初始化linux的 一些命令

拿到新服务器有很有需要自己去修改的地方。这里提供一下运维给出来的 初始化命令脚本。

#内核参数优化
[ -f /etc/sysctl.conf.bak ] && /bin/cp /etc/sysctl.conf.bak /etc/sysctl.conf.bak.$(date +%F-%H%M%S) ||/bin/cp /etc/sysctl.conf /etc/sysctl.conf.bak
cat >> /etc/sysctl.conf <<EOF
fs.file-max = 2000000
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_max_syn_backlog = 40000
net.ipv4.ip_local_port_range = 5000 65000
net.core.somaxconn = 65535
net.core.rmem_max = 16777216
net.core.wmem_max = 8388608
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_max_tw_buckets= 262144
net.nf_conntrack_max = 655360   
net.ipv4.tcp_tw_reuse = 1
net.netfilter.nf_conntrack_max = 4194304
EOF
sysctl -p >/dev/null 2>&1
#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
#修改系统连接数
ulimit -SHn 1000000
[ -f /etc/security/limits.conf.bak ] && /bin/cp /etc/security/limits.conf.bak /etc/security/limits.conf.bak.$(date +%F-%H%M%S) ||/bin/cp /etc/security/limits.conf /etc/security/limits.conf.bak
cat >> /etc/security/limits.conf <<EOF
*        soft    nofile  1000000
*        hard    nofile  1000000
EOF
[ -f /etc/profile.bak ] && /bin/cp /etc/profile.bak /etc/profile.bak.$(date +%F-%H%M%S) ||/bin/cp /etc/profile /etc/profile.bak
cat >> /etc/profile <<EOF
ulimit -SHn 1000000
EOF
#关闭selinux
setenforce 0
[ -f /etc/selinux/config.bak ] && /bin/cp /etc/selinux/config.bak /etc/selinux/config.bak.$(date +%F-%H%M%S) ||/bin/cp /etc/selinux/config /etc/selinux/config.bak
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
#DNS优化
[ -f /etc/resolv.conf.bak ] && /bin/cp /etc/resolv.conf.bak /etc/resolv.conf.bak.$(date +%F-%H%M%S) ||/bin/cp /etc/resolv.conf /etc/resolv.conf.bak
cat > /etc/resolv.conf <<EOF
options rotate timeout:1 attempts:1 single-request-reopen
nameserver 223.5.5.5
nameserver 114.114.114.114
nameserver 119.29.29.29
EOF
#修改ntp时间同步
echo "0 */2 * * * root /usr/sbin/ntpdate 172.29.10.31" >> /etc/crontab
#echo "0 */2 * * * root /usr/sbin/ntpdate 3.asia.pool.ntp.org" >> /etc/crontab
#yum源修改
tar zcvf /etc/yum.repos.d/repos.tgz /etc/yum.repos.d/* --remove-files
cat > /etc/yum.repos.d/CentOS7-Base.repo <<EOF
[base]
name=CentOS-$releasever - Base - mirror.template.com
baseurl=http://172.29.10.47:1000/base/
path=/
enabled=1
gpgcheck=0

[updates]
name=CentOS-$releasever - Updates - mirror.template.com
baseurl=http://172.29.10.47:1000/updates/
path=/
enabled=1
gpgcheck=0

[extras]
name=CentOS-$releasever - Extras - mirrors.template.com
baseurl=http://172.29.10.47:1000/extras/
path=/
enabled=1
gpgcheck=0

[epel]
name=CentOS-$releasever - epel - mirrors.template.com
baseurl=http://172.29.10.47:1000/epel/
failovermethod=priority
enabled=1
gpgcheck=0

EOF
#结束

 

#内核参数优化

[ -f /etc/sysctl.conf.bak ] && /bin/cp /etc/sysctl.conf.bak /etc/sysctl.conf.bak.$(date +%F-%H%M%S) ||/bin/cp /etc/sysctl.conf /etc/sysctl.conf.bak

cat >> /etc/sysctl.conf <<EOF

fs.file-max = 2000000

net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_synack_retries = 2

net.ipv4.tcp_max_syn_backlog = 40000

net.ipv4.ip_local_port_range = 5000 65000

net.core.somaxconn = 65535

net.core.rmem_max = 16777216

net.core.wmem_max = 8388608

net.ipv4.tcp_fin_timeout = 30

net.ipv4.tcp_max_tw_buckets= 262144

net.nf_conntrack_max = 655360

net.ipv4.tcp_tw_reuse = 1

net.netfilter.nf_conntrack_max = 4194304

EOF

sysctl -p >/dev/null 2>&1

#关闭防火墙

systemctl stop firewalld

systemctl disable firewalld

#修改系统连接数

ulimit -SHn 1000000

[ -f /etc/security/limits.conf.bak ] && /bin/cp /etc/security/limits.conf.bak /etc/security/limits.conf.bak.$(date +%F-%H%M%S) ||/bin/cp /etc/security/limits.conf /etc/security/limits.conf.bak

cat >> /etc/security/limits.conf <<EOF

* soft nofile 1000000

* hard nofile 1000000

EOF

[ -f /etc/profile.bak ] && /bin/cp /etc/profile.bak /etc/profile.bak.$(date +%F-%H%M%S) ||/bin/cp /etc/profile /etc/profile.bak

cat >> /etc/profile <<EOF

ulimit -SHn 1000000

EOF

#关闭selinux

setenforce 0

[ -f /etc/selinux/config.bak ] && /bin/cp /etc/selinux/config.bak /etc/selinux/config.bak.$(date +%F-%H%M%S) ||/bin/cp /etc/selinux/config /etc/selinux/config.bak

sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

#DNS优化

[ -f /etc/resolv.conf.bak ] && /bin/cp /etc/resolv.conf.bak /etc/resolv.conf.bak.$(date +%F-%H%M%S) ||/bin/cp /etc/resolv.conf /etc/resolv.conf.bak

cat > /etc/resolv.conf <<EOF

options rotate timeout:1 attempts:1 single-request-reopen

nameserver 223.5.5.5

nameserver 114.114.114.114

nameserver 119.29.29.29

EOF

#修改ntp时间同步

echo "0 */2 * * * root /usr/sbin/ntpdate 172.29.10.31" >> /etc/crontab

#echo "0 */2 * * * root /usr/sbin/ntpdate 3.asia.pool.ntp.org" >> /etc/crontab

#yum源修改

tar zcvf /etc/yum.repos.d/repos.tgz /etc/yum.repos.d/* --remove-files

cat > /etc/yum.repos.d/CentOS7-Base.repo <<EOF

[base]

name=CentOS-$releasever - Base - mirror.template.com

baseurl=http://172.29.10.47:1000/base/

path=/

enabled=1

gpgcheck=0

 

[updates]

name=CentOS-$releasever - Updates - mirror.template.com

baseurl=http://172.29.10.47:1000/updates/

path=/

enabled=1

gpgcheck=0

 

[extras]

name=CentOS-$releasever - Extras - mirrors.template.com

baseurl=http://172.29.10.47:1000/extras/

path=/

enabled=1

gpgcheck=0

 

[epel]

name=CentOS-$releasever - epel - mirrors.template.com

baseurl=http://172.29.10.47:1000/epel/

failovermethod=priority

enabled=1

gpgcheck=0

 

EOF

#结束