优化内容:
(1.设置history历史记录
(2.添加普通用户,设置sudo权限
(3.禁止root远程用户登录
(4.修改远程端口
(5.精简开机启动服务器
(6.关闭selinux
(7.配置iptables
(8.修改最大连接数 ulimit
(9.禁止使用Ctrl+Alt+Del快捷键重启服务器
(10.修改默认DNS
(11.安装必要软件,更新yum源 [epel源]
(12.更新内核和软件到最新版本
(13.优化内核参数 [根据实际情况调整]
(14.去除上次登录的信息
(15.关闭开机显示内核信息
1.设置history历史记录
echo'exportHISTFILE=$HOME/.bash_historyexportHISTSIZE=2000exportHISTFILESIZE=2000exportHISTTIMEFORMAT="%F%T`whoami`"exportPROMPT_COMMAND="history-a;history-c;history-r;"shopt-shistappendtypeset-rPROMPT_COMMANDtypeset-rHISTTIMEFORMAT' /etc/profile.d/history.shsource/etc/profile
2.添加普通用户,设置sudo权限
username='dyt'password='dyt2015'useradd$username;echo$password|passwd--stdin$usernamesed-i"98a$usernameALL=(ALL)NOPASSWD:ALL"/etc/sudoers
3.禁止root远程用户登录
sed-i's/#PermitRootLoginyes/PermitRootLoginno/'/etc/ssh/sshd_config
4.修改远程端口
sed-i's/#Port22/Port9527/'/etc/ssh/sshd_config/etc/init.d/sshdrestart
5.精简开机启动服务器
forserverin`chkconfig--list|egrep-v'crond|network|rsyslog|sshd|iptables'|awk'{print$1}'`;dochkconfig$serveroff;done
6.关闭selinux
sed-i's/SELINUX=enforcing/SELINUX=disabled/'/etc/selinux/configsetenforce0
7.配置iptables
/etc/init.d/iptablesrestartiptables-Fiptables-Xiptables-Ziptables-AINPUT-picmp-jACCEPTiptables-AINPUT-ilo-jACCEPT#允许某个IP段远程访问sshiptables-AINPUT-ptcp-mtcp--dport9527-s192.168.64.0/24-jACCEPT#开启80端口iptables-AINPUT-Ptcp-mtcp--dropt80-jACCEPT#允许某个IP的所有请求iptables-AINPUT-pall-s124.43.56.90/30-jACCEPTiptables-AINPUT-mstate--stateRELATED,ESTABLISHED-jACCEPTiptables-PINPUTDROPiptables-POUTPUTACCEPTiptables-PFORWARDDROP/etc/init.d/iptablessave/etc/init.d/iptablesrestart
8.修改最大连接数 ulimit
#方法有很多,未必就这一种echo'*-noproc65535' /etc/security/limits.confecho'*-nofile65535' /etc/security/limits.conf
9.禁止使用Ctrl+Alt+Del快捷键重启服务器
sed-i"s/startoncontrol-alt-delete/#startoncontrol-alt-delete/g"/etc/init/control-alt-delete.conf
10.修改默认DNS
echo"nameserver8.8.8.8" /etc/resolv.confecho"nameserver8.8.4.4" /etc/resolv.conf
11.安装必要软件,更新yum源 [epel源]
#根据个人公司情况,这里只列举了自己常用的软件和yum源,根据实际情况更改yum源yum-yinstallgccgcc-c++openssl-developenssh-clientswgetmakelrzszunzipzipxzntpdatelsoftelnetepel-releasevimtreekernel-develkernel
12.更新内核和软件到最新版本
yum-yupgrade
13.优化内核参数 [根据实际情况调整]
echo-e"net.core.somaxconn=262144" /etc/sysctl.confecho-e"net.core.netdev_max_backlog=262144" /etc/sysctl.confecho-e"net.core.wmem_default=8388608" /etc/sysctl.confecho-e"net.core.rmem_default=8388608" /etc/sysctl.confecho-e"net.core.rmem_max=16777216" /etc/sysctl.confecho-e"net.core.wmem_max=16777216" /etc/sysctl.confecho-e"net.ipv4.route.gc_timeout=20" /etc/sysctl.confecho-e"net.ipv4.ip_local_port_range=102465535" /etc/sysctl.confecho-e"net.ipv4.tcp_retries2=5" /etc/sysctl.confecho-e"net.ipv4.tcp_fin_timeout=30" /etc/sysctl.confecho-e"net.ipv4.tcp_syn_retries=1" /etc/sysctl.confecho-e"net.ipv4.tcp_synack_retries=1" /etc/sysctl.confecho-e"net.ipv4.tcp_timestamps=0" /etc/sysctl.confecho-e"net.ipv4.tcp_tw_recycle=1" /etc/sysctl.confecho-e"net.ipv4.tcp_tw_reuse=1" /etc/sysctl.confecho-e"net.ipv4.tcp_keepalive_time=120" /etc/sysctl.confecho-e"net.ipv4.tcp_keepalive_probes=3" /etc/sysctl.confecho-e"net.ipv4.tcp_keepalive_intvl=15" /etc/sysctl.confecho-e"net.ipv4.tcp_max_tw_buckets=36000" /etc/sysctl.confecho-e"net.ipv4.tcp_max_orphans=3276800" /etc/sysctl.confecho-e"net.ipv4.tcp_max_syn_backlog=262144" /etc/sysctl.confecho-e"net.ipv4.tcp_wmem=819213107216777216" /etc/sysctl.confecho-e"net.ipv4.tcp_rmem=3276813107216777216" /etc/sysctl.confecho-e"net.ipv4.tcp_mem=94500000915000000927000000" /etc/sysctl.confecho-e"net.ipv4.tcp_slow_start_after_idle=0" /etc/sysctl.confecho-e"vm.swappiness=0" /etc/sysctl.confecho-e"kernel.panic=5" /etc/sysctl.confecho-e"kernel.panic_on_oops=1" /etc/sysctl.confecho-e"kernel.core_pipe_limit=0" /etc/sysctl.conf#iptables防火墙echo-e"net.nf_conntrack_max=25000000" /etc/sysctl.confecho-e"net.netfilter.nf_conntrack_max=25000000" /etc/sysctl.confecho-e"net.netfilter.nf_conntrack_tcp_timeout_established=180" /etc/sysctl.confecho-e"net.netfilter.nf_conntrack_tcp_timeout_time_wait=120" /etc/sysctl.confecho-e"net.netfilter.nf_conntrack_tcp_timeout_close_wait=60" /etc/sysctl.confecho-e"net.netfilter.nf_conntrack_tcp_timeout_fin_wait=120" /etc/sysctl.confo
15.去除上次登录的信息
touch~/.hushlogin
人生重要的不是所站的位置,而是所朝的方向