# centos7常用优化配置 ## ssh优化 修改服务端配置文件 /etc/ssh/sshd\_config取消主机名与ip地址解析检查 ~~~ sed -i 's/^#UseDNS.*$/UseDNS no/g' /etc/ssh/sshd_config sed -i 's/^GSSAPIAuthentication.*$/GSSAPIAuthentication no/g' /etc/ssh/sshd_config ~~~ 修改客户端配置文件(执行ssh命令的机器) /etc/ssh/ssh\_config ~~~ echo ' StrictHostKeyChecking no' >> /etc/ssh/ssh_config echo ' UserKnownHostsFile /dev/null' >> /etc/ssh/ssh_config ~~~ 关闭防火墙 ~~~ systemctl stop firewalld && systemctl disable firewalld iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat ~~~ 关闭 SELinux ~~~ setenforce 0 sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config ~~~ 关闭swap ~~~ swapoff -a sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab ~~~ ## 内核参数优化 vi /etc/sysctl.conf ~~~ net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 net.ipv4.tcp_tw_recycle=0 vm.swappiness=0 # 禁止使用 swap 空间，只有当系统 OOM 时才允许使用它 vm.overcommit_memory=1 # 不检查物理内存是否够用 vm.panic_on_oom=0 # 开启 OOM vm.max_map_count=2048000 fs.inotify.max_user_instances=8192 fs.inotify.max_user_watches=1048576 fs.file-max=52706963 fs.nr_open=52706963 net.ipv6.conf.all.disable_ipv6=1 net.netfilter.nf_conntrack_max=2310720 ~~~ vim /etc/security/limits.conf ~~~ * soft nofile 1024000 * hard nofile 1024000 * soft nproc unlimited * hard nproc unlimited * soft core unlimited * hard core unlimited * soft memlock unlimited * hard memlock unlimited ~~~ vim /etc/systemd/system.conf 适用于systemd服务 ~~~ DefaultLimitNOFILE=100000 DefaultLimitNPROC=65535 ~~~ 安装必备软件 ~~~ yum install -y epel-release sshpass git gcc yum install -y socat conntrack-tools nfs-utils ~~~