Centos 7系统配置

往往我们部署了一个新的环境,总要做一些配置,以下是我工作中总结的系统配置。

一. 更新yum源

阿里云yum源

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak;
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

第三方软件yum源

yum install epel-release 
或 
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

二.配置特权账户

sed -i "91a\longs  ALL=(ALL)       ALL" /etc/sudoers

三.修改SSH端口

sed -i 's/#Port 22/Port 2018/' /etc/ssh/sshd_config;
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

四.关闭SElinux

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config && setenforce 0

五.重启SSH服务前,添加防火墙策略

firewall-cmd --zone=public --add-port=2018/tcp --permanent;firewall-cmd --reload

六.增加用户日志


使配置生效

source /etc/profile

七.优化net

tee -a /etc/sysctl.conf <<-'EOF' 
net.ipv4.neigh.default.gc_stale_time=120 
net.ipv4.conf.all.rp_filter=0 
net.ipv4.conf.default.rp_filter=0 
net.ipv4.conf.default.arp_announce = 2 
net.ipv4.conf.all.arp_announce=2 
net.ipv4.tcp_max_tw_buckets = 5000 
net.ipv4.tcp_syncookies = 1 
net.ipv4.tcp_max_syn_backlog = 1024 
net.ipv4.tcp_synack_retries = 2 
net.ipv6.conf.all.disable_ipv6 = 1 
net.ipv6.conf.default.disable_ipv6 = 1 
net.ipv6.conf.lo.disable_ipv6 = 1 
net.ipv4.conf.lo.arp_announce=2 
net.ipv4.tcp_mem = 94500000 915000000 927000000 
net.ipv4.tcp_max_orphans = 3276800 
net.ipv4.tcp_tw_reuse = 1 
net.ipv4.tcp_tw_recycle = 1 
net.ipv4.tcp_fin_timeout = 30 
EOF

八.修改文件句柄限制

tee -a /etc/security/limits.conf <<-'EOF' 
* soft nofile 1024000 
* hard nofile 1024000 
* soft nproc 512000 
* hard nproc 512000 
EOF

 

THE END
分享
二维码
< <上一篇
下一篇>>