CentOS-6.X系统基本优化

关闭Selinux

[root@linux-node1 ~]# setenforce 0
[root@linux-node1 ~]# getenforce
Permissive
[root@linux-node1 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
[root@linux-node1 ~]# grep "SELINUX=disabled" -C 2 /etc/selinux/config
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux  is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,

关闭Iptables

[root@linux-node1 ~]# /etc/init.d/iptables stop
iptables: Setting chains to  ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                   [  OK  ]
iptables: Unloading modules:                         [  OK  ]
[root@linux-node1 ~]# chkconfig --level 3 iptables off
[root@linux-node1 ~]# chkconfig --list iptables
iptables        0:off   1:off   2:on    3:off   4:on    5:on    6:off

设置系统运行级别

[root@linux-node1 ~]# tail /etc/inittab
# Default runlevel. The runlevels used are:
#   0 - halt (Do NOT set initdefault to this)
#   1 - Single user mode
#   2 - Multiuser, without NFS (The same as 3, if you do not have networking)
#   3 - Full multiuser mode
#   4 - unused
#   5 - X11
#   6 - reboot (Do NOT set initdefault to this)
# 
id:3:initdefault:

设置系统主机名及解析

[root@linux-node1 ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=linux-node1
[root@linux-node1 ~]# hostname linux-node1
[root@linux-node1 ~]# echo "`ifconfig eth0|awk -F"[ :]+" 'NR==2{print $4}'`  `hostname`" >> /etc/hosts
[root@linux-node1 ~]# tail -1 /etc/hosts
192.168.56.11  linux-node1
[root@linux-node1 ~]# ping linux-node1
PING linux-node1 (192.168.56.11) 56(84) bytes of data.
64 bytes from linux-node1 (192.168.56.11): icmp_seq=1 ttl=64 time=0.596 ms
64 bytes from linux-node1 (192.168.56.11): icmp_seq=2 ttl=64 time=0.187 ms
64 bytes from linux-node1 (192.168.56.11): icmp_seq=3 ttl=64 time=0.188 ms
64 bytes from linux-node1 (192.168.56.11): icmp_seq=4 ttl=64 time=0.195 ms

精简开机自启动服务

• for

[root@linux-node1 ~]# for name in `chkconfig --list|grep "3:on"|awk '{print $1}'|egrep -v "crond|network|rsyslog|sshd|sysstat"`;do chkconfig $name off;done
[root@linux-node1 ~]# chkconfig --list|grep "3:on"
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off

• sed

[root@linux-node1 ~]# chkconfig --list|grep "3:on"|awk '{print $1}'|egrep -v "crond|network|rsyslog|sshd|sysstat"|sed -r 's#(.*)#chkconfig \1 off#g'|bash
[root@linux-node1 ~]# chkconfig --list|grep "3:on"
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off

• awk

[root@linux-node1 ~]# chkconfig --list|grep "3:on"|awk '{print $1}'|egrep -v "crond|network|rsyslog|sshd|sysstat"|awk '{print "chkconfig " $1 " off"}'|bash
[root@linux-node1 ~]# chkconfig --list|grep "3:on"
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off

SSH远程连接优化

[root@linux-node1 ~]# cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config_$(date +%F)
[root@linux-node1 ~]# vim /etc/ssh/sshd_config
13 Port 51898
15 ListenAddress 192.168.56.11
21 Protocol 2
122 UseDNS no
42 PermitRootLogin no
81 GSSAPIAuthentication no
[root@linux-node1 ~]# /etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]
[root@linux-node1 ~]# netstat -tnlup|grep "51898"|grep -v "grep"
tcp        0      192.168.56.11:51898                  0.0.0.0:*                   LISTEN      2413/sshd
[root@linux-node1 ~]# ps -ef|grep "sshd"|grep -v "grep"
root      1792     1  0 21:20 ?        00:00:01 sshd: root@pts/0
root      2413     1  0 23:16 ?        00:00:00 /usr/sbin/sshd
[root@linux-node1 ~]# lsof -i:51898
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd    1383 root    3r  IPv4  13166      0t0  TCP 192.168.56.11:ssh->192.168.56.1:65190 (ESTABLISHED)
sshd    3043 root    3u  IPv4  16606      0t0  TCP 192.168.56.11:ssh (LISTEN)

设置系统字符集

[root@linux-node1 ~]# export LANG=en
[root@linux-node1 ~]# echo $LANG
en
[root@linux-node1 ~]# sed -i 's#LANG="en_US.UTF-8"#LANG="zh_CN.UTF-8"#g' /etc/sysconfig/i18n
[root@linux-node1 ~]# cat /etc/sysconfig/i18n
LANG="zh_CN.UTF-8"
SYSFONT="latarcyrheb-sun16"
[root@linux-node1 ~]# source /etc/sysconfig/i18n
[root@linux-node1 ~]# echo $LANG
zh_CN.UTF-8

同步网络时间服务器

[root@linux-node1 ~]# ntpdate 0.pool.ntp.org
30 Aug 15:38:17 ntpdate[2517]: adjust time server 120.25.108.11 offset -0.000251 sec
[root@linux-node1 ~]# hwclock
Tue 30 Aug 2016 11:38:21 PM CST  -0.320182 seconds
[root@linux-node1 ~]# crontab -e
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
[root@linux-node1 ~]# crontab -l
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null

设置系统历史命令记录数及登录超时

[root@linux-node1 ~]# export HISTSIZE=100
[root@linux-node1 ~]# export HISTFILESIZE=100
[root@linux-node1 ~]# export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "
[root@linux-node1 ~]# export TMOUT=300
[root@linux-node1 ~]# echo $HISTSIZE
100
[root@linux-node1 ~]# echo $HISTFILESIZE
100
[root@linux-node1 ~]# echo $HISTTIMEFORMAT
%Y-%m-%d %H:%M:%S 
[root@linux-node1 ~]# echo $TMOUT
300
[root@linux-node1 ~]# vim /etc/profile
HISTSIZE=100
export HISTFILESIZE=100
export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "
export TMOUT=300
[root@linux-node1 ~]# source /etc/profile

设置系统文件描述符数

[root@linux-node1 ~]# ulimit -n
1024
[root@linux-node1 ~]# ulimit -SHn 65535
[root@linux-node1 ~]# ulimit -n
65535
[root@linux-node1 ~]# echo "*               -       nofile          65535" >> /etc/security/limits.conf
[root@linux-node1 ~]# tail -1 /etc/security/limits.conf
*               -       nofile          65535

设置系统别名

[root@linux-node1 ~]# alias grep='grep --color=auto'
[root@linux-node1 ~]# alias egrep='egrep --color=auto'
[root@linux-node1 ~]# alias ll='ls -l --color=auto --time-style=long-iso'
[root@linux-node1 ~]# alias vi='vim'
[root@linux-node1 ~]# cat >> /etc/bashrc<

更新国内yum源

• aliyun

[root@linux-node1 ~]# cp -a /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_$(date +%F)
[root@linux-node1 ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
--2016-08-30 15:54:20--  http://mirrors.aliyun.com/repo/Centos-6.repo
Resolving mirrors.aliyun.com... 115.28.122.210, 112.124.140.210
Connecting to mirrors.aliyun.com|115.28.122.210|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2572 (2.5K) [application/octet-stream]
Saving to: “/etc/yum.repos.d/CentOS-Base.repo”

100%[===================================================================================================================>] 2,572      --.-K/s   in 0s

2016-08-30 15:54:20 (178 MB/s) - "/etc/yum.repos.d/CentOS-Base.repo" saved [2572/2572]
[root@linux-node1 ~]# yum makecache

• epel

[root@linux-node1 ~]# cp -a /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_$(date +%F)
[root@linux-node1 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
--2017-04-17 10:14:16--  http://mirrors.aliyun.com/repo/epel-6.repo
Resolving mirrors.aliyun.com... 112.124.140.210, 115.28.122.210
Connecting to mirrors.aliyun.com|112.124.140.210|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1083 (1.1K) [application/octet-stream]
Saving to: “/etc/yum.repos.d/epel.repo”

100%[=====================================================================>] 1,083       --.-K/s   in 0s

2017-04-17 10:14:17 (5.47 MB/s) - “/etc/yum.repos.d/epel.repo” saved [1083/1083]
[root@linux-node1 ~]# yum makecache

隐藏系统版本信息及设置登录提示语

[root@linux-node1 ~]# > /etc/issue
[root@linux-node1 ~]# > /etc/issue.net
[root@linux-node1 ~]# cat >> /etc/motd<

调整系统内核参数

[root@linux-node1 ~]# cat >> /etc/sysctl.conf<

设置grub菜单密码

[root@linux-node1 ~]# grub-md5-crypt
Password:
Retype password:
$1$hz0Px$imRsIcA766L/8uRRwykMW0
[root@linux-node1 ~]# cp -a /boot/grub/grub.conf /boot/grub/grub.conf_$(date +%F)
[root@linux-node1 ~]# vim /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/sda3
#          initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$hz0Px$imRsIcA766L/8uRRwykMW0
title CentOS 6 (2.6.32-504.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-504.el6.x86_64 ro root=UUID=b26e3928-3456-4d4c-8e0f-142833566be5 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /initramfs-2.6.32-504.el6.x86_64.img