• ubuntu1604系统初始化

    1.初始化网络配置

    1.1.创建工作目录

    • 生产环境下必须有个固定的目录存放一些安装软件和调试工具,
    • 否则每个管理员都随意存放软件工具,服务器的环境可以想而知
    mkdir -p /opt/{tools,scripts}
mkdir -p /data/backup
cd /opt/tools/
    • 安装常用软件工具
    apt-get update
apt-get install lrzsz vim wget curl lsof telnet net-tools ntpdate tree screen iotop iftop

    1.2.设置主机名和hosts解析

    • 修改服务器主机名
    hostname demosrv-01
vi /etc/hostname 
--------------------------------
demosrv-01
-------------------------------
    • 设置hosts域名解析
    vi /etc/hosts
--------------------------------
192.168.1.200    demosrv-01
--------------------------------

    1.3.设置固定IP地址和DNS域名解析

    1.3.1.修改主机IP

    • 1)为网卡配置静态IP地址
    sudo vim /etc/network/interfaces
--------------------------------------------
auto eth0
iface eth0 inet static
address 192.168.1.200
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 223.5.5.5
dns-nameservers 8.8.8.8
--------------------------------------------
# 重启网卡
sudo /etc/init.d/networking restart
    • 2)设定第二个IP地址(虚拟IP地址)
    sudo vim /etc/network/interfaces
--------------------------------------------
auto eth0:1
iface eth0:1 inet static
address 192.168.1.201
netmask 255.255.255.0
gateway x.x.x.x
network x.x.x.x
broadcast x.x.x.x
--------------------------------------------
# 重启网卡:
sudo /etc/init.d/networking restart

    1.3.2.设置DNS解析

    vi /etc/resolv.conf 
--------------------------------
nameserver 202.106.0.20
nameserver 8.8.8.8
--------------------------------
ip add
ping www.baidu.com

    1.4.配置 apt 源(阿里云)

    1.4.1.备份原始 apt 源配置文件

    cp /etc/apt/sources.list /etc/apt/sources.list.ori

    1.4.2.修改 apt 源配置文件(更换 apt 源)

    vim /etc/apt/sources.list
----------------------------------
# aliyun
deb http://mirrors.aliyun.com/ubuntu/ xenial main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main

deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe

deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe
----------------------------------

    1.4.3.更新源和软件版本

    apt-get update
apt-get upgrade

    1.4.4.复损坏的软件包

    # 尝试卸载出错的包,重新安装正确版本的
sudo apt-get -f install

    2.配置系统环境变量

    2.1.修改记录的历史命令数量

    echo "HISTSIZE=10000" >> /etc/profile
tail -1 /etc/profile

    2.2.设置超时自动注销登陆

    # 8h=28800s
echo " " >> /etc/profile
echo "# Auto-Logout for 4 hours by zhaoshuai on $(date +%F)." >> /etc/profile
echo "export TMOUT=28800" >> /etc/profile
tail -3 /etc/profile
source /etc/profile
echo $TMOUT

    3.配置系统安全选项

    3.1.修改 ssh 服务配置

    • 只监听IPv4端口,关闭GSSAPI秘钥认证,关闭DNS解析加速ssh连接

    • 手动修改配置文件

    vim /etc/ssh/sshd_config
-----------------------------
ListenAddress 0.0.0.0
PasswordAuthentication no
GSSAPIAuthentication no
UseDNS no
-----------------------------
    • 命令行修改
    echo "ListenAddress 0.0.0.0" >> /etc/ssh/sshd_config
echo "GSSAPIAuthentication no" >> /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config

grep ListenAddress /etc/ssh/sshd_config
grep GSSAPIAuthentication /etc/ssh/sshd_config
grep UseDNS /etc/ssh/sshd_config
    • 重启sshd服务
    /bin/systemctl restart  sshd.service
/bin/systemctl status  sshd.service

    3.2.关闭 selinux

    • 不需要

    3.3.关闭防火墙

    • 内网一般不需要使用防火墙
    systemctl stop firewalld
systemctl disable firewalld
systemctl status  firewalld

    3.4.关闭其他不用的服务

    • 邮箱服务,CentOS7默认安装postfix,而不是sendmail
    systemctl stop  postfix
systemctl disable  postfix
systemctl status  postfix
netstat -anptl

    4.修改内核参数

    4.1.修改文件句柄数

    vim /etc/security/limits.conf 
-----------------------------------
# 系统最大连接数
*    soft    nofile    65535
*    hard   nofile    65535
*    soft    nproc    65535
*    hard   nproc    65535
-----------------------------------

    4.2.配置 TIME_WAIT 参数

    • 清理 TIME_WAIT 状态的连接
    netstat -anptl|grep TIME_WAIT|wc -l
echo " " >> /etc/sysctl.conf
echo "# made by zhaoshuai for kill time_wait on $(date +%F)." >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_orphan_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf
tail -8 /etc/sysctl.conf
sysctl -p 
netstat -anptl|grep TIME_WAIT|wc -l

    4.3.让系统自动回收缓存 cache

    echo " ">>/etc/sysctl.conf
echo "# Automatic recovery memory on $(date +%F)">>/etc/sysctl.conf
echo "vm.extra_free_kbytes=209196">>/etc/sysctl.conf
sysctl -p

    5.配置时间同步

    • 安装ntp服务并配置开机自启动
    yum -y install ntp
systemctl enable ntpd
systemctl start ntpd
systemctl status ntpd
    • 手动进行时间同步
    date
/usr/sbin/ntpdate ntp1.aliyun.com
    • 配置自动同步时间
    echo "# made by zhaoshuai for sync time on $(date +%F)" >> /var/spool/cron/crontabs/root
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1' >> /var/spool/cron/crontabs/root
crontab -l
    • 注意:
    时区应该为CST为中部时区,如果是EST则为东部时区
安装CentOS系统时要去掉夏令时的选项,否则在夏令时的那一天会有时间的自动变换,
如果某个服务在时间上有要求就会导致该服务承载的业务出现问题,所以要关闭夏令时

    END
  • 相关阅读:
    win10下的MyEclipse2017 ci7 破解教程+全套资源+失败处理(转)
    layui layer.open() 弹层开启后 Enter回车 遮罩层无限弹处理
    layui 或者layer 父页面获取子页面数据 或者子页面获取父页面操作方法(转)
    layui弹出层两个以上置顶弹出
    div自动获焦并将光标定位到最后
    hibernate 的SessionFactory的getCurrentSession 与 openSession() 的区别
    形参与实参的区别
    linux下安装Mysql(干货!!!)解决mysql 1130问题,远程登录问题
    linux下安装Mysql(干货!!!)
    java文件上传与下载
  • 原文地址:https://www.cnblogs.com/tssc/p/11019239.html
Copyright © 2020-2023  润新知