ThinkChat2.0新版上线,更智能更精彩,支持会话、画图、阅读、搜索等,送10W Token,即刻开启你的AI之旅 广告
~~~ #!/bin/bash #1,关闭selinux sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config grep SELINUX=disabled /etc/selinux/config setenforce 0 getenforce #2,关闭iptables /etc/init.d/iptables stop /etc/init.d/iptables stop chkconfig iptables off #3,精简开机自启动服务 chkconfig | egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash export LANG=en chkconfig --list | grep 3:on #4,提权oldboy可以sudo useradd oldboy echo "123456"|passwd --stdin oldboy \cp /etc/sudoers /etc/sudoers.bak echo "oldboy ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers tail -1 /etc/sudoers visudo -c #5,中文字符集 cp /etc/sysconfig/i18n /etc/sysconfig/i18n.ori #echo 'LANG="zh_CN.UTF-8"' >/etc/sysconfig/i18n echo 'LANG="en_US.UTF-8"' >/etc/sysconfig/i18n source /etc/sysconfig/i18n echo $LANG #6,时间同步 echo '#time sync by oldboy at 2017-11-26' >> /var/spool/cron/root echo '*/5 * * * * /usr/sbin/ntpupdate ntp1.aliyun.com '>/dev/null 2>&1 >>/var/spool/cron/root crontab -l #7,命令行安全 #echo 'export TMOUT=300' >>/etc/profile #echo 'export HISTSIZE=5' >>/etc/profile #echo 'export HISTFILESIZE=5' >>/etc/profile #tail -3 /etc/profile #. /etc/profile #8,加大文件描述 echo '* - nofile 65535' >>/etc/security/limits.conf tail -1 /etc/security/limits.conf #9,内核优化 cat >>/etc/sysctl.conf<<EOF net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 #以下参数是对iptables防火墙的优化,防火墙不开会提示,可以忽略不理。 net.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_max =25000000 net.netfilter.nf_conntrack_tcp_timeout_established= 180 net.netfilter.nf_conntrack_tcp_timeout_time_wait= 120 net.netfilter.nf_conntrack_tcp_timeout_close_wait= 60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait= 120 EOF #10,使用阿里云yum源 mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.bak mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.bak wget -O /etc/yum.repos.d/epel.repo http://mirrors.alyun.com/repo/epel-6-repo #11,命令行智能补全,自动提示 yum install bash-completion -y #12,修改提示符路径提示为全路径 sed -i -r 's#(.*PS1=\"\[\\u\@\\h \\)W(\]\\\\\$ \")#\1\w\2#g' /etc/bashrc ~~~ ~~~ #小结:如何优化linux: # #1、关闭SElinux #2、关闭防火墙,设定运行级别为3. #3、精简开机自启动服务 #4、SSH安全控制(提前建立普通用户) #5、sudo 管理用户授权 #6、调整文件描述符 #7、更改合适的字符集 #8、锁定关键系统文件 #9、禁止显示内核版本及系统版本信息 #10、设置会话的超时时间及历史记录数 #11、禁止PING #12、优化LINUX内核参数 #13、特定漏洞yum/rpm升级 #14、清除多余的系统虚拟账号 #15、服务器时间同步 #16、打补丁下载软件调整为国内的下载地址(调整yum源) #17、定时清理邮件服务临时目录垃圾文件 #18、为grub菜单加密码 ~~~