Linux系统基础优化脚本--安装完操作系统必做的操作
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了Linux系统基础优化脚本--安装完操作系统必做的操作,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含4066字,纯文字阅读大概需要6分钟。
内容图文
#!/bin/sh ###open iptables service, allow this ports access 80, 3307, 21#### function firewall() { service iptables start for Port in 21 80 3307 do iptables -I INPUT 5 -m state --state NEW -m tcp -p tcp --dport $Port -j ACCEPT done /etc/init.d/iptables save } ###disable selinux service### function safety() { /usr/sbin/setenforce 0 sed -i ‘s/^SELINUX=enforcing/SELINUX=disabled/‘ /etc/sysconfig/selinux } ###edit os runlevel, 3 - Full multiuser mode### function runlevel() { sed -i ‘s/^id:[0-9]:initdefault:/id:3:initdefault:/‘ /etc/inittab } ###thin systrv, initation system open this service: crond, iptables, network, sshd, rsyslog#### function systrv() { Srv_List=`chkconfig --list|grep 3:on| awk ‘{print $1}‘` for i in $Srv_List do chkconfig --level 3 $i off done for j in crond iptables network sshd rsyslog do chkconfig --level 3 $j on done } ###add common user zkyw as operation account### function adduser() { /usr/sbin/useradd zkyw echo "zkyw@123" | passwd zkyw --stdin } ###Optimization ssh service, alter default port 22, disable root login###### function myssh() { sed -i ‘s/^#Port 22/Port 16182/‘ /etc/ssh/sshd_config #alter ssh default port 16182 sed -i ‘s/^PermitRootLogin yes/PermitRootLogin no/‘ /etc/ssh/sshd_config sed -i ‘s/^#PermitEmptyPasswords no/PermitEmptyPasswords no/‘ /etc/ssh/sshd_config sed -i ‘s/^#MaxAuthTries 6/MaxAuthTries 3/‘ /etc/ssh/sshd_config sed -i ‘$aAllowUsers zkyw‘ /etc/ssh/sshd_config #allow common user zkyw ssh login /etc/init.d/sshd reload } ###clock Synchronous with internet time### function ntpclock() { /usr/sbin/ntpdate 202.120.2.101 echo "30 22 * * * /usr/sbin/ntpdate 202.120.2.101" >> /var/spool/cron/root /etc/init.d/crond reload } ###lock the key files including: passwd、group、shadow、gshadow、inittab##### function lockfile() { for file in passwd group shadow gshadow inittab do chattr +i /etc/$file done } ###alter max nofile and max user processes#### function userlimit() { sed -i ‘$a* soft nofile 65536\n* hard nofile 65536‘ /etc/security/limits.conf sed -i ‘s/^/#/‘ /etc/security/limits.d/90-nproc.conf sed -i ‘$a* soft nproc 51200\nroot soft nproc unlimited‘ /etc/security/limits.d/90-nproc.conf } ###optimization system kernel parameters, including tcp/ip protocal, iptables and so on#### function syskernel() { cp /etc/sysctl.conf /etc/sysctl.conf.eri modprobe bridge ( cat << EOF net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 net.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_tcp_timeout_established = 180 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 EOF ) >> /etc/sysctl.conf /sbin/sysctl -p >/dev/null 2>&1 } ###delete some of no great importance users and groups#### function cleanusers() { for user in adm lp sync shutdown halt uucp operator games gopher ftp do /usr/sbin/userdel $user done for gp in adm lp dip do /usr/sbin/groupdel $gp done } echo "Iptables Optimization Starting..." firewall echo "Selinux Disabled Starting..." safety echo "Runlevel Optimization Starting..." runlevel echo "System Init Service Optimization Starting..." systrv echo "Add zkyw Common Account Starting..." adduser echo "SSH Service Optimization Starting..." myssh echo "Clock Synchronous Optimization Starting..." ntpclock echo "Max nofile and user processes Optimization Starting..." userlimit echo "System Kernel Parameters Optimization Starting..." syskernel
本文出自 “清枫拂面” 博客,请务必保留此出处http://crazy123.blog.51cto.com/1029610/1688186
原文:http://crazy123.blog.51cto.com/1029610/1688186
内容总结
以上是互联网集市为您收集整理的Linux系统基础优化脚本--安装完操作系统必做的操作全部内容,希望文章能够帮你解决Linux系统基础优化脚本--安装完操作系统必做的操作所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。