Centos7 常用优化脚本

#!/bin/bash
#服务器一键优化工具

function define_check_network() {
    echo 主机名为`hostname -f`
    ping www.baidu.com -c 6
}
function define_yum () {
    #关闭selinux
        sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
    #常用软件安装
        yum clean all
        yum -y install bash vim wget curl sysstat gcc gcc-c++ make lsof sudo unzip openssh-clients net-tools systemd rpm yum rsyslog logrotate crontabs python-libs centos-release p7zip file
        yum -y update && yum -y upgrade
}
function define_tuning_services() {
        #关闭多余服务
        systemctl stop postfix firewalld chronyd cups
        #停止开机自启动
        systemctl disable postfix firewalld chronyd  cups
        echo "非关键系统服务已经关闭"
}
function define_tuning_kernel () {
#4.内核参数优化
    echo "内核参数优化"
        cp /etc/sysctl.conf /etc/sysctl.conf.bak
        cat /dev/null > /etc/sysctl.conf
cat >> /etc/sysctl.conf << EOF
##内核默认参数
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
kernel.sem=500 64000 64 256
##打开文件数参数(20*1024*1024)
fs.file-max= 20971520
##WEB Server参数
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=1200
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_rmem=4096 87380 8388608
net.ipv4.tcp_wmem=4096 87380 8388608
net.ipv4.tcp_max_syn_backlog=8192
net.ipv4.tcp_max_tw_buckets = 5000
##TCP补充参数
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 65535
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
##禁用ipv6
net.ipv6.conf.all.disable_ipv6 =1
net.ipv6.conf.default.disable_ipv6 =1
##swap使用率优化
vm.swappiness=0
EOF
echo "系统参数设置OK"
}
function define_tuning_system () {
    #加一个防呆判断
    if [ ` cat /etc/fstab |grep noatime|wc -l` = 0 ]; then 
       echo "脚本首次执行"
    else
        echo "第二次执行脚本,请手动检查错误"
    exit 1
    fi
    #磁盘IO优化
        sed -i '/xfs/s/defaults/defaults,noatime/' /etc/fstab
    ##nproc设置仅适合centos6
    #sed -i 's/1024/65535/' /etc/security/limits.d/90-nproc.conf
    ##nproc设置仅适合centos7
        sed -i 's/4096/524288/' /etc/security/limits.d/20-nproc.conf
    #管理open files数量
        echo "*  soft nofile   1024000" >> /etc/security/limits.conf
        echo "*  hard nofile   1024000" >> /etc/security/limits.conf
    #管理最大进程数
        echo "*  soft nproc   1024000" >> /etc/security/limits.conf
        echo "*  hard nproc   1024000" >> /etc/security/limits.conf  
        echo "session    required    /lib64/security/pam_limits.so" >> /etc/pam.d/login
    #全局变量设置优化
        echo 'export TMOUT=600' >> /etc/profile
        echo 'export TIME_STYLE="+%Y/%m/%d %H:%M:%S"'  >> /etc/profile
        echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile
        echo 'unset MAILCHECK' >> /etc/profile
        sed -i '/HISTSIZE/s/1000/12000/' /etc/profile
        source /etc/profile
    #关闭日志无效输出
    echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf
    systemctl restart rsyslog
    #权限优化
    #   echo 'umask 0022' >> /etc/profile
    #禁止Ctrl+Alt+Del重启
    rm -rf /usr/lib/systemd/system/ctrl-alt-del.target
    #修改运行级别
    systemctl set-default multi-user.target
    #关闭hugepage
    chmod +x /etc/rc.d/rc.local
    echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled;" >> /etc/rc.d/rc.local
    echo "echo never > /sys/kernel/mm/transparent_hugepage/defrag;" >> /etc/rc.d/rc.local
    ##启用日志压缩
    sed -i 's/'#compress'/'compress'/' /etc/logrotate.conf
    ## ssh弱密码算法修复
    echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" >> /etc/ssh/sshd_config
    ## 限制journal大小
    echo "SystemMaxUse=2048M" >> /etc/systemd/journald.conf
    echo "ForwardToSyslog=no" >> /etc/systemd/journald.conf
    echo "MaxFileSec=14day" >> /etc/systemd/journald.conf
    systemctl restart systemd-journald.service
    #系统别名设置
cat >> /etc/bashrc << EOF
##系统别名设置
alias vi='vim'
alias ls='ls -trlh --color=auto'
alias grep='grep --color=auto'
EOF
source /etc/bashrc
echo '系统别名设置完成'
}
function define_ntpdate1 () {
#本地时间同步
yum -y install ntpdate
echo "/usr/sbin/ntpdate -us ntp1.aliyun.com;hwclock -w;" >> /etc/rc.d/rc.local
##时区校正
timedatectl set-timezone Asia/Shanghai
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && hwclock -w
##时间同步
/usr/sbin/ntpdate -us ntp1.aliyun.com;hwclock -w;
cat >> /var/spool/cron/root << EOF
##时间同步
0-59/20 * * * * /usr/sbin/ntpdate -us ntp1.aliyun.com;hwclock -w;
EOF
}
function define_update () {
## yum update
cat >> /var/spool/cron/root << EOF
#yum update software
45 00 * * * /usr/bin/yum -y install bash sudo ntpdate openssh openssl vim systemd rpm yum rsyslog logrotate crontabs curl; > /dev/null 2>&1;
EOF
}
}
function denfine_swap () {
cat  >> /var/spool/cron/root << EOF
## swap enable/disable
15 * * * *  /usr/sbin/swapoff -a && /usr/sbin/swapon -a;
EOF
}
function define_localhost () {
define_yum
define_tuning_services
define_tuning_kernel
define_tuning_system
define_ntpdate1
define_update
denfine_swap
}
function define_exit () {
echo '' > /tmp/one_key.sh
exit
}
 
while :
do
echo ""
echo "服务器一键优化脚本"
echo ""
echo ""
echo " 0) 检查服务器网络           1) 本地环境专用"
echo " 2) 退出脚本"
echo
read -p "请输入一个选项: " opmode
echo
case ${opmode} in
0) define_check_network;;
1) define_localhost;;
2) define_exit;;
*) echo "无效输入" ;;
esac
done
posted @ 2022-09-04 02:45  つつつつつつ  阅读(720)  评论(1编辑  收藏  举报