# centos7常用優化配置 ## ssh優化 修改服務端配置文件 /etc/ssh/sshd\_config取消主機名與ip地址解析檢查 ~~~ sed -i 's/^#UseDNS.*$/UseDNS no/g' /etc/ssh/sshd_config sed -i 's/^GSSAPIAuthentication.*$/GSSAPIAuthentication no/g' /etc/ssh/sshd_config ~~~ 修改客戶端配置文件(執行ssh命令的機器) /etc/ssh/ssh\_config ~~~ echo ' StrictHostKeyChecking no' >> /etc/ssh/ssh_config echo ' UserKnownHostsFile /dev/null' >> /etc/ssh/ssh_config ~~~ 關閉防火墻 ~~~ systemctl stop firewalld && systemctl disable firewalld iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat ~~~ 關閉 SELinux ~~~ setenforce 0 sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config ~~~ 關閉swap ~~~ swapoff -a sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab ~~~ ## 內核參數優化 vi /etc/sysctl.conf ~~~ net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 net.ipv4.tcp_tw_recycle=0 vm.swappiness=0 # 禁止使用 swap 空間，只有當系統 OOM 時才允許使用它 vm.overcommit_memory=1 # 不檢查物理內存是否夠用 vm.panic_on_oom=0 # 開啟 OOM vm.max_map_count=2048000 fs.inotify.max_user_instances=8192 fs.inotify.max_user_watches=1048576 fs.file-max=52706963 fs.nr_open=52706963 net.ipv6.conf.all.disable_ipv6=1 net.netfilter.nf_conntrack_max=2310720 ~~~ vim /etc/security/limits.conf ~~~ * soft nofile 1024000 * hard nofile 1024000 * soft nproc unlimited * hard nproc unlimited * soft core unlimited * hard core unlimited * soft memlock unlimited * hard memlock unlimited ~~~ vim /etc/systemd/system.conf 適用于systemd服務 ~~~ DefaultLimitNOFILE=100000 DefaultLimitNPROC=65535 ~~~ 安裝必備軟件 ~~~ yum install -y epel-release sshpass git gcc yum install -y socat conntrack-tools nfs-utils ~~~