我把優化centos7的腳本分享給大家,建議剛安裝完服務器的朋友執行如下優化腳本
[root@test2 yum.repos.d]# cat centos7.sh
#!/bin/bash
#author junxi by
#this script is only for CentOS 7.x
#check the OS
platform=`uname -i`
if[$platform!="x86_64"];then
echo"this script is only for 64bit Operating System !"
exit 1
fi
echo"the platform is ok"
cat<<EOF
+---------------------------------------+
| your system is CentOS 7 x86_64 |
| start optimizing....... |
+---------------------------------------+
EOF
#添加公網DNS地址cat>>/etc/resolv.conf<<EOF
nameserver 223.6.6.6
EOF
#Yum源更換為國內阿里源
yuminstallwget-y
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#添加阿里的epel源
#add the epel
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
#yum重新建立快取
yum clean allyum makecache#同步時間
yum -yinstallntp
/usr/sbin/ntpdate ntp1.aliyun.comecho"* 4 * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1">>/var/spool/cron/root
systemctl restart crond.service #設定主機名
hostnamectl set-hostname qiuyuetao #設定字符集
#設定最大打開檔案描述符數
echo"ulimit -SHn 102400">>/etc/rc.local
cat>>/etc/security/limits.conf<<EOF
* soft nofile 655350
* hard nofile 655350
EOF
#禁用selinux
sed-i's/SELINUX=enforcing/SELINUX=disabled/'/etc/selinux/config
setenforce 0 #關閉防火墻
systemctl disable firewalld.service systemctl stop firewalld.service #set ssh
sed-i's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/'/etc/ssh/sshd_config
sed-i's/#UseDNS yes/UseDNS no/'/etc/ssh/sshd_config
systemctl restart sshd.service #內核引數優化
cat>>/etc/sysctl.conf<<EOF
#CTCDN系統優化引數
#關閉ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
#決定檢查過期多久鄰居條目
net.ipv4.neigh.default.gc_stale_time=120
#使用arp_announce / arp_ignore解決ARP映射問題
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
# 避免放大攻擊
net.ipv4.icmp_echo_ignore_broadcasts = 1
# 開啟惡意icmp錯誤訊息保護
net.ipv4.icmp_ignore_bogus_error_responses = 1
#關閉路由轉發
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
#開啟反向路徑過濾
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
#處理無源路由的包
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
#關閉sysrq功能
kernel.sysrq = 0
#core檔案名中添加pid作為擴展名
kernel.core_uses_pid = 1
# 開啟SYN洪水攻擊保護
net.ipv4.tcp_syncookies = 1
#修改訊息佇列長度
kernel.msgmnb = 65536
kernel.msgmax = 65536
#設定最大記憶體共享段大小bytes
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
#timewait的數量,默認180000
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
#每個網路介面接收資料包的速率比內核處理這些包的速率快時,允許送到佇列的資料包的最大數目
net.core.netdev_max_backlog = 262144
#限制僅僅是為了防止簡單的DoS 攻擊
net.ipv4.tcp_max_orphans = 3276800
#未收到客戶端確認資訊的連接請求的最大值
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
#內核放棄建立連接之前發送SYNACK 包的數量
net.ipv4.tcp_synack_retries = 1
#內核放棄建立連接之前發送SYN 包的數量
net.ipv4.tcp_syn_retries = 1
#啟用timewait 快速回收
net.ipv4.tcp_tw_recycle = 0
#開啟重用,允許將TIME-WAIT sockets 重新用于新的TCP 連接
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
#當keepalive 起用的時候,TCP 發送keepalive 訊息的頻度,預設是2 小時
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
#允許系統打開的埠范圍
net.ipv4.ip_local_port_range = 1024 65000
#修改防火墻表大小,默認65536
net.netfilter.nf_conntrack_max=655350
net.netfilter.nf_conntrack_tcp_timeout_established=1200
# 確保無人能修改路由表
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
EOF
/sbin/sysctl -p #vim定義退格鍵可洗掉最后一個字符型別
echo'alias vi=vim'>>/etc/profile
echo'stty erase ^H'>>/etc/profile
echo'curl ip.6655.com/ip.aspx&&echo'>>/etc/profile
cat>>/root/.vimrc<<EOF
set tabstop=4
set shiftwidth=4
set expandtab
syntax on
"set number
EOF
#update soft
yum -y update cat<<EOF
+------------------------------------------------+
| 優 化 已 完 成 |
| 5s 后 重啟 這臺服務器 ! |
+------------------------------------------------+
EOF
sleep 5
reboot ##重啟加載內核修改
腳本中并未提及內核升級,如果您需要升級到4.10 ,請執行命令
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.orgrpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpmyum --enablerepo=elrepo-kernelinstallkernel-ml -y&&
sed-i s/saved/0/g /etc/default/grub&&
grub2-mkconfig -o /boot/grub2/grub.cfg&&reboot
#不重啟不生效!
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/148072.html
標籤:Linux
上一篇:Linux常用命令
下一篇:初學Manjaro