#!/bin/bash #系統升級 mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup wget -O -y /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum clean all yum makecache yum update #添加epel源 cd /etc/yum.repos.d yum install -y epel-release #獲取阿里雲epel源 wget -O -y /etc/yum.repos.d/epel-7.repo yum clean all yum makecache #安裝gcc基礎庫以及sysstat工具 yum -y install gcc gcc-c++ vim-enhanced unzip unrar sysstat #配置NTP yum install chrony -y systemctl enable chronyd.service systemctl start chronyd.service #配置文件ulimit數值 ulimit -SHn 65534 echo "ulimit -SHN 65534" >> /etc/rc.local cat >> /etc/security/limits.conf << EOF * soft nofile 65534 * hard nofile 65534 EOF #基礎系統內核優化 cat >> /etc/sysctl.conf << EOF net.ipv4.tcp_syncookies=1 net.ipv4.tcp_syn_retries=1 net.ipv4.tcp_tw_recycle=1 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_fin_timeout=1 net.ipv4.tcp_keepalive_time=1200 net.ipv4.ip_local_port_range=10000 65535 net.ipv4.tcp_max_tw_buckets=36000 net.ipv4.route.gc_timeout=100 net.ipv4.tcp_syn_retries=1 net.ipv4.tcp_synack_retries=1 net.core.somaxconn=16384 net.core.netdev_max_backlog=16384 net.ipv4.tcp_max_orphans=16384 EOF /sbin/sysctl -p #禁用control-alt-delete組合鍵以防止誤操作 sed -i 's@ca::ctrlaltdel:/sbin/shutdown -t3 -r now@#ca::ctrlaltdel:/sbin/shutdown -t3 -r now@' /etc/inittab #關閉selinux sed -i 's@SELINUX=enforcing@SELINUX=disabled@' /etc/selinux/config #關閉iptables service iptables stop chkconfig iptables off #ssh服務配置優化,請保持機器中至少一個sudo權限用戶,下面的配置會禁止root遠程登錄 sed -i 's@#PermitRootLogin yes@PermitRootLogin no@' /etc/ssh/sshd_config #禁止空密碼登錄 sed -i 's@#PermitEmptyPasswords no@PermitEmptyPasswords no@' /etc/ssh/sshd_config #禁止SSH反向解析 sed -i 's@UseDNS yes@UseDNS no@' /etc/ssh/sshd_config /etc/ssh/sshd_config service sshd restart #禁用IPV6地址 echo "install ipv6 /bin/true" > /etc/modprobe.d/disable-ipv6.conf #每當系統需要加載IPV6模塊時,強制執行/bin/true來代替實際加載的模塊 echo "IPV6INIT=no" >> /etc/sysconfig/network-scripts/ifcfg-eth0 #禁用基於IPV6網絡,使之不會觸發啓動 chkconfig ip6tables off #vim 基礎語法優化 cat >> /root/.vimrc << EOF set number set ruler set nohlsearch set shiftwidth=2 set tabstop=4 set expandtab set cindent set autoindent set mouse=v syntax on EOF #精簡開機自啓動服務,安裝最小化服務的機器初始可以只保留crond|network|rsyslog|sshd這4個服務 for i in `chkconfig --list|grep 3:on|awk '{print $1}'`;do chkconfig --level 3 $i off;done for CURSRV in crond rsyslog sshd network;do chkconfig --level 3 $CURSRV on;done #重啓服務器 reboot