linux系统基础调优
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了linux系统基础调优相关的知识,希望对你有一定的参考价值。
linux系统基础调优
1. 关闭selinux,清空iptables
sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘/etc/selinux/config grep SELINUX=disabled /etc/selinux/config setenforce 0 iptables -F iptables -X iptables -Z iptables -L /etc/init.d/iptables save
2. 添加普通用户并进行sudo授权管理
useradd liwen echo ‘123456‘|passwd --stdin liwen&&history-c echo ‘liwen ALL=(ALL) NOPASSWD: ALL‘>>/etc/sudoers tail /etc/sudoers
3. 更新yum源及必要软件安装
cd /etc/yum.repos.d/ /bin/mv CentOS-Base.repo CentOS-Base.repo.bak wget -O /etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-6.repo sed -i ‘s#$releasever#6#g‘ CentOS-Base.repo yum clean all yum install lrzszntpdate sysstat openssh openssl telnet tree dos2unix nmap -y
4. 定时自动更新服务器时间
echo ‘*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null
5. 精简开机自启动服务
for sun in `chkconfig --list|grep 3:on|awk ‘{print$1}‘`;do chkconfig --level 3 $sun off;done
for sun in crond rsyslog sshd network;do chkconfig--level 3 $sun on;done
chkconfig --list|grep 3:on6. 变更默认的ssh服务端口,禁止root用户远程连接
sed -i ‘s/#Port 22/Port 52113/g‘/etc/ssh/sshd_config sed -i ‘s/#PermitRootLogin yes/PermitRootLoginno/g‘ /etc/ssh/sshd_config sed -i ‘s/#PermitEmptyPasswordsno/PermitEmptyPasswords no/g‘ /etc/ssh/sshd_config sed -i ‘s/GSSAPIAuthenticationyes/GSSAPIAuthentication no/g‘ /etc/ssh/sshd_config sed -i ‘s/#UseDNS yes/UseDNS no/g‘/etc/ssh/sshd_config cat /etc/ssh/sshd_config|egrep‘PermitEmptyPasswords|UseDNS|Port|GSSAPIAuthentication|PermitRootLogin‘ /etc/init.d/sshd restart
7. 锁定关键文件系统
chattr +i /etc/passwd chattr +i /etc/inittab chattr +i /etc/shadow chattr +i /etc/group chattr +i /etc/gshadow
使用chattr命令后,为了安全我们需要将其改名
/bin/mv /usr/bin/chattr /usr/bin/任意名称
8. 调整文件描述符大小
ulimit -n echo ‘* - nofile 65535‘ >>/etc/security/limits.conf
9. 调整字符集,使其支持中文
sed -i ‘s#LANG=.*$#LANG="zh_CN.UTF-8"#g‘/etc/sysconfig/i18n source /etc/sysconfig/i18n
10. 去除系统及内核版本登录前的屏幕显示
>/etc/redhat-release >/etc/issue >/etc/issue.net >/etc/motd
11. 内核参数优化
本优化适合apache,nginx,squid多种等web应用,特殊的业务也可能需要略作调整
cat >>/etc/sysctl.conf<<EOF net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl =15 net.ipv4.tcp_retries2 = 5 net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 32768 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_wmem = 8192 131072 16777216 net.ipv4.tcp_rmem = 32768 131072 16777216 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.ip_local_port_range = 1024 65000 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 EOF tail /etc/sysctl.conf /sbin/sysctl -p
如果开启了防火墙,可以添加如下的优化参数:
net.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_tcp_timeout_established= 180 net.netfilter.nf_conntrack_tcp_timeout_time_wait =120 net.netfilter.nf_conntrack_tcp_timeout_close_wait =60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait =120
以上是关于linux系统基础调优的主要内容,如果未能解决你的问题,请参考以下文章