一.Centos7系统优化
1.安装快速repo源并升级系统
cd /etc/yum.repos.d/ /bin/mv CentOS-Base.repo CentOS-Base.repo.bak wget http://mirrors.163.com/.help/CentOS7-Base-163.repo yum clean all yum makecache yum upgrade -y
2.安装eple源和必要的软件
yum install epel-release yum install lrzsz ntpdate sysstat lsof wget tree vim zip unzip iftop net-tools -y
3.设置时区
cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime -y
4.设置时间同步
echo '#sync time' >>/var/spool/cron/root echo '*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2 >&1' >>/var/spool/cron/root systemctl reload crond #可以用的时间服务器 */5 * * * * /usr/sbin/ntpdate asia.pool.ntp.org >/dev/null 2 >&1
5.关闭不需要的服务
#关闭邮件服务 systemctl stop postfix.service systemctl disable postfix.service #关闭firewalld systemctl stop firewalld.service systemctl disable firewalld.service
6关闭SElinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config reboot
7.配置dns
cat >/etc/resolv.conf<<EOF nameserver 114.114.114.114 nameserver 8.8.8.8 EOF
8.设置系统和内核能打开的最大文件句柄数
cat >>/etc/security/limits.conf<<EOF * soft nofile 51200 * hard nofile 51200 EOF cat >>/etc/sysctl.conf<<EOF net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 300 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.ip_local_port_range = 5000 65000 fs.file-max=51200 EOF sysctl -p
9.修改ssh的默认端口
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.save sed -i 's%#Port 22%Port 1122%' /etc/ssh/sshd_config systemctl restart sshd
10.安装并设置IPtables
yum install iptables-services iptables -F iptables -X iptables -Z iptables -F -t nat iptables -X -t nat iptables -Z -t nat iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 1122 -j ACCEPT service iptables save systemctl enable iptables
11.开启tcp_fastopen
echo 3 > /proc/sys/net/ipv4/tcp_fastopen echo "net.ipv4.tcp_fastopen = 3" >>/etc/sysctl.conf sysctl -p