标签：CentOS tcp echo etc Optimization ipv4 conf net Minimal

检查系统版本

if grep -iq '6\.[0-9].*' /etc/redhat-release ; then
    export OSVersion=6
elif grep -iq '7\.[0-9].*' /etc/redhat-release ; then
    export OSVersion=7
fi

移除系统软件

local RPMList="mysql nginx apache"
for rpm in $RPMList; do
    yum -y remove $rpm
done

安装软件包

localRPM="/tmp/localRPM.list"
rpm -qa|egrep -v 'vim-' > $localRPM
if [ $OSVersion -eq 6 ]; then
RPMList="openssh-clients crontabs ntpdate vim wget curl rsync tmpwatch tree telnet nc nmap iftop iotop expect unzip setuptool system-config-network-tui htop lrzsz"
    elif [ $OSVersion -eq 7 ]; then
        RPMList="openssh-clients crontabs vim wget ntpdate curl rsync tmpwatch tree telnet nc nmap iftop iotop expect unzip setuptool htop lrzsz net-tools bash-completion lsof dos2unix telnet psmisc perl-Data-Dumper"
    fi
    for rpm in $RPMList; do
        grep -q "^$rpm-" $localRPM && continue
        yum -y --disablerepo="*" --enablerepo="LocalYumRepo" install $rpm >/dev/null 2>&1;
        if [ $? -eq 0 ];then
            echo "Install $rpm OK"
        else
            echo "Install $rpm False"
            exit 2
        fi;
    done

设定shell配置

# Bash Shell
sed -i '/HISTTIMEFORMAT=/d' /etc/bashrc
sed -i '/HISTFILESIZE=/d' /etc/bashrc
sed -i '/HISTSIZE=/d' /etc/bashrc

echo -e "\nshopt -s histappend" >> /etc/bashrc
echo "export HISTFILESIZE=100000" >> /etc/bashrc
echo "export HISTSIZE=1000" >> /etc/bashrc
echo "export HISTTIMEFORMAT=\"%F %T \"" >> /etc/bashrc

关闭Selinux

if [ -s /etc/selinux/config ]; then
    sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
    setenforce 0
fi

关闭IPv6

echo "NETWORKING_IPV6=off" >>/etc/sysconfig/network
if [ $OSVersion -eq 6 ]; then
    sed -i '/NETWORKING_IPV6/d' /etc/sysconfig/network
    echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network
    if grep -q 'ipv6.disable' /boot/grub/grub.conf; then
        sed -i 's/ipv6.disable=[0-9]/ipv6.disable=1/g' /boot/grub/grub.conf
    else
        sed -i 's/\(kernel.*ro \)/\1ipv6.disable=1 /g' /boot/grub/grub.conf
    fi
elif [ $OSVersion -eq 7 ]; then
    if grep -q 'ipv6.disable' /etc/default/grub; then
        sed -i 's/ipv6.disable=[0-9]/ipv6.disable=1/g' /etc/default/grub
    else
        sed -i '/GRUB_CMDLINE_LINUX/ s/="/="ipv6.disable=1 /' /etc/default/grub
    fi
    grub2-mkconfig -o /boot/grub2/grub.cfg
fi

关闭Firewall

iptables -Z
iptables -X
iptables -F
if [ $OSVersion -eq 6 ]; then
    /etc/init.d/iptables save
    /etc/init.d/iptables stop
elif [ $OSVersion -eq 7 ]; then
    DisableService="$(systemctl list-unit-files --type=service|grep enabled|egrep -v "acpid.service|autovt@.service|crond.service|dbus-org.freedesktop.nm-dispatcher.service|getty@.service|irqbalance.service|microcode.service|rsyslog.service|sshd.service|systemd-readahead-collect.service|systemd-readahead-drop.service|systemd-readahead-replay.service"|awk '{print $1}')"

    for offservice in $DisableService; do
        systemctl stop $offservice >/dev/null 2>&1
        systemctl disable $offservice >/dev/null 2>&1
    done
    /sbin/chkconfig network on
fi

系统连接优化

Parameter="# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
# ARP
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
# TCP Memory
net.core.rmem_default = 2097152
net.core.wmem_default = 2097152
net.core.rmem_max = 4194304
net.core.wmem_max = 4194304
net.ipv4.tcp_rmem = 4096 8192 4194304
net.ipv4.tcp_wmem = 4096 8192 4194304
net.ipv4.tcp_mem = 524288 699050 1048576
# TCP SYN
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.core.netdev_max_backlog = 16384
# TIME_WAIT
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_fin_timeout = 2
net.ipv4.ip_local_port_range = 20000 50000
# TCP keepalive
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
# Other TCP
net.ipv4.tcp_max_orphans = 65535
net.core.somaxconn = 16384
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
vm.swappiness = 0"

Options="$(echo "$Parameter"|grep -v '# '|awk -F' = ' '{print $1}')"
for Option in $Options; do
    sed -i "/$Option/d" /etc/sysctl.conf
done
sed -i "/tables/d" /etc/sysctl.conf

echo -e "\n# Anton modify $(date +%F)" >> /etc/sysctl.conf
echo "$Parameter" >> /etc/sysctl.conf

sysctl -p 1> /dev/null

设置定时任务

if [ $OSVersion -eq 6 ]; then
    for offservice in $(chkconfig --list|grep "3:on"|awk '{print $1}'|egrep -v "crond|network|sshd|syslog|rsyslog|acpid");do chkconfig $offservice off;done
    for onservice in $(chkconfig --list|awk '{print $1}'|egrep "crond|network|sshd|syslog|rsyslog|acpid");do chkconfig $onservice on && /etc/init.d/$onservice start > /dev/null 2>&1;done
fi

设置SSH服务配置

#Set SSHD
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Options="UsePAM PermitEmptyPasswords UseDNS GSSAPIAuthentication"
for Option in $Options ; do
    sed -i "/$Option/d" /etc/ssh/sshd_config
done
echo 'PermitEmptyPasswords no' >>/etc/ssh/sshd_config
echo 'UsePAM no' >>/etc/ssh/sshd_config
echo 'UseDNS no' >>/etc/ssh/sshd_config
echo 'GSSAPIAuthentication no' >>/etc/ssh/sshd_config
if [ $OSVersion -eq 6 ]; then
    /etc/init.d/sshd reload
elif [ $OSVersion -eq 7 ]; then
    systemctl restart sshd
fi

设置系统限制值

cp /etc/security/limits.conf /etc/security/limits.conf.bak
#echo "*               -       nofile          65535" >>/etc/security/limits.conf
echo -e "* soft nofile 65535 \n* hard nofile 65535" >> /etc/security/limits.conf && ulimit -SHn 65535
cp /etc/security/limits.d/*-nproc.conf /etc/security/limits.d/nproc.conf.bak
if [ $OSVersion -eq 6 ]; then
    sed -i 's#1024#unlimited#g' /etc/security/limits.d/*-nproc.conf
elif [ $OSVersion -eq 7 ]; then
    sed -i 's#4096#unlimited#g' /etc/security/limits.d/*-nproc.conf
fi

设定主机时区

#Set timezone
test -f /etc/timezone && rm -f /etc/timezone
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/UTC /etc/localtime

设置系统语言

if [ -f /etc/sysconfig/i18n ]; then
    sed -i '/LANG/d' /etc/sysconfig/i18n
    sed -i '/LC_ALL/d' /etc/sysconfig/i18n
    echo -e "LANG=\"en_US.UTF-8\"" >> /etc/sysconfig/i18n
fi

设置系统DNS

echo -e "nameserver 8.8.8.8\nnameserver 114.114.114.114" >> /etc/resolv.conf

标签：CentOS,tcp,echo,etc,Optimization,ipv4,conf,net,Minimal
来源： https://www.cnblogs.com/meilong/p/CentOS-Minimal-Optimization.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。