6 centos6.3 x86_64 linux系统优化设置1

[root@crmn ~]# cat /etc/redhat-release //查看系统版本
CentOS release 6.3 (Final)
[root@crmn ~]# uname -r //查看内核版本
2.6.32-279.el6.x86_64
[root@crmn ~]# uname -m
x86_64
[root@crmn ~]# uname -a
Linux crmn 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

　　

//运维使用的优秀工具：
EmEditor editoplus notepad++
everything
secureCRT
win32HyperSnap截图工具
KeePass密码管理软件
win32文本比较工具
[root@crmn ~]# echo 123 > a.txt
[root@crmn ~]# echo 1234 > b.txt
[root@crmn ~]# diff a.txt b.txt //按行比较文件内容差别
1c1
< 123
---
> 1234
[root@crmn ~]# vimdiff a.txt b.txt //

//操作系统生产标准基础优化:
[root@crmn ~]# whoami
root
[root@crmn ~]# useradd oldboy//添加普通用户并加密码
[root@crmn ~]# passwd oldboy
Changing password for user oldboy.
New password:
BAD PASSWORD: it is too simplistic/systematic
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.

[oldboy@crmn ~]$ whoami
oldboy

[root@crmn ~]# su - oldboy //root切换到普通用户
[oldboy@crmn ~]$ whoami
oldboy
[oldboy@crmn ~]$ su - root //普通用户切换到root
Password:
[root@crmn ~]# whoami
root
[root@crmn ~]# echo 123456|passwd --stdin oldboy
[root@crmn ~]# echo 123456|passwd --stdin oldboy &&history -c//修改密码无需交互
Changing password for user oldboy.
passwd: all authentication tokens updated successfully.

//linux定时打补丁，使用更新源的国内镜像
[root@crmn ~]# rpm -ivh xxx //软件安装命令；yum -y install xxx 包管理工具
rpm: no packages given for install

//centos6.3 64bit yum源的配置方法：
[root@crmn ~]# cat /etc/yum.repos.d/CentOS-Base.repo
http://mirrors.163.com/欢迎访问网易开源镜像站：
http://mirrors.163.com/.help/CentOS6-Base-163.repo
[root@crmn yum.repos.d]# wget http://mirrors.163.com/.help/CentOS6-Base-163.repo //下载该镜像源
[root@crmn yum.repos.d]# cp CentOS-Base.repo CentOS-Base.repo_bak //备份原来的镜像源
[root@crmn yum.repos.d]# ls
CentOS6-Base-163.repo// CentOS-Base.repo_bak CentOS-Media.repo
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Vault.repo
[root@crmn yum.repos.d]# cp CentOS6-Base-163.repo CentOS-Base.repo//更换镜像源成功
cp: overwrite `CentOS-Base.repo'? y
[root@crmn yum.repos.d]# vimdiff CentOS-Base.repo_bak CentOS6-Base-163.repo //对比差别！
//可以自己配置yum仓库，ISO配置成本地yum仓库

[root@crmn yum.repos.d]# yum -y install tree telnet dos2unix sysstat lrzsz //安装常用软件
[root@crmn ~]# yum -y upgrade //打补丁，不一定是好事（有的服务软件更新后出问题）
[root@crmn ~]# yum grouplist //查看已经安装的包组

//安装后的基本调优及安全设置
1.关闭selinux
[root@crmn ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

[root@crmn ~]# sed -i s#SELINUX=enforcing#SELINUX=disabled#g /etc/selinux/config//关闭selinux，修改配置文件则永久生效，但是必须要重启系统。
[root@crmn ~]# grep "disabled" /etc/selinux/config //检查
# disabled - No SELinux policy is loaded.
SELINUX=disabled
[root@crmn ~]# getenforce //查看selinux状态
Enforcing
[root@crmn ~]# setenforce 0//临时生效，但重启后生效
[root@crmn ~]# getenforce
Permissive

[root@crmn ~]# echo oldboy > ett.txt //test
[root@crmn ~]# sed s#oldboy#oldgirl#g ett.txt
oldgirl
[root@crmn ~]# cat ett.txt
oldboy
[root@crmn ~]# sed -i s#oldboy#oldgirl#g ett.txt//sed -i修改文件
[root@crmn ~]# cat ett.txt
oldgirl

[root@crmn ~]# cat /etc/inittab //linux默认有7种启动模式，启动流程会调用该文件
# Default runlevel. The runlevels used are:
# 0 - halt (Do NOT set initdefault to this) //关机模式
# 1 - Single user mode //单用户模式，用于修复、改密码等
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking) //多用户模式
# 3 - Full multiuser mode //命令行模式
# 4 - unused //暂时不用
# 5 - X11 //桌面模式
# 6 - reboot (Do NOT set initdefault to this) //重启模式
#
id:3:initdefault: //命令行模式
[root@crmn ~]# runlevel //查看当前系统运行级别
N 3
[root@crmn ~]# init x //切换运行级别
init: missing runlevel
Try `init --help' for more information.

3.精简开机系统启动的服务为：
//windows下使用命令：msconfig
<1>[root@crmn ~]# setup //system service
<2>[root@crmn ~]# ntsysv
<3>脚本一键完成处理
//chkconfig是查看设置开机自启动软件的命令
[root@crmn ~]# chkconfig --list|grep "3:on" //命令行模式开机自启动的软件服务
abrt-ccpp 0:off 1:off 2:off 3:on 4:off 5:on 6:off
abrt-oops 0:off 1:off 2:off 3:on 4:off 5:on 6:off
abrtd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
kdump 0:off 1:off 2:off 3:on 4:on 5:on 6:off
lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off
mcelogd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off
udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off
[root@crmn ~]# LANG=en //英文字符集

[root@crmn ~]# chkconfig udev-post off //关掉该udev-post服务，重启后生效
[root@crmn ~]# chkconfig --list udev-post
udev-post 0:off 1:on 2:off 3:off 4:off 5:off 6:off

//打开需要的服务方法一：
[root@crmn ~]# for oldboy in `chkconfig --list|grep "3:on"|awk '{print $1}'`; do chkconfig $oldboy off;done //全关闭服务
[root@crmn ~]# chkconfig --list|grep "3:on"
[root@crmn ~]# for oldboy in crond network sshd rsyslog; do chkconfig $oldboy on;done //打开需要的服务
[root@crmn ~]# chkconfig --list|grep "3:on"
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@crmn ~]# for oldboy in `chkconfig --list|grep "3:off"|awk '{print $1}'`; do chkconfig $oldboy on;done //还原回来
[root@crmn ~]# chkconfig --list|grep "3:on"
abrt-ccpp 0:off 1:off 2:on 3:on 4:on 5:on 6:off
abrt-oops 0:off 1:off 2:on 3:on 4:on 5:on 6:off
abrtd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irqbalance 0:off 1:off 2:on 3:on 4:on 5:on 6:off
kdump 0:off 1:off 2:on 3:on 4:on 5:on 6:off
lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off
mcelogd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netconsole 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpdate 0:off 1:off 2:on 3:on 4:on 5:on 6:off
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
psacct 0:off 1:off 2:on 3:on 4:on 5:on 6:off
quota_nld 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rdisc 0:off 1:off 2:on 3:on 4:on 5:on 6:off
restorecond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rngd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
svnserve 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off
udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off
[root@crmn ~]#

//打开需要的服务方法二：
[root@crmn ~]# chkconfig --list|grep "3:on"|awk '{print $1}'|grep -vE "crond|network|sshd|rsyslog"
abrt-ccpp
abrt-oops
abrtd
acpid
atd
auditd
cpuspeed
haldaemon
ip6tables
iptables
irqbalance
kdump
lvm2-monitor
mcelogd
mdmonitor
messagebus
netconsole
netfs
ntpd
ntpdate
postfix
psacct
quota_nld
rdisc
restorecond
rngd
saslauthd
smartd
svnserve
sysstat
udev-post
[root@crmn ~]# for oldboy in ` chkconfig --list|grep "3:on"|awk '{print $1}'|grep -vE "crond|network|sshd|rsyslog" `; do chkconfig $oldboy off;done
[root@crmn ~]# chkconfig --list|grep "3:on"
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off