~~~
#!/bin/bash
#1,關閉selinux
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config
setenforce 0
getenforce
#2,關閉iptables
/etc/init.d/iptables stop
/etc/init.d/iptables stop
chkconfig iptables off
#3,精簡開機自啟動服務
chkconfig | egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash
export LANG=en
chkconfig --list | grep 3:on
#4,提權oldboy可以sudo
useradd oldboy
echo "123456"|passwd --stdin oldboy
\cp /etc/sudoers /etc/sudoers.bak
echo "oldboy ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers
tail -1 /etc/sudoers
visudo -c
#5,中文字符集
cp /etc/sysconfig/i18n /etc/sysconfig/i18n.ori
#echo 'LANG="zh_CN.UTF-8"' >/etc/sysconfig/i18n
echo 'LANG="en_US.UTF-8"' >/etc/sysconfig/i18n
source /etc/sysconfig/i18n
echo $LANG
#6,時間同步
echo '#time sync by oldboy at 2017-11-26' >> /var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpupdate ntp1.aliyun.com '>/dev/null 2>&1 >>/var/spool/cron/root
crontab -l
#7,命令行安全
#echo 'export TMOUT=300' >>/etc/profile
#echo 'export HISTSIZE=5' >>/etc/profile
#echo 'export HISTFILESIZE=5' >>/etc/profile
#tail -3 /etc/profile
#. /etc/profile
#8,加大文件描述
echo '* - nofile 65535' >>/etc/security/limits.conf
tail -1 /etc/security/limits.conf
#9,內核優化
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
#以下參數是對iptables防火墻的優化,防火墻不開會提示,可以忽略不理。
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max =25000000
net.netfilter.nf_conntrack_tcp_timeout_established= 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait= 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait= 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait= 120
EOF
#10,使用阿里云yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.bak
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.bak
wget -O /etc/yum.repos.d/epel.repo http://mirrors.alyun.com/repo/epel-6-repo
#11,命令行智能補全,自動提示
yum install bash-completion -y
#12,修改提示符路徑提示為全路徑
sed -i -r 's#(.*PS1=\"\[\\u\@\\h \\)W(\]\\\\\$ \")#\1\w\2#g' /etc/bashrc
~~~
~~~
#小結:如何優化linux:
#
#1、關閉SElinux
#2、關閉防火墻,設定運行級別為3.
#3、精簡開機自啟動服務
#4、SSH安全控制(提前建立普通用戶)
#5、sudo 管理用戶授權
#6、調整文件描述符
#7、更改合適的字符集
#8、鎖定關鍵系統文件
#9、禁止顯示內核版本及系統版本信息
#10、設置會話的超時時間及歷史記錄數
#11、禁止PING
#12、優化LINUX內核參數
#13、特定漏洞yum/rpm升級
#14、清除多余的系統虛擬賬號
#15、服務器時間同步
#16、打補丁下載軟件調整為國內的下載地址(調整yum源)
#17、定時清理郵件服務臨時目錄垃圾文件
#18、為grub菜單加密碼
~~~