cui914

  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理

1.禁用swap分区

swapoff -a && sysctl -w vm.swappiness=0

sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab

grep swap /etc/fstab

  

2. 禁用防火墙和selinux

2.1禁用防火墙,网络管理,邮箱

1 systemctl disable  --now firewalld NetworkManager postfix

 

2.2 禁用selinux

2.2.1 命令行直接修改

修改:
setenforce 0

查看:
getenforce

  

2.2.2 基于配置文件进行修改

sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config

grep ^SELINUX= /etc/selinux/config

 

3. 配置sshd优化

sed -ri  's@^#UseDNS yes@UseDNS no@g' /etc/ssh/sshd_config

sed -ri 's#^GSSAPIAuthentication yes#GSSAPIAuthentication no#g' /etc/ssh/sshd_config

grep ^UseDNS /etc/ssh/sshd_config

grep ^GSSAPIAuthentication  /etc/ssh/sshd_config

 

4. 修改文件打开数量的限制(退出当前会话立即生效)

基于配置文件修改
/etc/security/limits.d/file.conf

*       soft    nofile     65535

*       hard    nofile    131070


生效及查看
退出远程连接重新登录即可

ulimit -Sn

ulimit -Hn

  

 

5.修改终端颜色

cat <<EOF >>  ~/.bashrc

PS1='[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\]\[\e[31;1m\] \W\[\e[0m\]]# '

EOF

source ~/.bashrc

  

 

6.基于chronyd守护进程实现集群时间同步:

6.1 手动同步时区和时间

cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

6.2 安装服务chrony

yum -y install ntpdate chrony

 

6.3 修改配置文件

vim /etc/chrony.conf

...

server ntp.aliyun.com iburst

server ntp1.aliyun.com iburst

server ntp2.aliyun.com iburst

server ntp3.aliyun.com iburst

server ntp4.aliyun.com iburst

server ntp5.aliyun.com iburst

  

 6.4启动服务

systemctl enable --now chronyd  

  

6.5 查看服务状态

systemctl status chronyd

chronyc activity -v

 

7. 配置yum

7.1配置阿里源

curl -s -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

curl  -s -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

注:也可以配置清华源:https://mirrors-i.tuna.tsinghua.edu.cn/

 

7.2 安装常用软件

yum -y install expect wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git ntpdate chrony bind-utils rsync unzip git

 

8.linux系统内核参数调优

8.1 调优参数文件:

vim /etc/sysctl.d/kernel.conf

net.ipv4.ip_forward = 1

net.bridge.bridge-nf-call-iptables = 1

net.bridge.bridge-nf-call-ip6tables = 1

fs.may_detach_mounts = 1

vm.overcommit_memory=1

vm.panic_on_oom=0

fs.inotify.max_user_watches=89100

fs.file-max=52706963

fs.nr_open=52706963

net.netfilter.nf_conntrack_max=2310720

net.ipv4.tcp_keepalive_time = 600

net.ipv4.tcp_keepalive_probes = 3

net.ipv4.tcp_keepalive_intvl =15

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_max_orphans = 327680

net.ipv4.tcp_orphan_retries = 3

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.ip_conntrack_max = 65536

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_timestamps = 0

net.core.somaxconn = 16384

  

8.2 参数生效

sysctl --system

 

 

posted on 2023-09-05 21:02  似梦非醒  阅读(128)  评论(0编辑  收藏  举报