1.禁用swap分区
swapoff -a && sysctl -w vm.swappiness=0 sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab grep swap /etc/fstab
2. 禁用防火墙和selinux
2.1禁用防火墙,网络管理,邮箱
1 systemctl disable --now firewalld NetworkManager postfix
2.2 禁用selinux
2.2.1 命令行直接修改
修改: setenforce 0 查看: getenforce
2.2.2 基于配置文件进行修改
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config grep ^SELINUX= /etc/selinux/config
3. 配置sshd优化
sed -ri 's@^#UseDNS yes@UseDNS no@g' /etc/ssh/sshd_config sed -ri 's#^GSSAPIAuthentication yes#GSSAPIAuthentication no#g' /etc/ssh/sshd_config grep ^UseDNS /etc/ssh/sshd_config grep ^GSSAPIAuthentication /etc/ssh/sshd_config
4. 修改文件打开数量的限制(退出当前会话立即生效)
基于配置文件修改 /etc/security/limits.d/file.conf * soft nofile 65535 * hard nofile 131070 生效及查看 退出远程连接重新登录即可 ulimit -Sn ulimit -Hn
5.修改终端颜色
cat <<EOF >> ~/.bashrc PS1='[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\]\[\e[31;1m\] \W\[\e[0m\]]# ' EOF source ~/.bashrc
6.基于chronyd守护进程实现集群时间同步:
6.1 手动同步时区和时间
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
6.2 安装服务chrony
yum -y install ntpdate chrony
6.3 修改配置文件
vim /etc/chrony.conf ... server ntp.aliyun.com iburst server ntp1.aliyun.com iburst server ntp2.aliyun.com iburst server ntp3.aliyun.com iburst server ntp4.aliyun.com iburst server ntp5.aliyun.com iburst
6.4启动服务
systemctl enable --now chronyd
6.5 查看服务状态
systemctl status chronyd chronyc activity -v
7. 配置yum源
7.1配置阿里源
curl -s -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo curl -s -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
注:也可以配置清华源:https://mirrors-i.tuna.tsinghua.edu.cn/
7.2 安装常用软件
yum -y install expect wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git ntpdate chrony bind-utils rsync unzip git
8.linux系统内核参数调优
8.1 调优参数文件:
vim /etc/sysctl.d/kernel.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 fs.may_detach_mounts = 1 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 fs.file-max=52706963 fs.nr_open=52706963 net.netfilter.nf_conntrack_max=2310720 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl =15 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 327680 net.ipv4.tcp_orphan_retries = 3 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.ip_conntrack_max = 65536 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_timestamps = 0 net.core.somaxconn = 16384
8.2 参数生效
sysctl --system