<b>1.4.3 centos 6.4 x86_64系統最小化優化腳本</b>
centos 6.4 x86_64系統最小化優化腳本,腳本内容如下所示(請注意下面的代碼中有中文注釋内容,如果是放線上上運作時則要注意):
#!/bin/bash
#系統基礎更新
wget
http://mirrors.163.com/.help/centos6-base-163.repo
cd
/etc/yum.repos.d/
mv
centos-base.repo centos-base.repo.bak
centos6-base-163.repo centos-base.repo
yum clean all #清除yum緩存
yum makecache #重建緩存
yum update #更新linux系統
#添加epel外部yum擴充源
/usr/local/src
http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh
epel-release-6-8.noarch.rpm
#安裝gcc基礎庫檔案及sysstat工具
yum -y install
gcc gcc-c++ vim-enhanced unzip unrar sysstat
#配置ntpdate自動對時
ntp
echo "01 01
* * * /usr/sbin/ntpdate ntp.api.bz
>> /dev/null 2>&1" >> /etc/crontab
ntpdate
ntp.api.bz
service crond
restart
#配置檔案的ulimit值
ulimit -shn
65534
echo
"ulimit -shn 65534" >> /etc/rc.local
cat >>
/etc/security/limits.conf << eof
* soft nofile 65534
* hard nofile 65534
eof
#基礎系統核心優化
/etc/sysctl.conf << eof
net.ipv4.tcp_syncookies
= 1
net.ipv4.tcp_syn_retries
net.ipv4.tcp_tw_recycle
net.ipv4.tcp_tw_reuse
net.ipv4.tcp_fin_timeout
net.ipv4.tcp_keepalive_time
= 1200
net.ipv4.ip_local_port_range
= 10000 65535
net.ipv4.tcp_max_syn_backlog
= 16384
net.ipv4.tcp_max_tw_buckets
= 36000
net.ipv4.route.gc_timeout
= 100
net.ipv4.tcp_synack_retries
net.core.somaxconn
net.core.netdev_max_backlog
net.ipv4.tcp_max_orphans
/sbin/sysctl -p
#禁用control-alt-delete組合鍵以防止誤操作
sed -i 's@ca::ctrlaltdel:/sbin/shutdown
-t3 -r now@#ca::ctrlaltdel:/sbin/shutdown -t3 -r now@' /etc/inittab
#關閉selinux
sed -i
's@selinux=enforcing@selinux=disabled@' /etc/selinux/config
#關閉iptables
service iptables
stop
chkconfig
iptables off
#ssh服務配置優化,請保持機器中至少存在一個具有sudo權限的使用者,下面的配置會禁止root遠端登入
's@#permitrootlogin yes@permitrootlogin no@' /etc/ssh/sshd_config
#禁止空密碼登入
's@#permitemptypasswords no@permitemptypasswords no@' /etc/ssh/sshd_config
#禁止ssh反向解析
's@#usedns yes@usedns no@' /etc/ssh/sshd_config /etc/ssh/sshd_config
service sshd
#禁用ipv6位址
"install ipv6 /bin/true" > /etc/modprobe.d/disable-ipv6.conf
#每當系統需要加載ipv6子產品時,強制執行/bin/true來代替實際加載的子產品
"ipv6init=no" >> /etc/sysconfig/network-scripts/ifcfg-eth0
#禁用基于ipv6網絡,使之不會被觸發啟動
ip6tables off
#vim基礎文法優化
/root/.vimrc << eof
set number
set ruler
set nohlsearch
set shiftwidth=2
set tabstop=4
set expandtab
set cindent
set autoindent
set mouse=v
syntax on
#精簡開機自啟動服務,安裝最小化服務的機器初始可以隻保留crond|network|rsyslog|sshd這4個服務
for i in
`chkconfig --list|grep 3:on|awk '{print $1}'`;do chkconfig --level 3 $i
off;done
for cursrv in crond rsyslog sshd network;do chkconfig
--level 3 $cursrv on;done
#重新開機伺服器
reboot