CentOS刚安装后的优化处理
1、首先默认关闭掉selinux和iptables
set -i ‘s/SELINUX=enforcing/SELINUX=disabled/’/etc/selinux/config
setenforce 0
getenforce #查看现在selinux的状态
/etc/init.d/iptables stop #停止防火墙
chkconfig iptables off #开机不启动防火墙
chkconfig --list | grep iptables #查看防火墙状态
2、更改ssh登录时的端口号
vi /etc/ssh/sshd_config ...................... port 22 #改为自己希望的端口号 .....................
UseDNS yes,改为UseDNS no
#连接时会自动检测dns环境是否一致导致的,修改为不检测即可
3、修改系统启动级别为3(文本模式)
vi /etc/inittab ............................... id:3:initdefault: ...............................
4、精简系统自启动服务
一般自启动启动最少需要保留5个服务
分别为:sshd rsyslog network crontab sysstat
#####命令关闭其余服务########### chkconfig --list|grep 3:on|grep -vE "crond|network|sshd|rsyslog|sysstat"|awk '{print "chkconfig " $1 " off"}' | bash
5、给历史记录加时间显示
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile
6、linux服务器内核参数优化
cat >>/etc/sysctl.conf<< OK net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl =15 net.ipv4.tcp_retries2 = 5 net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 32768 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_wmem = 8192 131072 16777216 net.ipv4.tcp_rmem = 32768 131072 16777216 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.ip_conntrack_max = 65536 net.ipv4.netfilter.ip_conntrack_max=65536 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 vm.swappiness=10 OK
7、linux服务器打开文件数优化
cat >>/etc/security/limits.conf<< ok * soft nofile 65535 * soft nproc 65535 * hard nofile 65535 * hard nproc 65535
ok
cat >>/etc/security/limits.d/90-nofile.conf<< ok
* soft nofile 65535 * hard nofile 65535 root soft nofile unlimited
ok
浙公网安备 33010602011771号