> CentOS > CentOS运维 >

CentOS系统生产系统优化脚本

#!/bin/bash

#add the epel repo and rpmforge repo
cd /root/
wget https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
wget http://repository.it4i.cz/mirrors/repoforge/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm

rpm -ivh epel-release-7-9.noarch.rpm
rpm -ivh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm

#remove *.rpm packages
sleep 20
cd /root/
rm -rf epel-release-7-9.noarch.rpm rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm

#yum install sysstat
yum install -y gcc gcc-c++ vim unzip zip
yum install -y iostat sysstat


#set the ntp
yum install -y ntp
echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz >> /dev/null 2>&1" >> /etc/crontab ntpdate ntp.api.bz
service crond restart

#set the file limit
ulimit -SHn 65535
echo "ulimit -SHn 65535" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
*    soft nofile    60000
*    hard nofile    65535
EOF

#tune kernel parametres
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_local_port_range = 1024 65535
EOF
/sbin/sysctl -p

#set the control -alt-delete to guard against the misuse
sed -i 's@ ca::ctrlaltdel:/sbin/shutdown -t3 -r now@ #ca::ctrlaltdel:/sbin/shutdown -t3 -r now@' /etc/inittab

#disable selinux
sed -i 's@ SELINUX=enforcing@ SELINUX=disabled@' /etc/selinux/config

#ssh setting
sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' /etc/ssh/sshd_config
sed -i 's@ #UseDNS yes@ UseDNS no@' /etc/ssh/sshd_config
service sshd restart


#disable ipv6
echo "alias net -pf -10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
echo "install ipv6 /bin/true" >> /etc/modprobe.conf
echo "IPV6INIT=no" >> /etc/sysconfig/network
sed -i 's@ NETWORKING_IPV6=yes@ NETWORKING_IPV6=no@' /etc/sysconfig/network
chkconfig ip6tables off



#vim setting
echo "syntax on" >> /root/.vimrc
echo "set nohlsearch" >> /root/.vimrc
echo "set num" >> /root/.vimrc


#chkconfig off services
chkconfig bluetooth off
chkconfig sendmail off
chkconfig kudzu off
chkconfig nfslock off
chkconfig portmap off
chkconfig iptables off
chkconfig autofs off
chkconfig yum-updatesd off

#reboot system
reboot

(责任编辑:IT)