centos6.7 优化
配置网卡
修改主机名
关闭selinux,清空防火墙
新建普通用户并visudo授权
更改yum源,安装常用软件
定时任务,定时更新时间
精简开机启动项
定时任务在自动清理/var/spool/maildrop/目录垃圾文件,防止inode占满
更改ssh服务端口,禁止root用户远程连接
锁定关键文件系统
调整文件描述符大小
调整字符集,使其支持中文
去除系统及内核版本登录前的屏幕显示
内核参数优化
1、配置网卡(此处为克隆机所以删除了UUID和MAC)
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPV6INIT=no
USERCTL=no
IPADDR=10.0.0.100
GATEWAY=10.0.0.2
DNS2=223.5.5.5
DNS1=10.0.0.2
NETMASK=255.255.255.0
vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPV6INIT=no
USERCTL=no
IPADDR=10.0.0.100
GATEWAY=10.0.0.2
DNS2=223.5.5.5
DNS1=10.0.0.2
NETMASK=255.255.255.0
重启网卡eth1
ifdown eth1&&ifup eth1/etc/init.d/network restart
echo ‘>/etc/udev/rules.d/70-persistent-net.rules‘ >>/etc/rc.local
hostname zhang (临时修改)
vim /etc/sysconfig/network
3、检查DNS
阿里服务器
223.5.5.5vim /etc/resolv.conf
(网卡配置文件中设置的优先启动)
4、关闭selinux
sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g‘ /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config
setenforce 0
getenforce
清空防火墙
iptables -F
iptables -L 1>>~/install.ok 2>>install.bug
/etc/init.d/iptables save
5、新建普通用户并visudo授权
useradd zhang
id zhang
echo ‘123456‘|passwd --stdin zhang
echo ‘zhang ALL=(ALL) NOPASSWD: ALL‘ >>/etc/sudoers
visudo -c
6、更改yum源
备份本机yum源
法1:自己配置好安装源配置文件,然后上传到linux
法2:使用镜像站点配置好的yum安装源配置文件
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.f1.ori
ls /etc/yum.repos.d/CentOS-Base.repo.f1.ori 1>>~/install.ok 2>>install.bug
yum makecache
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
yum install lrzsz tree sysstat -y
rpm -qa lrzsz tree nmap sysstat 1>>~/install.ok 2>>install.bug
sysstat 是用来检测系统性能及效率的工具 dos2unix将dos格式的文本转换为unix格式
nmap 网络扫描和主机检测
grep 过滤变色(实验用)
echo ‘grep="grep --color=auto"‘ >>/etc/profile
. /etc/profile
grep ‘grep="grep --color=auto"‘ /etc/profile 1>>~/install.ok 2>>install.bug
7、定时任务,定时更新时间
echo ‘*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1‘ >>/var/spool/cron/root
crontab -l 1>>~/install.ok 2>>install.bug
8、精简开机启动项
for n in `chkconfig --list|grep "3:on"|awk ‘{print $1}‘`; do chkconfig $n off; done
chkconfig --list|egrep ‘crond|network|rsyslog|sshd|sysstat‘|awk ‘{print "chkconfig "$1" on"}‘|bash
chkconfig --list|grep "3:on" 1>>~/install.ok 2>>install.bugmkdir /server/scripts -p
ls -l /server/scripts/ 1>>~/install.ok 2>>install.bug
echo ‘#bin bash find /var/spool/postfix/maildrop -type f|xargs rm -f‘ >/server/scripts/clean_mail.sh
cat /server/scripts/clean_mail.sh 1>>~/install.ok 2>>install.bug
echo ‘#clean /var/spool/postfix/maildrop 00 00 * * * /bin/sh /server/scripts/clean_mail.sh‘ >>/var/spool/cron/root
crontab -l 1>>~/install.ok 2>>install.bug
10、更改ssh服务端口,禁止root用户远程连接
cp /etc/ssh/sshd_config{,f1.ori}
ls /etc/ssh/sshd_config.f1.ori 1>>~/install.ok 2>>install.bug
sed -ir ‘13 iPort 52113\nPermitRootLogin no\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no‘ /etc/ssh/sshd_config
sed -n 13,17p /etc/ssh/sshd_config 1>>~/install.ok 2>>install.bug
11、锁定关键文件系统
chattr +i /etc/passwd
chattr +i /etc/inittab
chattr +i /etc/group
chattr +i /etc/shadow
chattr +i /etc/gshadow
lsattr +i /etc/passwd 1>>~/install.ok 2>>install.bug
lsattr +i /etc/inittab 1>>~/install.ok 2>>install.bug
lsattr +i /etc/group 1>>~/install.ok 2>>install.bug
lsattr +i /etc/shadow 1>>~/install.ok 2>>install.bug
lsattr +i /etc/gshadow 1>>~/install.ok 2>>install.bug
使用chattr命令后,为了安全我们需要将其改名
/bin/mv /usr/bin/chattr /usr/bin/ #
任意名称
13、调整字符集,使其支持中文
sed-i ‘s#LANG="en_US.UTF-8"#LANG="zh_CN.GB18030"#‘/etc/sysconfig/i18nsource/etc/sysconfig/i18n
14、去除系统及内核版本登录前的屏幕显示
>/etc/issue
>/etc/redhat-release