CentOS操作系统基础优化

 

内核优化

复制

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

ECHOSTR='net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time =600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 net.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_tcp_timeout_established = 180 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120' echo "$ECHOSTR" >> /etc/sysctl.conf &&\ modprobe ip_conntrack && modprobe bridge echo "modprobe ip_conntrack" >> /etc/rc.local echo "modprobe bridge" >> /etc/rc.local /sbin/sysctl -p

文件描述符

复制/etc/security/limits.conf

1 2 3 4

* hard nofile 65535 * soft nofile 65535 * hard noproc 65535 * soft noproc 65535

更新yum源，安装epel源

vi /etc/yum.repo.d/CentOS-Base.repo 略

复制

1	# yum install epel-release -y

系统时钟同步

复制

1 2 3

# yum install chrony -y # systemctl start chronyd # systemctl enable chronyd

关闭SELinux和防火墙

复制

1 2 3 4

if [ -f /etc/selinux/config ]; then sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config setenforce 0 fi

复制

1 2	# systemctl stop firewalld # systemctl disable firewalld

调整系统字符集

复制

1 2 3

# echo 'export LC_ALL=C'>> /etc/profile # echo 'export LANG=en_US.UTF-8' >> /etc/profile # source /etc/profile

安装基础工具

复制

1	# yum install wget net-tools telnet tree nmap sysstat lrzsz dos2unix -y

 

清华大学yum源--CentOS7

CentOS-Base.repo

#

The mirror system uses the connecting IP address of the client and the

update status of each mirror to pick mirrors that are updated to and

geographically close to the client. You should use this for CentOS updates

unless you are manually picking other mirrors.

#

If the mirrorlist= does not work for you, as a fall back you can try the

remarked out baseurl= line instead.

#
#

[base]
name=CentOS-$releasever - Base
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/releasever/os/releasever/os/basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=releasever&arch=releasever&arch=basearch&repo=os
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates
[updates]
name=CentOS-$releasever - Updates
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/releasever/updates/releasever/updates/basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=releasever&arch=releasever&arch=basearch&repo=updates
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/releasever/extras/releasever/extras/basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=releasever&arch=releasever&arch=basearch&repo=extras
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/releasever/centosplus/releasever/centosplus/basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=releasever&arch=releasever&arch=basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

 

原文地址：https://blog.stanley.wang/page/2/