You are here
CentOS6安装后的常见基础优化 有大用
星期日, 2019-06-30 03:10 — adminshiping1
CentOS6安装后的常见基础优化
1.SSH优化
| 12345678910 | 编辑/etc/ssh/sshd_config配置文件 //全部都应该设置为no/etc/ssh/sshd_config //服务端配置文件/etc/ssh/ssh_config //客户端配置文件Port 52113 //修改端口52113UseDNS no //修改为No会反向查询客户端主机名,进行验证,防止客户端欺骗PermitRootlogin no //禁止root登录PermitEmpasswords no //禁止使用空密码(默认为空)ListenAddress 192.168.1.x //只运行服务器上的内网地址来进行远程连接,外网地址直接拒绝,可以用Vpn做跳,可以不做设置GSSAPIAuthentication no //解决Linux之间使用ssh连接慢的问题板进入局域网,通过这样来访问,更加的安全 |
sed进行修改
| 12345 | [root@7mini ~]# sed -ir '12 iPort 52113\nUseDNS no\nPermitRootlogin no\nGSSAPIAuthentication no' /etc/ssh/sshd_config [root@7mini ~]# /etc/init.d/sshd restart //重启生效Stopping sshd: [ OK ]Starting sshd: [ OK ] |
2.调整中文中文乱码
| 12345678910111213 | 中文字符集调整,调整服务器端字符集, Xshell客户端连接工具也需要调整为UTF-8[root@ student ~]# cat /etc/sysconfig/i18n //调整为zh注意大小写LANG="zh_CN.UTF-8"SYSFONT="latarcyrheb-sun16"[root@oldboy ~]# source /etc/sysconfig/i18n //source配置文件生效[root@oldboy ~]# echo $LANGzh_CN.UTF-8 英文字符集调整export LANG=en_US.UTF-8 //临时生效sed或者 vim修改配置文件 “/etc/sysconfig/i18n” 更改 LANG="en_US.UTF-8"> /etc/sysconfig/i18n && echo "LANG=en_US.UTF-8"> /etc/sysconfig/i18n && source /etc/sysconfig/i18n |
3.时间同步
| 123456789101112131415 | ntpdate ntp1.aliyun.comcp /etc/chrony.conf{,.bak} vim /etc/chrony.confserver ntp6.aliyun.com iburst systemctl start chronydsystemctl enable chronyd #开机启动systemctl restart chronydchronyc sources #查看同步源[root@7mini-node2 ~]# chronyc sources210 Number of sources = 1MS Name/IP address Stratum Poll Reach LastRx Last sample===============================================================================^* 203.107.6.88 2 6 17 31 +653us[+1965us] +/- 32ms<br><br>2)或者通过计划任务进行同步 |
| 12345 | [root@linux-node1 ~]# crontab -eno crontab for root - using an empty onecrontab: installing new crontab[root@linux-node1 ~]# crontab -l*/5 * * * * /usr/sbin/ntpdate time1.aliyun.com > /dev/null |
4优化历史记录
| 123456789101112131415161718192021222324252627282930 | history 查看历史记录 默认100条,防止黑客进入服务器,查看到机密信息参数: -c:清空历史记录 -d:指定删除一行export HISTSIZE=5 [root@student ~]# export HISTSIZE=5 命令行只看见5条信息(控制终端)[root@student ~]# history 查看是否只存留5条 730 history 731 ls 732 history 733 export HISTSIZE=5 734 history[root@student ~]# echo 'export HISTSIZE=5' >>/etc/profile 写入全局配置文件,永久生效控制终端只有5条信息[root@student ~]#source /etc/profile 立即生效 [root@student ~]# export HISTFILESIZE=5 ~/.bash_historty(控制用户家目录下的记录)[root@student ~]# cat ~/.bash_historyTestWelcome to xuliangwei LinuxEOFExit[root@student ~]# echo 'export HISTFILESIZE=5' >>/etc/profile 写入全局配置文件,永久生效。当前用户家目录下~/.bash_history[root@student ~]#source /etc/profile 立即生效 [root@student ~]# history -c 清空历史记录终端[root@student ~]# history 734 historyexport HISTTIMEFORMAT="%F %T `whoami`" 记录历史命令执行时间以及是谁执行(生产必加) |
5 加大文件描述符
| 123456 | 启动进程使用它来表示打开的文件。每个进程启动都会占用文件描述符,如果过文件描述符不够,会导致进程失败ulinit -n 查看默认文件描述符参数: -S:软 -H:硬[root@student ~]# ulimit -SHn 65535 //临时生效调整文件描述符[root@student ~]# echo "* - nofile 65535" >>/etc/security/limits.conf//永久生效调整文件描述符(退出终端可生效) |
6.调整yum源
| 12 | [root@student ~]# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup //备份yum源[root@student ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo //CentOS 6源 |
7. 下载必要的软件包
| 1 | yum install -y vim wget openssl openssl-devel openssl pcre pcre-devel telnet setuptool ntsysv git python-urllib3 sqlite sqlite-devel bzip2 bzip2-devel gcc gcc-c++ cmake lsof sysstat bind-utils ntp iftop iotop tree screen iftop ntpdate |
8 关闭SElinux防火墙
| 123456789 | 修改/etc/selinux/config--> SELINUX=enforcing修改为SELINUX=disabledsed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 使用sed替换关闭selinuxgetenforce 查看selinux当前环境setenforce 临时关闭 1.开启 0.关闭 permissive[root@localhost ~]# /etc/init.d/iptables stopiptables:将链设置为政策 ACCEPT:filter [确定]iptables:清除防火墙规则: [确定]iptables:正在卸载模块: [确定][root@localhost ~]# chkconfig iptables off |
9 修改系统的主机名称
| 123456 | vi /etc/sysconfig/network HOSTNAME=localhost.localdomain #修改localhost.localdomain为6minivi /etc/hosts 127.0.0.1 localhost.localdomain #修改localhost.localdomain为6mini |
9.内核优化参数
| 1234567891011121314151617181920212223242526272829 | net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_synack_retries = 1net.ipv4.tcp_keepalive_time = 600net.ipv4.tcp_keepalive_probes = 3net.ipv4.tcp_keepalive_intvl =15net.ipv4.tcp_retries2 = 5net.ipv4.tcp_fin_timeout = 2net.ipv4.tcp_max_tw_buckets = 36000net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_max_orphans = 32768net.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.tcp_wmem = 8192 131072 16777216net.ipv4.tcp_rmem = 32768 131072 16777216net.ipv4.tcp_mem = 786432 1048576 1572864net.ipv4.ip_local_port_range = 1024 65000net.ipv4.ip_conntrack_max = 65536net.ipv4.netfilter.ip_conntrack_max=65536net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180net.core.somaxconn = 16384net.core.netdev_max_backlog = 16384如下内容,如果不开启iptables防火墙,会报错#net.bridge.bridge-nf-call-ip6tables = 0#net.bridge.bridge-nf-call-iptables = 0#net.bridge.bridge-nf-call-arptables = 0#net.ipv4.ip_conntrack_max = 65536#net.ipv4.netfilter.ip_conntrack_max=65536#net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180 |
10.锁定系统关键文件
| 1234567891011121314 | [root@student ~]# chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab 锁定文件系统[root@student ~]# lsattr /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab 查看锁定文件----i--------e- /etc/passwd----i--------e- /etc/shadow----i--------e- /etc/group----i--------e- /etc/gshadow----i--------e- /etc/inittab[root@student ~]# chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab 解除锁定 [root@student ~]# lsattr /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab 再次查看-------------e- /etc/passwd-------------e- /etc/shadow-------------e- /etc/group-------------e- /etc/gshadow-------------e- /etc/inittab |
11.隐藏版本号
| 12345 | [root@student ~]# >/etc/issue 清空版本信息[root@student ~]# >/etc/issue = cat > /dev/null /etc/issue[root@student ~]# cat >> /etc/motd << EOF 编辑/etc/motd (设置登录提示信息)> Welcome to xuliangwei Linux> EOF |
来自 https://www.cnblogs.com/jimmy-xuli/p/9051181.html
普通分类: