centos所有服务器模板机的基本优化
sed -i ‘s/SELINUX=enforing/SELINUX=disabled/’ /etc/selinux/config grep SELINUX=disabled /etc/selinux/config setforce =0 getenforce
/etc/init.d/iptables stop /etc/init.d/iptables stop Chkconfig iptables off
chkconfig |egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}' |bash chkconfig --list |grep 3:on
cp /etc/sudoers /etc/sudoers.ori echo "oldboy ALL=(ALL) NOPASSWD:ALL">>/etc/sudoers tail -l /etc/sudoers visudo -c
echo '#time sync by oldboy at 2010-2-1' >>/var/spool/cron/root echo '*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2&1' >>/var/spool/cron/root crontab -l
echo '* - nofile 65535' >>/etc/security/limits.conf tail -l /etc/security/limits.conf
cat /etc/sysctl.conf <<EOF > > net.ipv4.tcp_fin_timeout=2 > > net.ipv4.tcp_tw_reuse=1 > > net.ipv4.tcp_tw_recycle=1 > > net.ipv4.tcp_syncookies=1 > > net.ipv4.tcp_keepalive_time=600 > > net.ipv4.ip_local_port_range=4000 65000 > > net.ipv4.tcp_max_syn_backlog=16384 > > net.ipv4.tcp_max_tw_buckets=36000 > > net.ipv4.route.gc_timeout=100 > > net.ipv4.tcp_syn_retries=1 > > net.ipv4.tcp_synack_retries=1 > > net.core.somaxconn=16384 > > net.core.netdev_max_backolg=16384 > > net.ipv4.tcp_max_orphans=16384 > > net.nf_conntrack_max=25000000 > > net.netfilter.nf_conntrack_max=25000000 > net.netfilter.nf_conntrack_tcp_timeout_established=180 > net.netfilter.nf_conntrack_tcp_timeout_time_wait=120 > net.netfilter.nf_conntrack_tcp_timeout_close_wait=60 > net.netfilter.nf_conntrack_tcp_timeout_fin_wait=120 > EOF