• centos7.2 系统基础优化


    1 安装基础软件
    yum -y install wget net-tools screen lsof tcpdump nc mtr openssl-devel vim bash-completion lrzsz nmap telnet tree gcc-c++ make

    2 同步时间
    yum install -y ntp ntpdate
    # date --确认时间与现在时间一致
    # ntpdate 0.rhel.pool.ntp.org --如果还没有同步成功,你可以用此命令手动同步一下
    # hwclock -w
    # ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime -- 修改时区

    3 加大打开文件数的限制(open files)
    ulimit -n
    ulimit -a
    vi /etc/security/limits.conf
    最后添加
    * soft nofile 65535
    * hard nofile 65535
    或者
    echo " ulimit -HSn 65535" >>/etc/rc.d/rc.local
    echo " ulimit -s 65535" >>/etc/rc.d/rc.local


    4 设置字符集
    [root@hequan ~]# echo $LANG
    zh_CN.UTF-8
    [root@hequan ~]# vi /etc/locale.conf
    LANG="en_US.UTF-8"
    [root@hequan ~]# source /etc/locale.conf

    5 禁用selinux
    [root@bogon ~]# grep -i ^selinux /etc/selinux/config
    SELINUX=enforcing
    SELINUXTYPE=targeted
    [root@bogon ~]# sed -i '/^SELINUX/s/enforcing/disabled/g' /etc/selinux/config
    [root@bogon ~]# getenforce
    Enforcing

    6.关闭防火墙安装iptables
    systemctl stop firewalld.service
    systemctl disable firewalld.service
    yum install iptables-services -y #安装

    7.修改主机名
    cat >>/etc/sysconfig/network<<EOF
    NETWORKING=yes
    HOSTNAME=你想要的主机名
    EOF
    hostnamectl set-hostname bj305app01

    8 基本操作四:网络配置
    # systemctl stop NetworkManager --停止服务
    # systemctl status NetworkManager --查看状态,确认为关闭了
    # systemctl disable NetworkManager --设置为开机不自动启动
    # vim /etc/sysconfig/network-scripts/ifcfg-enp2s0 --网卡名如果不一样,找到对应的文件就行
    BOOTPROTO="static"
    NAME="enp2s0"
    DEVICE="enp2s0"
    ONBOOT="yes"
    IPADDR=172.16.13.X
    NETMASK=255.255.255.0
    GATEWAY=172.16.13.254
    DNS1=114.114.114.114
    # /etc/init.d/network restart --network服务这里默认还是可以使用原来的管理方法

    9 优化内核
    cat /etc/sysctl.conf
    #CTCDN系统优化参数
    #关闭ipv6节省系统资源
    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1
    #决定检查过期多久邻居条目
    net.ipv4.neigh.default.gc_stale_time=120
    #使用arp_announce / arp_ignore解决ARP映射问题
    net.ipv4.conf.default.arp_announce = 2
    net.ipv4.conf.all.arp_announce=2
    net.ipv4.conf.lo.arp_announce=2
    # 避免放大攻击
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    # 开启恶意icmp错误消息保护
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    #关闭路由转发
    net.ipv4.ip_forward = 0
    net.ipv4.conf.all.send_redirects = 0
    net.ipv4.conf.default.send_redirects = 0
    #开启反向路径过滤
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    #处理无源路由的包
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0
    #关闭sysrq功能
    kernel.sysrq = 0
    #core文件名中添加pid作为扩展名
    kernel.core_uses_pid = 1
    # 开启SYN洪水攻击保护
    net.ipv4.tcp_syncookies = 1
    #修改消息队列长度
    kernel.msgmnb = 65536
    kernel.msgmax = 65536
    #设置最大内存共享段大小bytes
    kernel.shmmax = 68719476736
    kernel.shmall = 4294967296
    #timewait的数量,默认180000
    net.ipv4.tcp_max_tw_buckets = 6000
    net.ipv4.tcp_sack = 1
    net.ipv4.tcp_window_scaling = 1
    net.ipv4.tcp_rmem = 4096 87380 4194304
    net.ipv4.tcp_wmem = 4096 16384 4194304
    net.core.wmem_default = 8388608
    net.core.rmem_default = 8388608
    net.core.rmem_max = 16777216
    net.core.wmem_max = 16777216
    #每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目
    net.core.netdev_max_backlog = 262144
    #限制仅仅是为了防止简单的DoS 攻击
    net.ipv4.tcp_max_orphans = 3276800
    #未收到客户端确认信息的连接请求的最大值
    net.ipv4.tcp_max_syn_backlog = 262144
    net.ipv4.tcp_timestamps = 0
    #内核放弃建立连接之前发送SYNACK 包的数量
    net.ipv4.tcp_synack_retries = 1
    #内核放弃建立连接之前发送SYN 包的数量
    net.ipv4.tcp_syn_retries = 1
    #启用timewait 快速回收
    net.ipv4.tcp_tw_recycle = 1
    #开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_mem = 94500000 915000000 927000000
    net.ipv4.tcp_fin_timeout = 1
    #当keepalive 起用的时候,TCP 发送keepalive 消息的频度。缺省是2 小时
    net.ipv4.tcp_keepalive_time = 1800
    net.ipv4.tcp_keepalive_probes = 3
    net.ipv4.tcp_keepalive_intvl = 15
    #允许系统打开的端口范围
    net.ipv4.ip_local_port_range = 1024 65000
    #修改防火墙表大小,默认65536
    net.netfilter.nf_conntrack_max=655350
    net.netfilter.nf_conntrack_tcp_timeout_established=1200
    # 确保无人能修改路由表
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    net.ipv4.conf.all.secure_redirects = 0
    net.ipv4.conf.default.secure_redirects = 0
    sysctl -p #生效

  • 相关阅读:
    【SCOI 2011】 糖果
    【POJ 3159】 Candies
    【POJ 1716】 Integer Intervals
    【POJ 2983】 Is the information reliable?
    【POJ 1364】 King
    【POJ 1201】 Intervals
    【POJ 1804】 Brainman
    6月10日省中提高组题解
    【POJ 3352】 Road Construction
    【POJ 1144】 Network
  • 原文地址:https://www.cnblogs.com/davidchen211/p/10081211.html
Copyright © 2020-2023  润新知