- A+
所属分类:Linux
往往我们部署了一个新的环境,总要做一些配置,以下是我工作中总结的系统配置。
一. 更新yum源
阿里云yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak; curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
第三方软件yum源
yum install epel-release 或 rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
二.配置特权账户
sed -i "91a\longs ALL=(ALL) ALL" /etc/sudoers
三.修改SSH端口
sed -i 's/#Port 22/Port 2018/' /etc/ssh/sshd_config; sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
四.关闭SElinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config && setenforce 0
五.重启SSH服务前,添加防火墙策略
firewall-cmd --zone=public --add-port=2018/tcp --permanent;firewall-cmd --reload
六.增加用户日志
tee -a /etc/profile <<-'EOF'
PS1="`whoami`@`hostname`:"'[$PWD]'
PS1="\[\033[1;32;1m\][\[\033[0;32;1m\]\u:\[\033[1;34;1m\]\w\[\033[1;32;1m\]]\[\033[1;35;1m\]\\$\[\033[1;37;1m\]"
history
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
if [ "$USER_IP" = "" ]
then
USER_IP=`hostname`
fi
if [ ! -d /tmp/dbasky ]
then
mkdir /tmp/dbasky
chmod 777 /tmp/dbasky
fi
if [ ! -d /tmp/dbasky/${LOGNAME} ]
then
mkdir /tmp/dbasky/${LOGNAME}
chmod 300 /tmp/dbasky/${LOGNAME}
fi
export HISTSIZE=4096
DT=`date "+%Y-%m-%d_%H:%M:%S"`
export HISTFILE="/tmp/dbasky/${LOGNAME}/${USER_IP} dbasky.$DT"
chmod 600 /tmp/dbasky/${LOGNAME}/*dbasky* 2>/dev/null
EOF
使配置生效
source /etc/profile
七.优化net
tee -a /etc/sysctl.conf <<-'EOF' net.ipv4.neigh.default.gc_stale_time=120 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.all.arp_announce=2 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 1024 net.ipv4.tcp_synack_retries = 2 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv4.conf.lo.arp_announce=2 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 30 EOF
八.修改文件句柄限制
tee -a /etc/security/limits.conf <<-'EOF' * soft nofile 1024000 * hard nofile 1024000 * soft nproc 512000 * hard nproc 512000 EOF
