一名liunx运维工程师常备技能就是系统优化咯,下面针对linux系统基本命令和优化做以归档和总结,有不足之处,望大家补充指正。
注:以下命令针对linux7及更高版本
优化1:尽量不要使用root用户,新建一个普通用户使用sudo命令赋予权限,这样新用户权限等同于root用户,操作如下:
① 添加新用户并设置密码
[root@jzyue ~]# useradd zhangsan
[root@jzyue ~]# id zhangsan
uid=1000(zhangsan) gid=1000(zhangsan) groups=1000(zhangsan)
[root@jzyue ~]# echo 123456|passwd --stdin zhangsan
Changing password for user zhangsan.
passwd: all authentication tokens updated successfully
② 备份并赋予权限
[root@jzyue ~]# \cp /etc/sudoers{,.bak} #\cp代表不询问,创建以.bak结尾的备份
[root@jzyue ~]# echo "zhangsan ALL=(ALL)NOPASSWD:ALL">>/etc/sudoers #新用户添加管理员权限
[root@jzyue ~]# tail -1 /etc/sudoers #检查是否添加成功
zhangsan ALL=(ALL)NOPASSWD:ALL
[root@jzyue ~]# visudo –c #生效配置
/etc/sudoers: parsed OK
优化2:更改SSH远程连接端口
① 修改配置文件/etc/ssh/sshd_config
[root@jzyue ~]# vim /etc/ssh/sshd_config
Port 3127 #默认端口为22(端口范围0-65535)
PermitRootLogin yes #root用户远程连接
ListenAddress 0.0.0.0 #监听内网IP地址
② 重启生效、查看端口状态
[root@jzyue ~]# systemctl restart sshd.service #重新启动ssh服务
[root@jzyue ~]# systemctl enable sshd.service #设置开机启动
[root@jzyue ~]# netstat -lntup|grep sshd #查看端口状态
tcp 0 0 0.0.0.0:3127 0.0.0.0:* LISTEN 1880/sshd
tcp6 0 0 :::3127 :::* LISTEN 1880/sshd
优化3:初学者建议关闭selinux和防火墙
关闭selinux
[root@jzyue ~]# vim /etc/selinux/config
SELINUX=disabled #永久关闭
[root@jzyue ~]# setenforce 0 #关闭selinux防火墙
setenforce: SELinux is disabled
[root@jzyue ~]# getenforce
Disabled
关闭防火墙
[root@jzyue ~]# systemctl stop firewalld #关闭防火墙
[root@jzyue ~]# systemctl disable firewalld #永久关闭防火墙
优化4:优化linux内核参数
[root@jzyue ~]# cat >>/etc/sysctl.conf< net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 EOF [root@jzyue ~]# sysctl –p #从指定的文件加载系统参数 net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 查看字符集 [root@yue200 ~]# echo $LANG en_US.UTF-8 修改字符集,重新登录后失效 [root@yue200 ~]# export LANG=zh_CN.UTF-8 永久修改字符集 [root@yue200 ~]# cat /etc/locale.conf LANG="en_US.UTF-8" 修改后生效命令 [root@yue200 ~]# source /etc/locale.conf 以上为linux基础优化,欢迎大家提出宝贵的建议。
优化5:配置字符集