Linux必备优化
Linux必备优化
1.关闭selinux
kylin系统
#临时关闭
setenforce 0
#永久关闭
[root@web04 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
#检查 显示 Disabled 就是关闭的
[root@web04 ~]# grep disabled /etc/selinux/config
SELINUX=disabled
[root@web04 ~]# getenforce
Disabled
Ubuntu系统
#在Ubuntu系统中,SELinux(Security-Enhanced Linux)实际上是默认不启用的,Ubuntu使用的是AppArmor,这是另一种Linux内核安全模块,它提供了类似于SELinux的强制访问控制(MAC)
#使用下面命令检查一下就可以了
root@ceph143:~# getenforce
Disabled
2.关闭防火墙
kylin系统
#关闭防火墙
[root@web04 ~]# systemctl stop firewalld
#关闭防火墙的开机自启动
[root@web04 ~]# systemctl disable firewalld
#检查是否关闭
[root@web04 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@web04 ~]#
Ubuntu系统
#关闭防火墙
root@ceph143:~# systemctl stop ufw
#关闭防火墙的开机自启动
root@ceph143:~# systemctl disable ufw
Synchronizing state of ufw.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ufw
#检查是否关闭
root@ceph143:~# systemctl status ufw
○ ufw.service - Uncomplicated firewall
Loaded: loaded (/lib/systemd/system/ufw.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:ufw(8)
3.(yum/apt)源修改与安装常用工具
kylin系统
#增加epel源 将阿里云的 EPEL仓库配置文件下载到你的系统中,EPEL 仓库提供了许多额外的软件包
curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
#安装麒麟常用软件
yum install -y vim tree wget bash-completion lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs expect ntpdate
Ubuntu系统
#复制并注释原有的源文件
cp /etc/apt/sources.list{,.bak}
#配置 aliyun 源
cat >/etc/apt/sources.list<<EOF
deb https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
# deb https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
EOF
#重新加载
apt update
#安装工具
apt install -y tree vim telnet lrzsz nmap ncat ntpdate
CentOS系统
#配置base源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
#增加epel源
curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
#安装常用工具
yum install -y vim tree wget bash-completion bash-completion-extras lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs expect ntpdate
yum install -y sl cowsay
4.ssh远程连接加速
关闭ssh远程连接反向解析功能,加速ssh远程连接
修改ssh服务端配置文件
#1.注释掉已有的配置
sed -i '/^GSSAPIAuthentication/s@^@#@g' /etc/ssh/sshd_config
#2.关闭对应功能
cat >>/etc/ssh/sshd_config<<EOF
UseDNS no
GSSAPIAuthentication no
EOF
#3.重启sshd
systemctl restart sshd
#4.检查
egrep '^(PermitRootLogin|GSSAPIAuthentication|UseDNS)' /etc/ssh/sshd_config
结果有2个no即可.
Ubuntu配置(默认是普通用户oldboy登陆,配置允许root远程登陆)PermitRootLogin yes
修改ssh服务端配置文件
#1.注释掉已有的配置
sed -i '/^GSSAPIAuthentication/s@^@#@g' /etc/ssh/sshd_config
#2.关闭对应功能
cat >>/etc/ssh/sshd_config<<EOF
UseDNS no
GSSAPIAuthentication no
PermitRootLogin yes
EOF
#3.重启sshd
systemctl restart sshd
#4.检查
root@ceph143:~# egrep '^(PermitRootLogin|GSSAPIAuthentication|UseDNS)' /etc/ssh/sshd_config
UseDNS no
GSSAPIAuthentication no
PermitRootLogin yes
5.时间同步与修改时区
#在 root 用户的 crontab 文件中添加定时任务,每3分钟同步一次时间,使用阿里云的 NTP 服务器 ntp.aliyun.com
cat >/var/spool/cron/root<<EOF
#1. sync time by xueboli at 20230101
*/3 * * * * /sbin/ntpdate ntp.aliyun.com >/dev/null 2>&1
EOF
#使用命令修改
timedatectl set-timezone Asia/Shanghai
或
#修改软链接
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#查看
date -R 或 ll /etc/localtime
[root@master231 ~]# date -R
Mon, 09 Sep 2024 14:58:34 +0800
[root@master231 ~]#
[root@master231 ~]# ll /etc/localtime
lrwxrwxrwx 1 root root 33 Aug 30 15:27 /etc/localtime -> /usr/share/zoneinfo/Asia/Shanghai
[root@master231 ~]#
6.修改主机名和IP的脚本
vim /server/scripts/change.sh
#!/bin/bash
#author: xueboli
#desc: change ip and hostname
#version: v7.0 final
eth0_name=ens33
eth1_name=ens34
eth0=/etc/sysconfig/network-scripts/ifcfg-$eth0_name
eth1=/etc/sysconfig/network-scripts/ifcfg-$eth1_name
#1.脚本参数个数
if [ $# -ne 2 ] ;then
echo "请输入2个参数"
exit 1
fi
#2.模板机ip地址(最后1位)
ip=`hostname -I |awk '{print $1}'|sed 's#.*\.##g'`
#3.新的ip
ip_new=`echo $2 |sed 's#^.*\.##g'`
#4.新的主机名
hostname=$1
#5.修改ip
if [ -f $eth0 ];then
sed -i "s#10.0.0.$ip#10.0.0.$ip_new#g" $eth0
else
echo "eth0网卡不存在,修改失败"
fi
if [ -f $eth1 ];then
sed -i "s#172.16.1.$ip#172.16.1.$ip_new#g" $eth1
else
echo "eth1网卡不存在,修改失败"
fi
#重启网卡
ifdown $eth0_name && ifup $eth0_name
ifdown $eth1_name && ifup $eth1_name
#6.修改主机名
hostnamectl set-hostname $hostname
思路
sh /server/scripts/change.sh 主机名 ip地址
sh /server/scripts/change.sh web01 10.0.0.7
#1.修改主机名
hostnamectl set-hostname $1
主机名修改为web01
#2.修改ip地址
1)取出目标ip的最后1位
2)替换 eth0 eth1网卡配置文件内容 210-->最后1位(7)
10.0.0.210 --> 10.0.0.7
172.16.1.210 --> 172.16.1.7
3)重启网卡
ip地址eth0: 10.0.0.7
ip地址eth1: 172.16.1.7
Ubuntu 手动修改
sudo su - root用户
cat /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
ens33:
addresses:
- 10.0.0.211/24 #IP地址 ens33
nameservers:
addresses:
- 223.5.5.5
- 223.6.6.6
search: []
routes:
- to: default
via: 10.0.0.2
ens34:
addresses:
- 172.16.1.211/24 #IP地址 ens34
nameservers:
addresses: []
search: []
version: 2
netplan apply #配置文件生效.
7.配置命令行颜色
PS1
编辑/etc/profile 或 ~/.bashrc ,写入到文件末尾
export PS1='[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\]\[\e[31;1m\] \w\[\e[0m\]]\$ '
8.配置别名
#过滤的内容会有颜色
cat >>/etc/profile<<EOF
alias grep='grep --color=auto'
alias egrep='egrep --color=auto'
EOF
# rm别名
#1.写入别名到/etc/profile中
alias rm='echo 请谨慎使用 rm 命令'
9.debian ubantu默认编辑器不是vim
vim /etc/sudoers
在env_reset这行上面写上,
Defaults editor=/usr/bin/vim
Defaults env_reset
visudo的时候默认使用的是nano编辑器
10. 配置Vim 编辑器的配置文件
#自定义的设置,如键位映射、插件配置、编辑选项等
#如果 .vimrc 文件不存在,Vim 会自动创建它
root@ceph143:~# vim ~/.vimrc
" 设置字符编码为: utf-8
set encoding=utf-8
" 设置行号
set number
" 设置制表符宽度为4个空格
set tabstop=4
set shiftwidth=4
" 设置自动缩进和智能缩进
set autoindent
set smartindent
" 显示匹配的括号
set showmatch
" 开启自动换行
set wrap
" 开启搜索时忽略大小写
set ignorecase
" 高亮显示当前行
set cursorline
" 搜索时自动高亮匹配
set hlsearch
" 启用文件类型检测
filetype plugin on
filetype indent on
" 设置原样粘贴,避免粘贴变行之类的
autocmd BufRead,BufNewFile * set paste
" 获取当前用户名
let s:current_user = $USER
" 设定默认版本号
let s:default_version = "v0.0.1"
" function! ReplaceTemplateVariables(timer_id)
function! YinZhengJieTpl(timer_id)
let l:current_date = strftime("%Y-%m-%d")
let l:current_filename = expand('%:t')
" 替换对应的占位符
execute "%s/%DATE%/" . l:current_date . "/g"
execute "%s/%FILENAME%/" . l:current_filename . "/g"
execute "%s/%User%/" . s:current_user . "/g"
execute "%s/%VERSION%/" . s:default_version . "/g"
" 设置光标位置
call cursor(9, 20)
endfunction
" 安装 Timer 插件(如果尚未安装)
if !exists('g:loaded_timer') && !exists('g:did_timer_plugin')
silent! timer defer timer_start 1
let g:did_timer_plugin = 1
endif
" 调用模板
autocmd BufNewFile *.sh 0r ~/.vimtpl | call timer_start(100, 'xueboliTpl')
root@ceph143:~#