Centos 7系统配置

  • A+
所属分类:Linux

往往我们部署了一个新的环境,总要做一些配置,以下是我工作中总结的系统配置。

一. 更新yum源

阿里云yum源

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak;
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

第三方软件yum源

yum install epel-release 
或 
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

二.配置特权账户

sed -i "91a\longs  ALL=(ALL)       ALL" /etc/sudoers

三.修改SSH端口

sed -i 's/#Port 22/Port 2018/' /etc/ssh/sshd_config;
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

四.关闭SElinux

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config && setenforce 0

五.重启SSH服务前,添加防火墙策略

firewall-cmd --zone=public --add-port=2018/tcp --permanent;firewall-cmd --reload

六.增加用户日志

tee -a /etc/profile <<-'EOF' 
PS1="`whoami`@`hostname`:"'[$PWD]' 
PS1="\[\033[1;32;1m\][\[\033[0;32;1m\]\u:\[\033[1;34;1m\]\w\[\033[1;32;1m\]]\[\033[1;35;1m\]\\$\[\033[1;37;1m\]"
history 
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'` 
if [ "$USER_IP" = "" ] 
then 
USER_IP=`hostname` 
fi 
if [ ! -d /tmp/dbasky ] 
then 
mkdir /tmp/dbasky 
chmod 777 /tmp/dbasky 
fi 
if [ ! -d /tmp/dbasky/${LOGNAME} ] 
then 
mkdir /tmp/dbasky/${LOGNAME} 
chmod 300 /tmp/dbasky/${LOGNAME} 
fi 
export HISTSIZE=4096 
DT=`date "+%Y-%m-%d_%H:%M:%S"` 
export HISTFILE="/tmp/dbasky/${LOGNAME}/${USER_IP} dbasky.$DT" 
chmod 600 /tmp/dbasky/${LOGNAME}/*dbasky* 2>/dev/null 
EOF

使配置生效

source /etc/profile

七.优化net

tee -a /etc/sysctl.conf <<-'EOF' 
net.ipv4.neigh.default.gc_stale_time=120 
net.ipv4.conf.all.rp_filter=0 
net.ipv4.conf.default.rp_filter=0 
net.ipv4.conf.default.arp_announce = 2 
net.ipv4.conf.all.arp_announce=2 
net.ipv4.tcp_max_tw_buckets = 5000 
net.ipv4.tcp_syncookies = 1 
net.ipv4.tcp_max_syn_backlog = 1024 
net.ipv4.tcp_synack_retries = 2 
net.ipv6.conf.all.disable_ipv6 = 1 
net.ipv6.conf.default.disable_ipv6 = 1 
net.ipv6.conf.lo.disable_ipv6 = 1 
net.ipv4.conf.lo.arp_announce=2 
net.ipv4.tcp_mem = 94500000 915000000 927000000 
net.ipv4.tcp_max_orphans = 3276800 
net.ipv4.tcp_tw_reuse = 1 
net.ipv4.tcp_tw_recycle = 1 
net.ipv4.tcp_fin_timeout = 30 
EOF

八.修改文件句柄限制

tee -a /etc/security/limits.conf <<-'EOF' 
* soft nofile 1024000 
* hard nofile 1024000 
* soft nproc 512000 
* hard nproc 512000 
EOF

 

avatar

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: