centos7优化

 基础优化脚本

  1 #!/bin/bash
  2 
  3 # 基础优化脚本
  4 
  5 # no.0 mirrors and epel change  开始可能没有wget命令
  6 yum install -y wget
  7 /bin/mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.ori
  8 /usr/bin/wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
  9 
 10 /usr/bin/wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
 11 
 12 # no.1 close selinux
 13 /bin/cp /etc/selinux/config /etc/selinux/config.ori
 14 /bin/sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
 15 setenforce 0    # current environment effect
 16 
 17 # no.2 close iptables  CentOS 7.x默认使用的是firewall作为防火墙 
 18 # yum install -y firewalld firewall-config    # 已默认安装firewalld
 19 systemctl stop firewalld.service     #停止firewall
 20 systemctl disable firewalld.service  #禁止firewall开机启动
 21 
 22 yum install -y iptables-services     # 安装 iptables
 23 systemctl stop iptables.service
 24 systemctl disable iptables.service
 25 
 26 # no.3 boot server optimize
 27 systemctl enable ntpd.service
 28 systemctl start ntpd.service
 29 
 30 # no.4 user get root authority
 31 userAdd=zhang
 32 /bin/cp /etc/sudoers /etc/sudoers.ori
 33 /usr/sbin/useradd ${userAdd} && /bin/echo '123456' | /usr/bin/passwd --stdin ${userAdd} > /dev/null 2>&1 
 34 /bin/echo "" >>  /etc/sudoers
 35 /bin/echo "# user zhang get root authority" >>  /etc/sudoers
 36 /bin/echo "zhang  ALL=(ALL)       NOPASSWD: ALL" >>  /etc/sudoers
 37 
 38 # no.5 show zh_CN.UTF-8  就是用  en_US.UTF-8  不要修改
 39 # /bin/cp /etc/locale.conf  /etc/locale.conf.ori
 40 # /bin/sed -i 's#en_US.UTF-8#zh_CN.UTF-8#g' /etc/locale.conf
 41 # . /etc/locale.conf
 42 
 43 # no.6 time synchronization
 44 yum install -y ntp
 45 ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 
 46 /bin/echo "# time sync by zhangliang at $(date +%F)" >> /var/spool/cron/root
 47 /bin/echo '*/10 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1' >> /var/spool/cron/root    
 48 
 49 # no.7 command line save set
 50 # /bin/cp /etc/profile /etc/profile.ori
 51 # /bin/echo "# command line save set by zhangliang at $(date +%F)" >> /etc/profile
 52 # /bin/echo 'export  TMOUT=600' >> /etc/profile
 53 # /bin/echo 'export  HISTSIZE=50' >> /etc/profile
 54 # /bin/echo 'export  HISTFILESIZE=50' >> /etc/profile
 55 
 56 # no.8 alias color set
 57 /bin/cp /etc/profile /etc/profile_zhang_$(date +%Y%m%d%H%M%S).bak
 58 /bin/cp /etc/bashrc /etc/bashrc_zhang_$(date +%Y%m%d%H%M%S).bak
 59 
 60 /bin/echo '' >> /etc/bashrc
 61 /bin/echo '# grep color' >> /etc/bashrc
 62 /bin/echo "alias grep='grep --color=auto'" >> /etc/bashrc
 63 /bin/echo "alias egrep='grep -E --color=auto'" >> /etc/bashrc
 64 
 65 /bin/echo "alias cp='cp -i'" >> /etc/bashrc
 66 /bin/echo "alias l.='ls -d .* --color=auto'" >> /etc/bashrc
 67 /bin/echo "alias ll='ls -l --color=auto'" >> /etc/bashrc
 68 /bin/echo "alias ls='ls --color=auto'" >> /etc/bashrc
 69 /bin/echo "alias mv='mv -i'" >> /etc/bashrc
 70 /bin/echo "alias rm='rm -i'" >> /etc/bashrc
 71 
 72 /bin/echo '' >> /etc/bashrc
 73 /bin/echo 'export HISTTIMEFORMAT="%F %T $(whoami) "' >> /etc/bashrc
 74 /bin/echo "export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });logger \"[euid=\$(whoami)]\":\$(who am i):[\`pwd\`]\"\$msg\"; }'" >> /etc/bashrc 
 75 # export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'  
 76 source /etc/bashrc
 77 
 78 # no.9 limits.conf
 79 /bin/cp /etc/security/limits.conf /etc/security/limits.conf.ori
 80 /bin/echo "* soft nofile 131070" >> /etc/security/limits.conf
 81 /bin/echo "* hard nofile 131070" >> /etc/security/limits.conf
 82 
 83 # no.10 kernel optimize
 84 /bin/cp /etc/sysctl.conf /etc/sysctl.conf.ori
 85 /bin/cat >> /etc/sysctl.conf << EOF
 86 ### optimization by zhangliang $(date +%F)
 87 net.ipv4.tcp_syn_retries = 1
 88 net.ipv4.tcp_synack_retries = 1
 89 net.ipv4.tcp_keepalive_time = 600
 90 net.ipv4.tcp_keepalive_probes = 3
 91 net.ipv4.tcp_keepalive_intvl =15
 92 net.ipv4.tcp_retries2 = 5
 93 net.ipv4.tcp_fin_timeout = 2
 94 net.ipv4.tcp_max_tw_buckets = 36000
 95 net.ipv4.tcp_tw_recycle = 1
 96 net.ipv4.tcp_tw_reuse = 1
 97 net.ipv4.tcp_max_orphans = 32768
 98 net.ipv4.tcp_syncookies = 1
 99 net.ipv4.tcp_max_syn_backlog = 16384
100 net.ipv4.tcp_wmem = 8192 131072 16777216
101 net.ipv4.tcp_rmem = 32768 131072 16777216
102 net.ipv4.tcp_mem = 786432 1048576 1572864
103 net.ipv4.ip_local_port_range = 1024 65000
104 net.core.somaxconn = 16384
105 net.core.netdev_max_backlog = 16384
106 EOF
107 
108 /sbin/sysctl -p 
109 
110 # no.11 timing clear system mail
111 /bin/mkdir /server/scripts/ -p    
112 /bin/echo "# timing clear system mail" >>/server/scripts/del_mail_file.sh
113 /bin/echo '/bin/find /var/spool/postfix/maildrop/ -type f | xargs -I{} /bin/rm -f {}' >> /server/scripts/del_mail_file.sh
114 /bin/echo "" >> /var/spool/cron/root
115 /bin/echo '# delete mail file by zhangliang at $(date +%F)' >> /var/spool/cron/root    
116 /bin/echo '00 00 * * 6 /bin/sh /server/scripts/del_mail_file.sh >/dev/null 2>&1' >> /var/spool/cron/root    
117 
118 # no.12 hide system version info
119 /bin/cp /etc/issue /etc/issue.ori
120 /bin/cp /etc/issue.net /etc/issue.net.ori
121 > /etc/issue
122 > /etc/issue.net
123 
124 /bin/echo "" >> /etc/motd
125 /bin/echo 'Welcome You Login' >> /etc/motd
126 /bin/echo "" >> /etc/motd
127 
128 # no.13 SSH optimize
129 /bin/cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori
130 /bin/cat >> /etc/ssh/sshd_config << EOF
131 ##### by zhangliang # $(date +%F)##    
132 # Port 52113
133 PermitRootLogin no
134 PermitEmptyPasswords no
135 UseDNS no
136 GSSAPIAuthentication no
137 ##### by zhangliang # $(date +%F)##
138 EOF
139 
140 systemctl restart sshd.service
141 
142 # no.14 install necessary software
143 /usr/bin/yum install -y bash-completion # systemctl tab 补全
144 /usr/bin/yum install -y pcre pcre-devel
145 /usr/bin/yum install -y openssl openssl-devel 
146 /usr/bin/yum install -y nfs-utils rpcbind
147 /usr/bin/yum install -y lrzsz sysstat nmap tree telnet dos2unix nc vim

 

上一篇:文件与目录操作


下一篇:Ubuntu安装ffmpeg