@Ubuntu系统优化

文章目录

• • 1.系统软件源
  • 2.服务器时间同步
  • 3.常用软件安装
  • 4.系统资源限制优化
  • 5.系统常规优化

1.系统软件源

#查看ubuntu版本
root@zeny:~# lsb_release    -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04 LTS
Release:        22.04
Codename:       jammy
root@zeny:~# cat /proc/version
Linux version 5.15.0-37-generic (buildd@lcy02-amd64-031) (gcc (Ubuntu 11.2.0-19ubuntu1) 11.2.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #39-Ubuntu SMP Wed Jun 1 19:16:45 UTC 2022
root@zeny:~# cat /etc/issue
Ubuntu 22.04 LTS \n \l
root@zeny:~# 


#更换系统软件源
#备份软件源（默认使用的为Ubuntu官方软件源）
root@ubuntu:~# sudo cp -r /etc/apt/sources.list/etc/apt/sources.list.bak
#替换为阿里云源
root@ubuntu:~# sudo sed -i "s/\/\/.*archive.ubuntu.com/\/\/mirrors.aliyun.com/g;s/\/\/.*security.ubuntu.com/\/\/mirrors.aliyun.com/g" /etc/apt/sources.list

#系统清理缓存
root@zeny:~# sudo apt clean
root@zeny:~# sudo apt autoremove
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.



#软件源更新及系统更新
root@ubuntu:~# apt update
root@ubuntu:~# sudo apt upgrade




#关闭防火墙并禁用
root@ubuntu:~# sudo ufw disable
#停止服务并加入开机不自启
root@ubuntu:~# sudo systemctl stop ufw && sudo systemctl disable ufw

2.服务器时间同步

#安装时间同步软件包
root@zeny:~# sudo  egrep "^[^#]" /etc/systemd/timesyncd.conf 
[Time]
NTP=ntp.aliyun.com
root@zeny:~# sudo timedatectl set-timezone Asia/Shanghai
root@zeny:~# sudo timedatectl set-ntp off
root@zeny:~# sudo timedatectl set-ntp on
root@zeny:~# sudo systemctl daemon-reload
root@zeny:~# sudo systemctl restart systemd-timesyncd


root@ubuntu:~# sudo apt install ntpdate
root@ubuntu:~# sudo ntpdate ntp.aliyun.com
13 Jun 14:22:16 ntpdate[27885]: adjust time server 203.107.6.88 offset -0.041956 sec
root@ubuntu:~# date
Mon Jun 13 02:22:19 PM UTC 2022
root@ubuntu:~# hwclock 
2022-06-13 14:22:36.559006+00:00


#将时间更新到硬件上
root@ubuntu:~# sudo hwclock --localtime --systohc

3.常用软件安装

#卸载不常用软件
root@zeny:~# sudo apt-get remove thunderbird totem rhythmbox empathy brasero simple-scan gnome-mahjongg aisleriot gnome-mines transmission-common gnome-orca webbrowser-app gnome-sudoku libreoffice-common
root@zeny:~# sudo apt purge ufw lxd lxd-client lxcfs lxc-common





#安装常用软件工具
root@zeny:~# sudo apt install iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev make make-guile zlib1g-dev gcc openssh-server iotop unzip zip
root@zeny:~# sudo apt-get install -y htop net-tools openssl

4.系统资源限制优化

#安全限制优化
root@ubuntu:~# vim  /etc/security/limits.conf
#root账⼾的资源软限制和硬限制
root soft core unlimited
root hard core unlimited
root soft nproc 1000000
root hard nproc 1000000
root soft nofile 1000000
root hard nofile 1000000
root soft memlock 32000
root hard memlock 32000
root soft msgqueue 8192000
root hard msgqueue 8192000
#其他账⼾的资源软限制和硬限制
* soft core unlimited
* hard core unlimited
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
* soft memlock 32000
* hard memlock 32000
* soft msgqueue 8192000
* hard msgqueue 8192000

#内核参数优化
root@zeny:~# sudo vim /etc/sysctl.conf
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# # Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# # Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920
# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
# tcp conn reuse
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001 65000
# swap
vm.overcommit_memory = 0
vm.swappiness = 10
#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2

#安装OpenJDK可用命令直接安装
root@ubuntu:~# sudo apt install openjdk-8-jdk

#或者安装oracle JDK，解压压缩文件并设置环境变量：
#解压⼆进制⽂件并设置软连接：
root@ubuntu:~# sudo tar xf jdk-8u212-linux-x64.tar.gz
root@ubuntu:~# sudo ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk

#配置环境变量：
root@ubuntu:~# sudo vim /etc/profile
export JAVA_HOME=/usr/local/jdk
export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH
export CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar

#重新导⼊环境变量并验证：
root@ubuntu:~# sudo source /etc/profile
root@ubuntu:~# sudo java -version
java version "1.8.0_212"
Java(TM) SE Runtime Environment (build 1.8.0_212-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.212-b10, mixed mode)

5.系统常规优化

#主机名称修改
root@ubuntu:~# sudo vim /etc/hostname  # 配置文件修改，需要重启
root@ubuntu:~# hostname
ubuntu
root@ubuntu:~# sudo hostnamectl set-hostname zeny
root@zeny:~# hostname
zeny






#网卡名称优化：网卡名称修改为eth*格式，安装系统时默认安装，可以按以下方式修改网卡名称
root@zeny:~# egrep "^[^#]"  /etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"   #修改此项即可，引号添加此内容
root@zeny:~# sudo update-grub                      #重载更新一下修改的配置
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.15.0-37-generic
Found initrd image: /boot/initrd.img-5.15.0-37-generic
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
done

root远程登录配置

#允许root远程登录（ubuntu默认root用户不支持远程登录，修改以下即可）
root@zeny:~# egrep "^[^#]" /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
PermitRootLogin yes                #默认禁止登录，改为允许 登录即可
PasswordAuthentication yes         #打开密码认证
KbdInteractiveAuthentication no  
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp  /usr/lib/openssh/sftp-server
PasswordAuthentication yes
root@zeny:~# 



#测试远程登录
zeny@zeny:~$ systemctl restart sshd
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'ssh.service'.
Authenticating as: ubuntu (zeny)
Password: 
==== AUTHENTICATION COMPLETE ===
zeny@zeny:~$ ssh root@192.168.1.140
The authenticity of host '192.168.1.140 (192.168.1.140)' can't be established.
ED25519 key fingerprint is SHA256:9I0192/QGCYOrEt89+4Q5JqEx4goeXY+XFdUeqSoOEk.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.1.140' (ED25519) to the list of known hosts.
root@192.168.1.140's password: 
Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-37-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Mon Jun 13 03:18:26 PM UTC 2022

  System load:  0.0498046875      Processes:              230
  Usage of /:   28.6% of 9.75GB   Users logged in:        2
  Memory usage: 11%               IPv4 address for ens33: 192.168.1.140
  Swap usage:   0%

 * Super-optimized for small spaces - read how we shrank the memory
   footprint of MicroK8s to make it the smallest full K8s around.

   https://ubuntu.com/blog/microk8s-memory-optimisation

0 updates can be applied immediately.


Last login: Mon Jun 13 13:43:31 2022
root@zeny:~#    
root@zeny:~# whoami   #远程登录测试成功
root

ssh连接优化

#优化ssh连接速度
root@zeny:~# sudo sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
root@zeny:~# sudo sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
root@zeny:~# sudo systemctl restart sshd.service

ssh默认端口修改

#默认端口修改
root@zeny:~# sudo vim /etc/ssh/sshd_config
#Port 22
root@zeny:~# sudo systemctl restart sshd

服务ip地址修改

#临时修改
root@zeny:~# ifconfig ens33 192.168.1.100/24
root@zeny:~# ifconfig ens33 down #停止网卡
root@zeny:~# ifconfig ens33 up   #启动网卡


#静态ip设置方式(手动配置)

#Ubuntu 17.10版本之前网卡配置文件
root@zeny:~# sudo vim /etc/network/interfaces
auto lo
iface lo inet loopback
#ens33为网卡名，ifconfig可查看网卡名
auto ens33
iface ens33 inet static
address 192.168.1.120
netmask 255.255.255.0
gateway 192.168.1.2
#设置dns服务器
dns-nameservers 119.29.29.29
root@zeny:~# /etc/init.d/networking restart




#Ubuntu 17.10版本之后网卡配置文件（手动添加以下配置文件）
root@zeny:~# egrep "^[^#]" /etc/netplan/00-installer-config.yaml
network:
  version: 2
  #renderer: NetworkManager
  ethernets:
    ens33:
      dhcp4: no
      dhcp6: no
      addresses: [192.168.1.110/24] 
      gateway4: 192.168.1.2
      nameservers:
        addresses: [8.8.8.8,114.114.114.114] 
root@zeny:~# netplan apply  #刷新配置，生效配置文件

** (generate:108412): WARNING **: 00:50:40.773: `gateway4` has been deprecated, use default routes instead.
See the 'Default routes' section of the documentation for more details.

** (process:108410): WARNING **: 00:50:41.100: `gateway4` has been deprecated, use default routes instead.
See the 'Default routes' section of the documentation for more details.
root@zeny:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:66:13:53 brd ff:ff:ff:ff:ff:ff
    altname enp2s1
    inet 192.168.1.110/24 brd 192.168.1.255 scope global ens33
       valid_lft forever preferred_lft forever