CentOS系统生产系统优化脚本
时间:2017-02-14 01:47 来源:linux.it.net.cn 作者:IT
#!/bin/bash
#add the epel repo and rpmforge repo
cd /root/
wget https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
wget http://repository.it4i.cz/mirrors/repoforge/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
rpm -ivh epel-release-7-9.noarch.rpm
rpm -ivh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
#remove *.rpm packages
sleep 20
cd /root/
rm -rf epel-release-7-9.noarch.rpm rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
#yum install sysstat
yum install -y gcc gcc-c++ vim unzip zip
yum install -y iostat sysstat
#set the ntp
yum install -y ntp
echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz >> /dev/null 2>&1" >> /etc/crontab ntpdate ntp.api.bz
service crond restart
#set the file limit
ulimit -SHn 65535
echo "ulimit -SHn 65535" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 60000
* hard nofile 65535
EOF
#tune kernel parametres
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_local_port_range = 1024 65535
EOF
/sbin/sysctl -p
#set the control -alt-delete to guard against the misuse
sed -i 's@ ca::ctrlaltdel:/sbin/shutdown -t3 -r now@ #ca::ctrlaltdel:/sbin/shutdown -t3 -r now@' /etc/inittab
#disable selinux
sed -i 's@ SELINUX=enforcing@ SELINUX=disabled@' /etc/selinux/config
#ssh setting
sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' /etc/ssh/sshd_config
sed -i 's@ #UseDNS yes@ UseDNS no@' /etc/ssh/sshd_config
service sshd restart
#disable ipv6
echo "alias net -pf -10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
echo "install ipv6 /bin/true" >> /etc/modprobe.conf
echo "IPV6INIT=no" >> /etc/sysconfig/network
sed -i 's@ NETWORKING_IPV6=yes@ NETWORKING_IPV6=no@' /etc/sysconfig/network
chkconfig ip6tables off
#vim setting
echo "syntax on" >> /root/.vimrc
echo "set nohlsearch" >> /root/.vimrc
echo "set num" >> /root/.vimrc
#chkconfig off services
chkconfig bluetooth off
chkconfig sendmail off
chkconfig kudzu off
chkconfig nfslock off
chkconfig portmap off
chkconfig iptables off
chkconfig autofs off
chkconfig yum-updatesd off
#reboot system
reboot
(责任编辑:IT)
| #!/bin/bash #add the epel repo and rpmforge repo cd /root/ wget https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm wget http://repository.it4i.cz/mirrors/repoforge/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm rpm -ivh epel-release-7-9.noarch.rpm rpm -ivh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm #remove *.rpm packages sleep 20 cd /root/ rm -rf epel-release-7-9.noarch.rpm rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm #yum install sysstat yum install -y gcc gcc-c++ vim unzip zip yum install -y iostat sysstat #set the ntp yum install -y ntp echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz >> /dev/null 2>&1" >> /etc/crontab ntpdate ntp.api.bz service crond restart #set the file limit ulimit -SHn 65535 echo "ulimit -SHn 65535" >> /etc/rc.local cat >> /etc/security/limits.conf << EOF * soft nofile 60000 * hard nofile 65535 EOF #tune kernel parametres cat >> /etc/sysctl.conf << EOF net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.tcp_local_port_range = 1024 65535 EOF /sbin/sysctl -p #set the control -alt-delete to guard against the misuse sed -i 's@ ca::ctrlaltdel:/sbin/shutdown -t3 -r now@ #ca::ctrlaltdel:/sbin/shutdown -t3 -r now@' /etc/inittab #disable selinux sed -i 's@ SELINUX=enforcing@ SELINUX=disabled@' /etc/selinux/config #ssh setting sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' /etc/ssh/sshd_config sed -i 's@ #UseDNS yes@ UseDNS no@' /etc/ssh/sshd_config service sshd restart #disable ipv6 echo "alias net -pf -10 off" >> /etc/modprobe.conf echo "alias ipv6 off" >> /etc/modprobe.conf echo "install ipv6 /bin/true" >> /etc/modprobe.conf echo "IPV6INIT=no" >> /etc/sysconfig/network sed -i 's@ NETWORKING_IPV6=yes@ NETWORKING_IPV6=no@' /etc/sysconfig/network chkconfig ip6tables off #vim setting echo "syntax on" >> /root/.vimrc echo "set nohlsearch" >> /root/.vimrc echo "set num" >> /root/.vimrc #chkconfig off services chkconfig bluetooth off chkconfig sendmail off chkconfig kudzu off chkconfig nfslock off chkconfig portmap off chkconfig iptables off chkconfig autofs off chkconfig yum-updatesd off #reboot system reboot (责任编辑:IT) |