自己参考了系统优化的点,写了一个一键优化脚本,适用于CentOS6.x版本,各个项已经单独进行测试通过。适用于CentOS6.x系统最小化安装执行,可以根据自己的需求进行添加或修改完善。
主要优化内容有:
关闭系统不必要的服务;关闭selinux,关闭iptables;关闭ctrl+alt+del重启;设置ssh端口,关闭DNS解析;设置系统最大文件描述符;设置系统关键文件权限;配置安装ntp;安装vim;配置安装阿里云yum源和epel源;
脚本如下:
[root@localhost ~]# cat youhua.sh#!/bin/bash#written by mofansheng@2015-11-03#system optimization script#The fllow apply to CentOS 6.x. /etc/init.d/functionsfunction check_ok(){ if [ $? -eq 0 ] then echo “” continue else echo “pls check error” exit fi}cat<<EOF———————————————————————–| system optimization |———————————————————————–EOF#close unimportant system servicesecho “===Close unimportant system services,it will take serval mintinues===”for s in `chkconfig –list|grep 3:on|awk ‘{print $1}’|grep -Ev “crond|sshd|sysstat|rsyslog|network”`do chkconfig $s offdonecheck_okaction “Close unimportant system services” /bin/true#close selinuxecho “===close SELINUX===”if [ `getenforce` != “Disabled” ]thensed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/configecho “selinux is disabled,you must reboot!”elseaction “SELINUX is closed” /bin/trueficheck_okaction “Close SELINUX” /bin/true#close ctrl+alt+delmv /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf.bak#close iptablesecho “===close iptables===”iptables-save >/etc/sysconfig/iptables_$(date +%s)iptables -Fservice iptables savecheck_okaction “iptables is closed” /bin/true#set ulimitecho “ulimit -SHn 65535” >>/etc/rc.local#set SSHsed -i ‘s/#UseDNS yes/UseDNS no/g’ /etc/ssh/sshd_configsed -i ‘s/#Port 22/Port 65500/g’ /etc/ssh/sshd_configservice sshd restart#set system files permissionchmod 600 /etc/passwdchmod 600 /etc/groupchmod 600 /etc/shadowchmod 600 /etc/gshadow#set ntpyum install ntpdate -yntpdate ntp.fudan.edu.cnecho “* 3 * * * /usr/sbin/ntpdate ntp.fudan.edu.cn >/dev/null 2>&1” >>/etc/crontabservice crond restartcheck_okaction “ntpdate is installed and add in crontab” /bin/true#set vimecho “===install vim,it will take serval mintinues===”yum install vim-enhanced -y &>/dev/nullalias vi=vimecho “alias vi=vim” >>/root/.bashrccheck_okaction “vim is installed” /bin/true#set yum reposecho “===update yum repos,it will take serval mintinues===”yum install wget -ymv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bakwget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo &>/dev/nullwget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo &>/dev/nullyum clean all &>/dev/nullyum makecache &>/dev/nullcheck_okaction “yum repos update is ok” /bin/true
更多CentOS相关信息见CentOS 专题页面 http://www.68idc.cn/topicnews.aspx?tid=14
青春气贯长虹,勇敢盖过怯懦,进取压倒苟安。
