centos7系统初始化优化选项

1.设置主机名


hostnamectl set-hostname node3

2.防火墙服务设置

iptables -F
iptables -L
systemctl stop firewalld.service
systemctl disable firewalld.service 

3.修改网卡名称

/usr/sbin/ip addr|grep eth0  >/dev/null
     RETVAL=$?
      if [ $RETVAL -ne 0 ];then
          /usr/bin/mv /etc/sysconfig/network-scripts/ifcfg-e* /etc/sysconfig/network-scripts/ifcfg-eth0 >/dev/null 2>&1
          sed -i 's/quiet/quiet net.ifnames=0 biosdevname=0/g' /etc/default/grub
          sed -i 's/^DEVICE/#DEVICE/g' /etc/sysconfig/network-scripts/ifcfg-e*
          sed -i '1i DEVICE=eth0' /etc/sysconfig/network-scripts/ifcfg-e*
         /usr/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg >/dev/null 2>&1
          Msg "Device--[WARNING]effecting after reboot~~~"
     else
         echo "the name of eths is exist"
    fi

4.关闭网卡图形化设置模式

systemctl stop NetworkManager.service 
systemctl disable NetworkManager.service 

5.History历史记录配置

sed -i s#HISTSIZE=1000#HISTSIZE=10000#g /etc/profile
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile

6.Selinux的优化


sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config setenforce 0

7.文件打开数调优

echo -e  "root soft nofile 65535\nroot hard nofile 65535\n* soft nofile 65535\n* hard nofile 65535\n"     >> /etc/security/limits.conf
sed -i 's#4096#65535#g' /etc/security/limits.d/20-nproc.conf
ulimit -SHn 65535
脚本方式
limit=`cat /etc/security/limits.conf | grep 65535 | wc -l`
if [ $limit -eq 0 ];
then
echo "ulimit -SHn 65535" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 65535
* hard nofile 65535
EOF
else
echo "ulimit ok"
fi

8.关闭swap

swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

9.修改yum源

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
 curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
 yum clean all
yum makecache

10.时间同步

mv /etc/localtime  /etc/localtime.bak 
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 
echo "# made for sync time by zhaoshuai on $(date +%F)">> /var/spool/cron/root
echo  "*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1" >>/var/spool/cron/root

11.安装一些基础软件

yum install  ntpdate yum-utils cmake ncurses-devel libaio-devel make gcc gcc-c++ lrzsz dos2unix tree bash-completion vim net-tools wget curl lsof  -y && ntpdate -u cn.pool.ntp.org

12.ssh优化

sed -i s/'#ListenAddress 0.0.0.0'/'ListenAddress 0.0.0.0'/g /etc/ssh/sshd_config
#更改端口
sed -i 's/#Port 22/Port 59422/' /etc/ssh/sshd_config
# 禁止root远程登录
sed -i 's@#PermitRootLogin yes@PermitRootLogin no@' /etc/ssh/sshd_config
# 禁止空密码登录
sed -i 's@PermitEmptyPasswords no@PermitEmptyPasswords no@' /etc/ssh/sshd_config
# 关闭SSH反向查询,以加快SSH的访问速度
sed -i 's@UseDNS yes@UseDNS no@' /etc/ssh/sshd_config /etc/ssh/sshd_config
# 重启ssh
systemctl restart sshd.service

13.开机时间优化

systemd-analyze time 
systemd-analyze blame 
systemd-analyze plot  >bootime.avg

开机启动时间

 systemd-analyze time
Startup finished in 387ms (kernel) + 1.406s (initrd) + 31.831s (userspace) = 33.626s

查看具体的使用时间

 systemd-analyze blame 
         10.812s sshd-keygen.service
         10.758s abrt-ccpp.service
          6.395s chronyd.service

生产图表

 systemd-analyze plot  >bootime.svg
 sz bootime.svg

systemctl list-unit-files|egrep "^ab|^aud|^kdump|vm|^md|^mic|^post|lvm"  |awk '{print $1}'|sed -r 's#(.*)#systemctl disable &#g'|bash

14.更新内核

yum update

15.kernel调优

cat >> /etc/sysctl.conf<<EOF
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
vm.swappiness=0
vm.max_map_count=655360
EOF
  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin
avatar

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: