自己常用的linux系统优化shell(Centos6 64)

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了自己常用的linux系统优化shell(Centos6 64)相关的知识,希望对你有一定的参考价值。

优化内容包括 内核(文章末尾注释掉了,看个人需求) ssh 时间同步 yum源

#!/bin/bash
#update time 20180824
#version 1.1.0
echo -e "33[31m ------------------------------ Author name is HeFangYaonie-------------------------- 33[0m"
if [[ "$(whoami)" != "root" ]]; then
echo "please run this script as root !" >&2
exit 1
fi
echo -e "33[31m the script only Support CentOS_6 x86_64 33[0m"
echo -e "33[31m system initialization script, Please Seriously. press ctrl+C to cancel 33[0m"

yn="n"
echo "please input [YN]"
echo -n "default [N]: "
read yn
if [ "$yn" != "y" -a "$yn" != "Y" ]; then
echo "bye-bye!"
exit 0
fi

for i in seq -w 3 -1 1
do
echo -ne ">>>>>$i";
sleep 1;
done
echo -e "Good Luck"

platform=uname -i
if [ $platform != "x86_64" ];then
echo "this script is only for 64bit Operating System !"
exit 1
fi
echo "the platform is ok"

distributor=lsb_release -i | awk ‘{print $NF}‘
version=lsb_release -r | awk ‘{print substr($NF,1,1)}‘
if [ $distributor != ‘CentOS‘ -o $version != ‘6‘ ]; then
echo "this script is only for CentOS 6 !"
exit 1
fi

cat << EOF
+---------------------------------------+
| your system is CentOS 6.x x86_64 |
| start optimizing |
+---------------------------------------+
EOF
sleep 5

sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g‘ /etc/selinux/config
#systemctl disable firewalld.service
systemctl stop firewalld.service
sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/‘ /etc/selinux/config
setenforce 0

sed -i ‘s/#UseDNS yes/UseDNS no/‘ /etc/ssh/sshd_config #禁止DNS反向解析客户端
#sed -i ‘s/#Port 22/Port 5199/‘ /etc/ssh/sshd_config

if [ ! -e "/etc/yum.repos.d/bak" ]; then
mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/bak/CentOS-Base.repo.backup
fi

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

#yum clean all && yum makecache
#yum -y update glibc*
#yum -y update yum* rpm* python*
#yum -y update #慎用 n多个包 网速慢的别用了
echo -e "33[31m --------------------------systeam yum source ok , base and epel for aliyun.com ----------- 33[0m"
sleep 5

yum -y install vim lrzsz bash-completion nmap htop nc tree wget ntp
echo "Tools installation is complete"

ntpdate ntp1.aliyun.com
cat >> /var/spool/cron/root << EOF
/5 * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1
EOF

date
/sbin/service crond restart
echo -e "33[31m ------------------------------update time is ok !!! --------------------------------------33[0m"
sleep 5
sed -i "/^ulimit -SHn.*/d" /etc/rc.local
echo "ulimit -SHn 102400" >> /etc/rc.local

sed -i "/^ulimit -s./d" /etc/profile
sed -i "/^ulimit -c.
/d" /etc/profile
sed -i "/^ulimit -SHn.*/d" /etc/profile

cat >> /etc/profile << EOF
ulimit -c unlimited
ulimit -s unlimited
ulimit -SHn 102400
EOF

source /etc/profile
ulimit -a
cat /etc/profile | grep ulimit
echo -e "33[31m ------------------------------- hosts ok -------------------------------------------------33[0m"
sleep 3
if [ ! -f "/etc/security/limits.conf.bak" ]; then
cp /etc/security/limits.conf /etc/security/limits.conf.bak
fi
sed -i "/^.soft.nofile/d" /etc/security/limits.conf
sed -i "/^
.hard.nofile/d" /etc/security/limits.conf
sed -i "/^.soft.nproc/d" /etc/security/limits.conf
sed -i "/^
.hard.nproc/d" /etc/security/limits.conf

cat >> /etc/security/limits.conf << EOF
#
#---------custom-----------------------

  • soft nofile 65535
  • hard nofile 65535
  • soft nproc 65535
  • hard nproc 65535
    EOF
    cat /etc/security/limits.conf | grep "^ ."
    echo -e "33[31m ------------------------------limits ok---------------------------------------------- 33[0m"
    sleep 3

if [ ! -f "/etc/sysctl.conf.bak" ]; then
cp /etc/sysctl.conf /etc/sysctl.conf.bak
fi
sed -i "/^net.ipv4.ip_forward/d" /etc/sysctl.conf
sed -i "/^net.ipv4.conf.default.rp_filter/d" /etc/sysctl.conf
sed -i "/^net.ipv4.conf.default.accept_source_route/d" /etc/sysctl.conf
sed -i "/^kernel.sysrq/d" /etc/sysctl.conf
sed -i "/^kernel.core_uses_pid/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_syncookies/d" /etc/sysctl.conf
sed -i "/^kernel.msgmnb/d" /etc/sysctl.conf
sed -i "/^kernel.msgmax/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_max_tw_buckets/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_sack/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_window_scaling/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_rmem/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_wmem/d" /etc/sysctl.conf
sed -i "/^net.core.wmem_default/d" /etc/sysctl.conf
sed -i "/^net.core.rmem_default/d" /etc/sysctl.conf
sed -i "/^net.core.rmem_max/d" /etc/sysctl.conf
sed -i "/^net.core.wmem_max/d" /etc/sysctl.conf
sed -i "/^net.core.netdev_max_backlog/d" /etc/sysctl.conf
sed -i "/^net.core.somaxconn/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_max_orphans/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_max_syn_backlog/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_timestamps/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_synack_retries/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_syn_retries/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_tw_recycle/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_tw_reuse/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_mem/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_fin_timeout/d" /etc/sysctl.conf
sed -i "/^net.ipv4.tcp_keepalive_time/d" /etc/sysctl.conf
sed -i "/^net.ipv4.ip_local_port_range/d" /etc/sysctl.conf
#sed -i "/^net.ipv4.tcp_tw_len/d" /etc/sysctl.conf

cat >> /etc/sysctl.conf << EOF
#-------custom---------------------------------------------
#
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
#net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_synack_retries = 2
#net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
#net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65535
#net.ipv4.tcp_tw_len = 1
#-------end---------------------------------------------------
EOF

#buckets
echo 6000 > /proc/sys/net/ipv4/tcp_max_tw_buckets

#delete
sed -i "/^kernel.shmmax/d" /etc/sysctl.conf
sed -i "/^kernel.shmall/d" /etc/sysctl.conf

#add
shmmax=free -l |grep Mem |awk ‘{printf("%d ",$2*1024*0.9)}‘
shmall=$[$shmmax/4]
echo "kernel.shmmax = "$shmmax >> /etc/sysctl.conf
echo "kernel.shmall = "$shmall >> /etc/sysctl.conf

#bridge
modprobe bridge
lsmod|grep bridge

#reload sysctl
/sbin/sysctl -p
echo -e "33[31m ---------------------------sysctl ok----------------------------------------------- 33[0m"
sleep 3

#系统服务优化,可适当选择下列服务
#SERVICES="acpid atd auditd avahi-daemon avahi-dnsconfd bluetooth conman cpuspeed cups dnsmasq dund firstboot hidd httpd ibmasm ip6tables irda kdump lm_sensors mcstrans messagebus microcode_ctl netconsole netfs netplugd nfs nfslock nscd oddjobd pand pcscd portmap psacct rdisc restorecond rpcgssd rpcidmapd rpcsvcgssd saslauthd sendmail setroubleshoot smb vncserver winbind wpa_supplicant ypbind"
#for service in $SERVICES
#do
#关闭所选服务随系统启动
#systemctl disable $SERVICES
#停止所选的服务
#syatemctl stop $SERVICES
#done

echo -e "33 [31m ------------------优化完成-------------------- 33[0m"

以上是关于自己常用的linux系统优化shell(Centos6 64)的主要内容,如果未能解决你的问题,请参考以下文章

Nodejs中调用系统命令Shell脚本的方法和实例

CentOS7 系统服务器初始化配置安全加固内核升级优化常用软件安装的Shell脚本分享

shell学习-常用语句

shell编程

linux常用的shell都有哪些

Linux常用的系统监控shell脚本