Linux系統優化參數

1.配置靜態ip
[root@localhost ~]#vi /etc/sysconfig/network-scripts/ifcfg-eno16777984


TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777984
UUID=7bdf595d-cc78-49a2-ad3c-df9b315dd38e
DEVICE=eno16777984
ONBOOT=yes
IPADDR0=192.168.1.247
PREFIX0=24
GATEWAY0=192.168.1.1
DNS1=219.141.136.10


[root@localhost ~]#systemctl  restart network


2.配置epel源
wget -qO /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
 yum clean all
 yum makecache 


3.更新系統
yum update -y


4.關閉防火牆並安裝iptables
systemctl stop firewalld.service
systemctl disable firewalld.service




禁用
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config


5.添加執行權限
chmod +x /etc/rc.d/rc.local 


6.修改主機名
hostnamectl set-hostname heren


7.修改字符集
vi /etc/locale.conf
LANG="en_US.UTF-8"


8.修改打開文件數限制
vi /etc/security/limits.conf
*               soft    nofile          65535
*               hard    nofile          65535
*               soft    nproc           65535
*               hard    nproc           65535




9.系統參數調優
vi /etc/sysctl.conf 


# Controls IP packet forwarding
net.ipv4.ip_forward = 0


# Controls source route verification
net.ipv4.conf.default.rp_filter = 1


# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0


# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0


# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1


# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1


# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0


# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536


# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536


# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736




# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
net.core.netdev_max_backlog = 10000
net.core.rmem_default = 1048576
net.core.rmem_max = 1572864 
net.core.somaxconn = 262144
net.core.netdev_max_backlog = 262144 
net.core.wmem_default = 1048576
net.core.wmem_max = 1572864
net.netfilter.nf_conntrack_max=1087152
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 4
net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_max_syn_backlog = 20000
net.ipv4.tcp_max_orphans = 65535
net.ipv4.tcp_max_tw_buckets = 10000
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_orphan_retries = 1
net.ipv4.tcp_retrans_collapse = 0
net.ipv4.tcp_retries2 = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_syncookies = 1
vm.swappiness = 0


sysctl -p
 modprobe br_netfilter




10.配置history命令
vi /etc/bashrc
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
HISTFILESIZE=1000000000
HISTSIZE=1000000
HISTTIMEFORMAT="%F %T ${USER_IP} `whoami` "
export HISTTIMEFORMAT
source /etc/bashrc


11.添加用戶
[root@localhost ~]# useradd ceshi05
[root@localhost ~]# passwd ceshi05
[root@localhost ~]# groupadd kele
usermod -G kele ceshi05
設置sudo權限
visudo
Cmnd_Alias SHUTDOWN = /sbin/halt, /sbin/shutdown, /sbin/poweroff, /sbin/reboot, /sbin/init
ceshi05         ALL=(ALL)       ALL,!SHUTDOWN
kele            ALL=(ALL)       ALL,!SHUTDOWN    #修改kele組的權限，禁止關機
Defaults logfile=/var/log/sudo.log


12.SSH的配置修改及設置登錄權限
[root@localhost ~]# vi /etc/ssh/sshd_config
修改以下幾行：


#修改ssh登錄端口
Port 8085
#禁用DNS反解析，提高登錄連接速度
UseDNS no
#禁止root通過ssh登錄
#請一定在添加普通賬號及設置賬號密碼後才能設置此項
#PermitRootLogin no
編輯完成後保存，並執行命令：
 systemctl restart sshd
 systemctl enable sshd
 systemctl status sshd