centos7模板机制作

1. 环境说明

 本文所使用镜像版本为CentOS-7-x86_64-DVD-1810,其他版本亦可参考。

 VMware网络使用NAT模式,网段为10.100.1.0/24,网关为10.100.1.254

2. 配置模板 

 2.1 配置CentOS源和epel源

[root@centos7 ~]# cp /etc/yum.repos.d/CentOS-Base.repo{,.bak}
[root@centos7 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@centos7 ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@centos7 ~]# curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

 2.2 更新Kernel

[root@centos7 ~]# yum -y update

 2.3 关闭防火墙

[root@centos7 ~]# setenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@centos7 ~]# systemctl stop firewalld && systemctl disable firewalld
[root@centos7 ~]# yum install -y iptables-services
[root@centos7 ~]# iptables -F && service iptables save

 2.4 自启项管理

[root@centos7 ~]# systemctl list-unit-files --type=service|grep 'enabled'
[root@centos7 ~]# systemctl stop NetworkManager postfix && systemctl disable NetworkManager postfix
[root@centos7 ~]# echo "unset MAILCHECK" >> /etc/profile && source /etc/profile

 2.5 更改时区

 

[root@centos7 ~]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@centos7 ~]# yum install -y ntp
[root@centos7 ~]# systemctl start ntpd && systemctl enable ntpd
[root@centos7 ~]# crontab -e
### update time ###
*/5 * * * * systemctl restart ntpd;/usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1
### clean cache ###
* */1 * * * yum clean all && rm -rf /var/cache/yum/* >/dev/null 2>&1

 2.6 关闭swap

[root@centos7 ~]# swapoff -a
[root@centos7 ~]# vi /etc/fstab
[root@centos7 ~]# echo vm.swappiness=0 >> /etc/sysctl.conf

 2.7 优化配色

[root@centos7 ~]# vim ~/.bashrc
PS1="\[\e[32;40m\][\u@\h \w]\\$ \[\e[0m\]"
[root@centos7 ~]# source ~/.bashrc

 2.8 文件打开数

[root@centos7 ~]# vi /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535

 noproc是代表最大进程数,nofile是代最大文件打开数,*是表示修改所有用户的限制。

[root@centos7 ~]# vi /etc/security/limits.d/20-nproc.conf
#*          soft    nproc     65535
#root       soft    nproc     unlimited

*       soft    nproc   65535
*       hard    nproc   65535

 2.9 sshd优化

[root@centos7 ~]# vi /etc/ssh/sshd_config
UseDNS no
GSSAPIAuthentication no
[root@centos7 ~]# vi /etc/ssh/ssh_config
StrictHostKeyChecking no
[root@centos7 ~]# systemctl restart sshd

 2.10 依赖安装

[root@centos7 ~]# rpm -ivh http://springdale.math.ias.edu/data/puias/unsupported/7/x86_64//iksemel-1.4-6.sdl7.x86_64.rpm
[root@centos7 ~]# yum install -y bash-completion fping gcc-c++ deltarpm net-tools java-11-openjdk maven
[root@centos7 ~]# yum install -y wget vim lrzsz tree lsof tcpdump screen man unzip ansible

  

 

 

 

 

 

  

  

 

posted @ 2021-11-22 23:34  zhenru  阅读(253)  评论(0)    收藏  举报