说明:此优化适合在Centos6上。7优化请参考:http://www.cnblogs.com/jokerbj/p/9133093.html
1、关闭防火墙
/etc/init.d/iptables stop /etc/init.d/iptables stop chkconfig iptables off
2、关闭selinux
sed -i 's#SELINUX=.*#SELINUX=disabled#g' /etc/selinux/config sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config grep SELINUX=disabled /etc/selinux/config setenforce 0 getenforce
3、更新yum源
yum -y install wget #没有先安装
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo #7为Centos-7.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo #7为epel-7.repo
cd /etc/yum.repos.d/ && mv CentOS-Base.repo CentOS-Base.repobak
mv CentOS-6.repo CentOS-Base.repo #7一样
yum clean all
yum makecache
yum update
4、精简开机启动项
chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash export LANG=en chkconfig --list|grep 3:on
5、grep高亮显示
echo -e "alias grep='grep --color=auto' alias egrep='egrep --color=auto'" >>/etc/profile #说明:定义grep命令查找的内容有颜色显示,便于查看 echo "alias ll='ls -l --color --time-style=long-iso'" >>/etc/profile #时间长格式显示 source /etc/profile
6、命令行用户&主机名颜色区分
echo 'PS1="[e[37;40m][[e[32;40m]u[e[37;40m]@h [e[35;40m]W[e[0m]]\$ "' >>/root/.bashrc source /root/.bashrc
#或者定制个性化:echo 'PS1="[e[37;40m][[e[32;40m]u[e[37;40m]@h [e[35;40m]W[e[0m]]\$ [e[33;40m]"' >>/root/.bashrc
#或者纯颜色区分:echo "export PS1='[e[33;1m][u@h W]$ [e[0m]'" >>/etc/profile && source /etc/profile
#修改终端显示用户名、主机名和日期颜色区分:PS1="[e[37;40m][[e[32;40m]u[e[37;40m]@h e[36;40m] [e[35;40m]W[e[0m]]\$ [e[33;40m]"
PS:默认的特殊符号所代表的意义:
d :代表日期,格式为weekday month date,例如:"Mon Aug 1"
H :完整的主机名称。例如:我的机器名称为:fc4.linux,则这个名称就是fc4.linux
h :仅取主机的第一个名字,如上例,则为fc4,.linux则被省略
:显示时间为24小时格式,如:HH:MM:SS
T :显示时间为12小时格式
A :显示时间为24小时格式:HH:MM
u :当前用户的账号名称
v :BASH的版本信息
w :完整的工作目录名称。家目录会以 ~代替
W :利用basename取得工作目录名称,所以只会列出最后一个目录
# :下达的第几个命令
$ :提示字符,如果是root时,提示符为:# ,普通用户则为:$
----------------------------------------------------
7、提权普通用户可以sudo
useradd zhang echo 123456|passwd --stdin zhang cp /etc/sudoers /etc/sudoers.ori echo "zhang ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers tail -1 /etc/sudoers visudo -c
8、设置系统中文字符集
cp /etc/sysconfig/i18n /etc/sysconfig/i18n.ori echo 'LANG="zh_CN.UTF-8"' >/etc/sysconfig/i18n #默认就是en_US.UTF-8
source /etc/sysconfig/i18n
echo $LANG
9、设置系统时间同步
echo '#crond-id-001:time sync by human' >>/var/spool/cron/root echo "*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1">>/var/spool/cron/root crontab -l #(或者:ntpdate cn.pool.ntp.org) #没有ntpdate命令:yum -y install ntpdate
10、加大文件描述符
echo '* - nofile 65535 ' >>/etc/security/limits.conf tail -1 /etc/security/limits.conf ulimit -SHn 65535 ulimit -n
11、优化系统内核信息
cat >>/etc/sysctl.conf<<EOF net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 #以下参数是对iptables防火墙的优化,防火墙不开会提示,可以忽略不理。 net.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_tcp_timeout_established = 180 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.wmem_max = 16777216 net.core.rmem_max = 16777216 EOF sysctl -p
12、安装系统常用小软件(大礼包)
yum install vim lrzsz nmap tree dos2unix nc zip unzip pigz -y
13、ssh连接慢速度优化
sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config /etc/init.d/sshd reload
14、释放内存加入定时任务
# 同时清除linuxRAM缓存和交换空间:https://linux.cn/article-5627-1.html
echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a && printf ' %s ' 'Ram-cache and Swap Cleared' #可加入定时任务
# 一键优化参考脚本:https://www.cnblogs.com/qianjingchen/p/8038821.html