17、基礎優化項目一鍵代碼

sed -i 's#SELINUX=enforcing#SELINUX=disabled#' /etc/selinux/config

grep SELINUX=disabled /etc/selinux/config

setenforce 0

getenforce

/etc/init.d/iptables stop

/etc/init.d/iptables stop

chkconfig iptables off

chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash

useradd oldboy

\cp /etc/sudoers /etc/sudoers.bak

echo "oldboy ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

tail -l /etc/sudoers

visudo -c

echo '#time sync by 20has at 2017-5-9' >>/var/spool/cron/root

echo '*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1' >>/var/spool/cron/root

crontab -l

echo 'export TMOUT=3000' >> /etc/profile

echo 'export HISTSIZE=5'  >> /etc/profile

echo 'export HISTFILESIZE=5' >> /etc/profile

tail -3 /etc/profile

. /etc/profile

echo '*                -       nofile          65535' >> /etc/security/limits.conf

tail -l /etc/security/limits.conf

#about selinux

cat >> /etc/sysctl.conf <<EOF

net.ipv4.tcp_fin_timeout = 2

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_keepalive_time = 600

net.ipv4.ip_local_port_range = 4000   65000

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.route.gc_timeout = 100

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_synack_retries = 1

net.core.somaxconn = 16384

net.core.netdv_max_backlog = 16384

net.ipv4.tcp_max_orphans = 16384

#以下參數是對iptables防火牆的優化，防火牆不開會提示，可以忽略不理。

net.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_tcp_timeout_established = 180

net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120

net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

EOF

#yumrepo

cp /etc/yum.repos.d/CentOS-Base.repo{,.backup}

yum -y install wget

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo

#yum clean all                     #清理緩存

#yum makecache                #建立本地緩存

#mv /etc/yum.repos.d/epel.repo{,.backup}

#mv /etc/yum.repos.d/epel-testing.repo{,.backup}

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

yum -y install lrzsz nmap tree dos2unix nc    

yum groupinstall -y "Base" "Compatibility libraries" "Debugging Tools" "Development tools"     #安裝基礎軟件（特別是針對最小化安裝centos）