centos7 系统优化脚本
脚本一:
#!/usr/bin/env bash #设置环境变量
export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin function kernel () {
echo "
#CTCDN系统优化参数
#关闭ipv6
net.ipv6.conf.all.disable_ipv6 =
net.ipv6.conf.default.disable_ipv6 =
#决定检查过期多久邻居条目
net.ipv4.neigh.default.gc_stale_time=
#使用arp_announce / arp_ignore解决ARP映射问题
net.ipv4.conf.default.arp_announce =
net.ipv4.conf.all.arp_announce=
net.ipv4.conf.lo.arp_announce=
# 避免放大攻击
net.ipv4.icmp_echo_ignore_broadcasts =
# 开启恶意icmp错误消息保护
net.ipv4.icmp_ignore_bogus_error_responses =
#关闭路由转发
net.ipv4.ip_forward =
net.ipv4.conf.all.send_redirects =
net.ipv4.conf.default.send_redirects =
#开启反向路径过滤
net.ipv4.conf.all.rp_filter =
net.ipv4.conf.default.rp_filter =
#处理无源路由的包
net.ipv4.conf.all.accept_source_route =
net.ipv4.conf.default.accept_source_route =
#关闭sysrq功能
kernel.sysrq =
#core文件名中添加pid作为扩展名
kernel.core_uses_pid =
# 开启SYN洪水攻击保护
net.ipv4.tcp_syncookies =
#修改消息队列长度
kernel.msgmnb =
kernel.msgmax =
#设置最大内存共享段大小bytes
kernel.shmmax =
kernel.shmall =
#timewait的数量,默认180000
net.ipv4.tcp_max_tw_buckets =
net.ipv4.tcp_sack =
net.ipv4.tcp_window_scaling =
net.ipv4.tcp_rmem =
net.ipv4.tcp_wmem =
net.core.wmem_default =
net.core.rmem_default =
net.core.rmem_max =
net.core.wmem_max =
#每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目
net.core.netdev_max_backlog =
#限制仅仅是为了防止简单的DoS 攻击
net.ipv4.tcp_max_orphans =
#未收到客户端确认信息的连接请求的最大值
net.ipv4.tcp_max_syn_backlog =
net.ipv4.tcp_timestamps =
#内核放弃建立连接之前发送SYNACK 包的数量
net.ipv4.tcp_synack_retries =
#内核放弃建立连接之前发送SYN 包的数量
net.ipv4.tcp_syn_retries =
#启用timewait 快速回收
net.ipv4.tcp_tw_recycle =
#开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接
net.ipv4.tcp_tw_reuse =
net.ipv4.tcp_mem =
net.ipv4.tcp_fin_timeout =
#当keepalive 起用的时候,TCP 发送keepalive 消息的频度。缺省是2 小时
net.ipv4.tcp_keepalive_time =
net.ipv4.tcp_keepalive_probes =
net.ipv4.tcp_keepalive_intvl =
#允许系统打开的端口范围
net.ipv4.ip_local_port_range =
#修改防火墙表大小,默认65536
net.netfilter.nf_conntrack_max=
net.netfilter.nf_conntrack_tcp_timeout_established=
# 确保无人能修改路由表
net.ipv4.conf.all.accept_redirects =
net.ipv4.conf.default.accept_redirects =
net.ipv4.conf.all.secure_redirects =
net.ipv4.conf.default.secure_redirects = " >> /etc/sysctl.conf read -r -p "是否开启路由转发? [y|n] " input
case $input in
y)
sed -i "s#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g" /etc/sysctl.conf
sed -i "s#net.ipv4.conf.all.send_redirects = 0#net.ipv4.conf.all.send_redirects = 1#g" /etc/sysctl.conf
sed -i "s#net.ipv4.conf.default.send_redirects = 0#net.ipv4.conf.default.send_redirects = 1#g" /etc/sysctl.conf
sysctl -p
echo "优化完成,程序退出"
;;
n)
sysctl -p
echo "优化完成,程序退出"
exit
;;
esac
} # 是否优化内核
function openkernel () {
read -r -p "是否优化内核? [y/n] " input
case $input in
y)
kernel
;;
n)
echo "优化完成,程序退出"
exit
;;
esac
} # 修改文件数限制
function openfile () {
read -r -p "是否修改打开文件数的限制? [y/n] " input
case $input in
y)
echo -e "* soft nofile 1024000\n* hard nofile 1024000\nhive - nofile 1024000\nhive - nproc 1024000" >> /etc/security/limits.conf
openkernel
;;
n)
openkernel
;;
esac
} # 修改用户进程限制
function userlimits () {
read -r -p "是否加大普通用户限制? [y/n] " input
case $input in
y)
sed -i 's#4096#65535#g' /etc/security/limits.d/-nproc.conf
openfile
;;
n)
openfile
;;
esac
} # 修改主机名
function hostname () {
read -r -p "是否要修改主机名? [y/n]" input
case $input in
y)
read -r -p "请输入主机名:" hostname
hostnamectl set-hostname $hostname
userlimits
;;
n)
userlimits
;;
esac
} # 基础优化函数
function All () {
yum -y install epel-release
yum update
yum -y install net-tools tree lrzsz unzip telnet vim gcc cmake wget git ntpdate bash-completion
sed -i "/^SELINUX/s#enforcing#disabled#g" /etc/selinux/config
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo -e "*/1 * * * * ntpdate ntp1.aliyun.com" > /var/spool/cron/root
hostname
} echo "--------------------------------------------------------------------"
echo "本脚本可以根据需求选择要优化的选项-只是针对刚刚安装好的系统做优化,并且保证正常上网"
echo "--------------------------------------------------------------------"
echo "请选择你要使用的选项:"
echo "(0) 基本优化"
echo "(9) Exit"
echo "--------------------------------------------------------------------"
read -p "请输入选项编号>>>>:" input case $input in
)
echo "-----------执行基本优化---------------"
sleep
All;;
)
echo "-----------退出脚本---------------"
exit;;
esac
脚本二:
#!/bin/bash
#Cenetos6/7初始化脚本
# get os version
RELEASEVER=$(rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release))
# configure yum source
cd /etc/yum.repos.d/
mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
if [ $RELEASEVER == 6 ];then
curl http://mirrors.163.com/.help/CentOS6-Base-163.repo > qf.repo
fi
if [ $RELEASEVER == 7 ];then
curl http://mirrors.163.com/.help/CentOS7-Base-163.repo > qf.repo
fi
yum clean all
yum check-update
# install base rpm package
yum -y install epel-release
yum -y install nc vim iftop iotop dstat tcpdump
yum -y install ipmitool bind-libs bind-utils
yum -y install libselinux-python ntpdate
# update rpm package include kernel
yum -y update
rm -rf /etc/yum.repos.d/CentOS*
# update ulimit configure
if [ $RELEASEVER == 6 ];then
test -f /etc/security/limits.d/90-nproc.conf && rm -rf /etc/security/limits.d/90-nproc.conf && touch /etc/security/limits.d/90-nproc.conf
fi
if [ $RELEASEVER == 7 ];then
test -f /etc/security/limits.d/20-nproc.conf && rm -rf /etc/security/limits.d/20-nproc.conf && touch /etc/security/limits.d/20-nproc.conf
fi
> /etc/security/limits.conf
cat >> /etc/security/limits.conf <<EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF
# set timezone
test -f /etc/localtime && rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# set LANG
if [ $RELEASEVER == 6 ];then
sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/sysconfig/i18n
fi
if [ $RELEASEVER == 7 ];then
sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/locale.conf
fi
# update time
if [ $RELEASEVER == 6 ];then
/usr/sbin/ntpdate -b pool.ntp.org
grep -q ntpdate /var/spool/cron/root
if [ $? -ne 0 ]; then
echo '* * * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1' > /var/spool/cron/root;chmod 600 /var/spool/cron/root
fi
/etc/init.d/crond restart
fi
if [ $RELEASEVER == 7 ];then
yum -y install chrony
> /etc/chrony.conf
cat > /etc/chrony.conf << EOF
server pool.ntp.org iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
noclientlog
logchange 0.5
logdir /var/log/chrony
EOF
systemctl restart chronyd
systemctl enable chronyd
fi
# clean iptables default rules
if [ $RELEASEVER == 6 ];then
/sbin/iptables -F
service iptables save
chkconfig iptables off
fi
if [ $RELEASEVER == 7 ];then
systemctl disable firewalld
fi
# disable unused service
chkconfig auditd off
# disable ipv6
cd /etc/modprobe.d/ && touch ipv6.conf
> /etc/modprobe.d/ipv6.conf
cat >> /etc/modprobe.d/ipv6.conf << EOF
alias net-pf-10 off
alias ipv6 off
EOF
# disable iptable nat moudule
cd /etc/modprobe.d/ && touch connectiontracking.conf
> /etc/modprobe.d/connectiontracking.conf
cat >> /etc/modprobe.d/connectiontracking.conf <<EOF
install nf_nat /bin/true
install xt_state /bin/true
install iptable_nat /bin/true
install nf_conntrack /bin/true
install nf_defrag_ipv4 /bin/true
install nf_conntrack_ipv4 /bin/true
install nf_conntrack_ipv6 /bin/true
EOF
# disable SELINUX
setenforce 0
sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config
# update record command
sed -i 's/^HISTSIZE=.*$/HISTSIZE=100000/' /etc/profile
grep -q 'HISTTIMEFORMAT' /etc/profile
if [[ $? -eq 0 ]]; then
sed -i 's/^HISTTIMEFORMAT=.*$/HISTTIMEFORMAT="%F %T "/' /etc/profile
else
echo 'HISTTIMEFORMAT="%F %T "' >> /etc/profile
fi
# install dsnmasq and update configure //本地dns查询缓存
yum -y install dnsmasq
> /etc/dnsmasq.conf
cat >> /etc/dnsmasq.conf<< EOF
listen-address=127.0.0.1
no-dhcp-interface=lo
log-queries
log-facility=/var/log/dnsmasq.log
all-servers
no-negcache
cache-size=1024
dns-forward-max=512
EOF
if [ $RELEASEVER == 6 ];then
/etc/init.d/dnsmasq restart
fi
if [ $RELEASEVER == 7 ];then
systemctl restart dnsmasq
systemctl enable dnsmasq
fi
# update /etc/resolv.conf
> /etc/resolv.conf
cat >> /etc/resolv.conf<< EOF
options timeout:1
nameserver 127.0.0.1
nameserver 114.114.114.114
EOF
# update /etc/sysctl.conf
cat >> /etc/sysctl.conf<< EOF
net.ipv4.tcp_syncookies = 1
kernel.core_uses_pid=1
kernel.core_pattern=/tmp/core-%e-%p
fs.suid_dumpable=2
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=0
net.ipv4.tcp_timestamps=1
EOF
sysctl -p
#注:按标签查看rpm包信息
## rpm -q vsftpd
#vsftpd-3.0.2-21.el7.x86_64
##
## rpm -q --qf "%{NAME}" vsftpd
#vsftpd#
## rpm -q --qf "%{NAME}\n" vsftpd
#vsftpd
## rpm -q --qf "%{VERSION}\n" vsftpd
#3.0.2
## rpm -q --qf "%{RELEASE}\n" vsftpd
#21.el7
## rpm -q --qf "%{ARCH}\n" vsftpd
#x86_64
centos7 系统优化脚本的更多相关文章
- linux centos6 系统优化脚本-经典
转载一篇Ricky的系统优化脚本,这个脚本只能针对centos6x 其他还没有测试,但centos7肯定不行的 #!/bin/bash # ID 201510192126 # Author Ricky ...
- Centos7 启动脚本
Centos7 启动脚本 启动脚本.如果进程已存在,输出错误信息后退出: #! /bin/bash PIDS=`ps -ef | grep '/usr/bin/node ./index.js' | g ...
- CentOS7添加自定义脚本服务
一.CentOS7添加自定义脚本服务说明 在CentOS7下,已经不再使用chkconfig命令管理系统开机自启动服务和条件自定义脚本服务了,而是使用管理unit的方式来控制开机自启动服务和添加自定义 ...
- Centos 7系统优化脚本
脚本如下,后续继续优化 #!/bin/bash #author junxi by #this script is only for CentOS 7.x #check the OS platform= ...
- Centos7初始化脚本
今天分享一个自己写的一个初始化的小脚本. 编写初始化系统要考虑到系统的版本问题,现在用的比较多的就是centos6和centos7,所以首先要判断一下系统的版本. cat /etc/redhat-re ...
- centos7 初始化脚本
#!/bin/bash # 时间: 2018-11-21 # 作者: HuYuan # 描述: CentOS 7 初始化脚本 # 加载配置文件 if [ -n "${1}" ];t ...
- centos7 系统优化
#!/usr/bin/env bash #设置环境变量 export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/u ...
- centos7系统优化
优化说明: 一.关闭selinux 二.更改为阿里yum源 三.提权dm用户可以使用sudo 四.优化ssh远程登录配置 五.设置中文字符集 六.设置时间同步 七.历史记录数及登录超时环境变量设置 八 ...
- centos7初始化脚本(转)
#!/bin/bash # 描述: CentOS 初始化脚本 # 加载配置文件 if [ -n "${1}" ];then /bin/} fi # 可接受配置(shell 变量格式 ...
随机推荐
- css-改变input原始样式
1.改变input的提示字位置 input::-webkit-input-placeholder { /* placeholder颜色 */ color: #aab2bd; /* placeholde ...
- Git学习笔记--命令
git init--初始化Git仓库 git add <fils>--将文件添加到暂存区,可添加多个文件,空格隔开 git commit--提交到仓库 git status--查看工作区状 ...
- getRealPath()和getContextPath()的区别
转载自:http://sucre.iteye.com/blog/319178 在程序中常常要获取文件的路径,有的时候需要用到相对路径而有的时候就要用到绝对路径,一提到绝对路径大家一定想到了getRea ...
- xxxx征集系统项目目标文档
分组:每四人一组 主题:xxx征集系统 成果: 讨论结束后,每组提交一份课堂讨论记录(电子版发表到博客上,纸质版小组成员签名,下节课提交). 每人根据课堂讨论结果提交一份系统利益相关者描述案例.撰写项 ...
- advanceskeleton插件分身体和表情单独绑定的时候合并表情步骤
advanceskeleton插件分身体和表情单独绑定的时候合并表情使用的代码以及合并步骤 1.身体单独绑定 2.表情单独绑定 3.合并步骤 ①原有adv表情文件删掉除了curve组以外所有东西 删除 ...
- 使用kingshard遇到的坑
禁止用mysqldump 连接kingshard, 会导致表锁死 读取NULL值变为文本 通过kingshard连接 select出来的null值变为文本"NULL" kingsh ...
- Beginning Math and Physics For Game Programmers (Wendy Stahler 著)
Chapter 1. Points and Lines (已看) Chapter 2. Geometry Snippets (已看) Chapter 3. Trigonometry Snippets ...
- springboot 添加 jsp支持
idea 新建springboot项目 packageing:选择 war next 勾选web 添加jar包 <dependency> <groupId>org.apac ...
- linux下目录简介——/proc
1. /proc目录Linux 内核提供了一种通过 /proc 文件系统,在运行时访问内核内部数据结构.改变内核设置的机制.proc文件系统是一个伪文件系统,它只存在内存当中,而不占用外存空间.它以文 ...
- C#编程时应注意的性能处理
GC堆回收 那么除了通过new对象而达到代的阈(临界)值时,还有什么能够导致垃圾堆进行垃圾回收呢? 还可能windows报告内存不足.CLR卸载AppDomain.CLR关闭等其它特殊情况. 或者,我 ...