Centos 7操作系统配置及优化
前提是系统默认最下化安装完成后的优化。
系统配置
yum源配置
mkdir /etc/yum.repos.d/old && mv /etc/yum.repos.d/C* /etc/yum.repos.d/old/ curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
系统更新
yum -y update
软件安装
yum install -y gcc gcc-c++ ntp lrzsz tree telnet dos2unix sysstat sysstat iptraf ncurses-devel openssl-devel zlib-devel OpenIPMI-tools nmap screen nfs-utils iftop htop dstat iotop nethogs glances psmisc strace tcpdump fail2ban glusterfs glusterfs-fuse vim wget lrzsz autoconf cmake openssh-clients net-tools iproute
设置字符集
echo \'LANG="en_US.UTF-8"\' >/etc/locale.conf source /etc/locale.conf
文件描述符
cat >> /etc/security/limits.conf << EOF * soft nofile 65535 * hard nofile 65535 EOF
取消ctrl+alt+del
mv /usr/lib/systemd/system/ctrl-alt-del.target /usr/lib/systemd/system/ctrl-alt-del.target.bak
关闭Selinux
sed -i \'s/SELINUX=enforcing/SELINUX=disabled/\' /etc/selinux/config
SSH服务优化
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.`date +"%Y-%m-%d_%H-%M-%S"` sed -i \'s/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/\' /etc/ssh/sshd_config sed -i \'s/#UseDNS yes/UseDNS no/\' /etc/ssh/sshd_config sed -i \'s%#PermitEmptyPasswords no%PermitEmptyPasswords no%g\' /etc/ssh/sshd_config service sshd restart
内核优化
cat >> /etc/sysctl.conf << EOF net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.ip_local_port_range = 10000 65000 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_fin_timeout = 30 vm.swappiness=1 vm.max_map_count = 262144 EOF /sbin/sysctl -p
优化命令行界面
echo \'export PS1="[ \\033[01;33m\\u\\033[0;36m@\\033[01;34m\\h \\033[01;31m\\w\\033[0m ]\\033[0m \\n#"\' >> /etc/profile echo "the platform is ok"
优化vim
cat >> /root/.vimrc << EOF syntax enable syntax on set ruler set number set cursorline set cursorcolumn set hlsearch set incsearch set ignorecase set nocompatible set wildmenu set paste set expandtab set tabstop=2set shiftwidth=4set softtabstop=4set gcr=a:block-blinkon0 set guioptions-=l set guioptions-=L set guioptions-=r set guioptions-=R highlight CursorLine cterm=NONE ctermbg=black ctermfg=green guibg=NONE guifg=NONE highlight CursorColumn cterm=NONE ctermbg=black ctermfg=green guibg=NONE guifg=NONE EOF
软件配置
fail2ban(防暴力破解工具)
1. 保护SSH端口 2. 60秒内,尝试3次错误,IP封锁3小时
时间同步设置
*/10 * * * * /usr/sbin/ntpdate ntp1.aliyun.com 2.cn.pool.ntp.org > /dev/null 2>&1
本文地址:https://www.stayed.cn/item/257
转载请注明出处。
本站部分内容来源于网络,如侵犯到您的权益,请 联系我
我的博客
人生若只如初见,何事秋风悲画扇。
我的标签
随笔档案
- 2024-02(2)
- 2023-06(1)
- 2023-05(1)
- 2023-04(14)
- 2023-03(3)
- 2023-01(6)
- 2022-12(5)
- 2022-11(5)
- 2022-07(2)
- 2022-06(4)
- 2022-05(3)
- 2022-03(1)
- 2021-12(6)
- 2021-11(1)
- 2021-10(3)
- 2021-09(5)
- 2021-07(5)
- 2021-02(2)
- 2021-01(7)
- 2020-12(18)
- 2020-11(14)
- 2020-10(12)
- 2020-09(10)
- 2020-08(22)
- 2020-07(2)
- 2020-06(1)
- 2020-04(5)
- 2020-03(9)
- 2020-02(7)
- 2020-01(9)
- 2019-12(8)
- 2019-11(10)
- 2019-10(11)
- 2019-09(17)
- 2019-08(16)
- 2019-07(6)
- 2019-06(3)
- 2019-04(1)
- 2019-03(8)
- 2019-02(5)
- 2019-01(1)
- 2018-11(2)
- 2018-10(3)
- 2018-09(1)
- 2018-08(3)
- 2018-07(3)
- 2018-06(7)
- 2018-04(4)
- 2018-03(5)
- 2018-02(4)
- 2018-01(22)
- 2017-12(3)
- 2017-11(5)
- 2017-10(15)
- 2017-09(26)
- 2017-08(1)
- 2017-07(3)