1. 使用yum安裝常用軟件:
yum install -y wget sysstat tcpdump ntp unzip vixie-cron crontabs lynx rpmforge
2. 改時區
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
運行crontab -e
01 00 * * * /usr/sbin/ntpdate 210.72.145.44
3. 關閉selinux
vi /etc/selinux/config
將SELINUX= enforcing 改爲SELINUX=disabled
4. 調整最大打開文件句柄數
vi /etc/sysctl.conf,插入下行:
fs.file-max = 65535
vi /etc/security/limits.conf文件中設置最大打開文件數, 下面是一行提示:
* - nofile 65535
保存,重啓。啓動後 ulimit -n驗證
5. 改主機名
vi /etc/sysconfig/network
HOSTNAME=**
vi /etc/hosts
127.0.0.1 **
6. 禁用ipv6
vi /etc/modprobe.conf 插入以下兩句
alias net-pf-10 off
alias ipv6 off
7. 優化linux內核參數
vi /etc/sysctl.conf 最後插入以下幾句
#wxd Add
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
8. 服務優化腳本
for i in `ls /etc/rc3.d/S*`
do
CURSRV=`echo $i|cut -c 15-`
echo $CURSRV
case $CURSRV in
crond | irqbalance | microcode_ctl | network | random | sshd | syslog | local | iptables )
echo "Base services, Skip!"
;;
*)
echo "change $CURSRV to off"
chkconfig --level 235 $CURSRV off
service $CURSRV stop
;;
esac
done
9. 更改ssh默認連接端口,禁止root登錄
cat /etc/ssh/sshd_config
Port 10082
PermitRootLogin no