这行最后增加 init=/bin/bash，按ctrl+x启动系统

mount -o remount,rw /  根可读写

passwd

# touch /.autorelabel   如果开启了SELinux，需要运行此命令，确保恢复所修改文件的SELinux上下文

exec /sbin/reboot

13.修改CentOS7.X网卡名称为传统名称eth0格式

13.1调整网卡名称

[root@test tools]# cd /etc/sysconfig/network-scripts/         #<==进入网卡文件目录。

[root@test network-scripts]# mv ifcfg-ens33 ifcfg-eth0         #<==进重命名网卡名称。

1.2 调整网卡的配置信息

[root@test network-scripts]# cat ifcfg-eth0 #<==修改后的结果如下。

TYPE="Ethernet"

PROXY_METHOD="none"

BROWSER_ONLY="no"

BOOTPROTO="dhcp"

DEFROUTE="yes"

IPV4_FAILURE_FATAL="no"

IPV6INIT="yes"

IPV6_AUTOCONF="yes"

IPV6_DEFROUTE="yes"

IPV6_FAILURE_FATAL="no"

IPV6_ADDR_GEN_MODE="stable-privacy"

NAME="eth0"       #<==修改为eth0。

UUID="e62dd7a9-92fa-4805-afc9-441b567ad38d"

DEVICE="eth0"    #<==修改为eth0。

ONBOOT="yes"

1.3 修改并生成grub配置

修改后的结果如下，也可以在安装系统或开机启动时进行调整。

[root@test network-scripts]# cat /etc/sysconfig/grub

GRUB_TIMEOUT=5

GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"

GRUB_DEFAULT=saved

GRUB_DISABLE_SUBMENU=true

GRUB_TERMINAL_OUTPUT="console"

GRUB_CMDLINE_LINUX="crashkernel=auto rhgb net.ifnames=0 biosdevname=0 quiet"  #<==黄色底纹内容是添加的。

GRUB_DISABLE_RECOVERY="true"

[root@test network-scripts]# grub2-mkconfig -o /boot/grub2/grub.cfg  #<==生成grub启动菜单。

Generating grub configuration file ...

Found linux image: /boot/vmlinuz-3.10.0-957.el7.x86_64

Found initrd image: /boot/initramfs-3.10.0-957.el7.x86_64.img

Found linux image: /boot/vmlinuz-0-rescue-040ea756a4d344249aec0555d4c01569

Found initrd image: /boot/initramfs-0-rescue-040ea756a4d344249aec0555d4c01569.img

done

13.4 验证是否修改结果

[root@test network-scripts]# reboot #<==必须重启系统。

13.5.安装CentOS7.X时把网卡名称修改为传统名称eth0格式

进入安装开始菜单时按tab键，在最后增加 net.ifnames=0 biosdevname=0，完成后直接回车两次就进行安装界面。