CentOS 7.9 初始化配置

#CentOS 7.9 初始化配置

##ip配置
cat <<EOF | tee /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
#BOOTPROTO=dhcp
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.1.101
PREFIX=24
GATEWAY=192.168.1.1
DNS1=223.5.5.5
DNS2=8.8.8.8
EOF

#修改主机名
hostnamectl set-hostname centos7-001

#hosts映射
echo "192.168.1.101 centos7-001" >> /etc/hosts
echo "192.168.1.102 centos7-002" >> /etc/hosts

#重启网格
systemctl restart network

#查看网格
ip addr

#测试联通
ping centos7-001

#建议关闭SELinux
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

#建议关闭防火墙firewalld
systemctl stop firewalld
systemctl disable firewalld

#配置yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
#curl -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

yum repolist
yum -y makecache
yum -y upgrade
yum -y update

#安装维护工具
yum install -y yum-utils
yum install -y tree nmap traceroute dos2unix lrzsz nc lsof wget tcpdump iotop sysstat device-mapper-persistent-data lvm2
yum install -y psmisc net-tools bash-completion vim-enhanced telnet unzip zip ntpdate
yum install -y git epel-release openssh-clients gcc gcc-c++ automake autoconf libtool make gdb
yum install -y pcre pcre-devel zlib zlib-devel openssl openssl-devel

#修改sshd
vi /etc/ssh/sshd_config

Port 22
PermitRootLogin yes
PasswordAuthentication yes
PrintLastLog yes

#ssh重启&开机启动
systemctl enable sshd
systemctl start sshd
systemctl status sshd

#免密登入
cd /root/.ssh/
ssh-keygen -t rsa

cp id_rsa.pub authorized_keys
scp authorized_keys id_rsa id_rsa.pub root@192.168.1.103:/root/.ssh/

 

#关闭交换分区
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

#同步时间
timedatectl set-timezone Asia/Shanghai
ntpdate ntp1.aliyun.com

#系统最大打开文件数
cat >> /etc/security/limits.conf << EOF
#可打开文件数
* soft nofile 65535 #软限制
* hard nofile 65536 #硬限制
EOF

#br_netfilter 模块可以使iptables工作在二层bridges桥接
echo "br_netfilter" >> /etc/modules-load.d/bridge.conf
modprobe br_netfilter

#启用 IPv4 数据包转发
# 设置所需的 sysctl 参数，参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/network.conf
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.core.netdev_max_backlog=262144
net.ipv4.ip_forward=1
net.ipv4.tcp_fin_timeout=20
net.ipv4.tcp_max_syn_backlog=20480
net.ipv4.tcp_max_tw_buckets=20480
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_tw_recycle=0
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
vm.overcommit_memory=1
vm.panic_on_oom=0
vm.swappiness=0
fs.file-max=52706963
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.nr_open=52706963
EOF

# 应用 sysctl 参数而不重新启动
sudo sysctl --system -p

#验证
sysctl net.ipv4.ip_forward

 

#重启机器
reboot