• centos7系统优化


    echo -e "33[1;41;33m########## 删除不必要的用户 ############33[0m"
    userdel adm
    userdel lp
    userdel shutdown
    userdel halt
    userdel operator
    userdel ftp
    groupdel games

     

    echo -e "33[1;41;33m############# 内核 ############33[0m"
    echo "
    fs.file-max = 999999
    net.ipv4.ip_local_port_range = 1024 65000
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_fin_timeout = 30
    net.ipv4.tcp_mem = 94500000 915000000 927000000
    net.ipv4.tcp_rmem = 10240 87380 12582912
    net.ipv4.tcp_wmem = 10240 87380 12582912
    net.ipv4.tcp_syncookies = 1
    net.ipv4.tcp_synack_retries = 1
    net.ipv4.tcp_max_syn_backlog = 262144
    net.ipv4.tcp_max_orphans=262114
    net.ipv4.tcp_max_tw_buckets = 5000
    net.ipv4.tcp_keepalive_time = 600
    net.ipv4.tcp_keepalive_probes = 3
    net.ipv4.tcp_keepalive_intvl = 15
    net.ipv4.tcp_timestamps = 0
    net.ipv4.tcp_sack = 1
    net.ipv4.tcp_slow_start_after_idle = 0
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    net.ipv4.icmp_echo_ignore_all = 0
    net.core.netdev_max_backlog =262144
    net.core.rmem_default = 6291456
    net.core.wmem_default = 6291456
    net.core.rmem_max = 12582912
    net.core.wmem_max = 12582912
    net.core.somaxconn = 65535
    kernel.msgmnb = 65536
    kernel.msgmax = 65536
    kernel.shmmax = 68719476736
    kernel.shmall = 4294967296
    kernel.sysrq = 0
    kernel.core_uses_pid = 1 " >> /etc/sysctl.conf

    echo -e "33[1;41;33m###########文件打开数 ############33[0m"
    ulimit -n 65535
    echo "ulimit -n 65535" >> /etc/rc.local
    echo "ulimit -u unlimited " >> /etc/rc.local
    echo "* soft nofile 65535" >> /etc/security/limits.conf
    echo "* hard nofile 65535" >> /etc/security/limits.conf
    echo "* soft noproc 65535" >> /etc/security/limits.conf
    echo "* hard noproc 65535" >> /etc/security/limits.conf

    echo -e "33[1;41;33m############ selinnux or firewalld ############33[0m"
    setenforce 0
    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

    firewall-cmd --set-default-zone=work
    firewall-cmd --zone=work --change-interface=em1 --permanent
    firewall-cmd --zone=work --add-port=22/tcp --permanent
    firewall-cmd --zone=work --add-port=10050/tcp --permanent
    firewall-cmd --zone=work --add-source=10.0.0.0/16 --permanent
    firewall-cmd --zone=work --add-source=10.2.2.0/24 --permanent
    firewall-cmd --reload
    systemctl stop firewalld.service
    systemctl disable firewalld.service

    echo -e "33[1;41;33m############### ssh #############33[0m"
    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
    sed -i 's/#Port 22/Port 9022/g' /etc/ssh/sshd_config
    sed -i '/#PermitRootLogin yes/aPermitRootLogin no' /etc/ssh/sshd_config
    sed -i '/#UseDNS yes/a UseDNS no' /etc/ssh/sshd_config
    sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config

     

    echo -e "33[1;41;33m############# rm限制 ##########33[0m"
    vim  /bin/securityremove

    #!/bin/bash
    #########################################################################
    # File Name: securityremove.sh
    # Author: LookBack
    # Email: admin#dwhd.org
    # Version:
    #########################################################################
    
    RMARGS="${@}"
    RMPATH="/bin/rm"
    sys1dir=$(ls / | sed 's/^///'|paste -s -d " ")
    [ "${RMARGS}" == "" ] && ${RMPATH} && exit
    
    SBRUN() {
        echo -ne "33[41;37mWhy run this command33[0m
    "
        exit 255
    }
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/data" ] && SBRUN ;done
    
    
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/" ] && SBRUN ;done
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/etc" ] && SBRUN ;done
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/boot" ] && SBRUN ;done
    
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/dev" ] && SBRUN ;done
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/home" ] && SBRUN ;done
    
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/lib" ] && SBRUN ;done
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/lib64" ] && SBRUN ;done
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/proc" ] && SBRUN ;done
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/sys" ] && SBRUN ;done
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/tmp" ] && SBRUN ;done
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/usr" ] && SBRUN ;done
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/var" ] && SBRUN ;done
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/root" ] && SBRUN ;done
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/bin" ] && SBRUN ;done
    
    if grep "$sys1dir" <<< $RMARGS >/dev/null 2>&1; then SBRUN;fi
    for i in ${@};do [ "$i" = "/sbin" ] && SBRUN ;done
    
    
    
    
    
    
    
    if [ "${RMARGS}" == '-h' ] || [ "${RMARGS}" == '--help' ];then
        ${RMPATH} ${RMARGS}
    else
        while [ "${confirm}" != "yes I do" ] && [ "${confirm}" != "no" ]; do
            echo -ne "You are going to execute "${RMPATH} 33[41;37m${RMARGS}33[0m",please confirm (yes I do or no):"
            read confirm
        done
        [ "${confirm}" == "yes I do" ] && ${RMPATH} ${RMARGS} || exit
    fi
    securityremove

    chmod 755 /bin/securityremove
    [ -f /etc/bash.bashrc ] && (sed -i "/securityremove/d" /etc/bash.bashrc && echo 'alias rm="/bin/securityremove"' >> /etc/bash.bashrc && . /etc/bash.bashrc)
    [ -f /etc/bashrc ] && (sed -i "/securityremove/d" /etc/bashrc && echo 'alias rm="/bin/securityremove"' >> /etc/bashrc && . /etc/bashrc)
    [ -f /root/.bashrc ] && (sed -i "/alias rm/d" /root/.bashrc && echo 'alias rm="/bin/securityremove"' >> /root/.bashrc && . /root/.bashrc)
    [[ -f "~/.bashrc" && "$USER" != "root" ]] &&(sed -i "/alias rm/d" ~/.bashrc && echo 'alias rm="/bin/securityremove"' >> ~/.bashrc && . ~/.bashrc)

     

    echo -e "33[1;41;33m############ 代理上网 #############33[0m"
    echo "
    export http_proxy=http://10.0.X.X:13128
    export https_proxy=http://10.0.X.X:13128
    " >> /etc/profile

     

     

     

  • 相关阅读:
    最新自然语言处理(NLP)四步流程:Embed->Encode->Attend->Predict
    Word Embedding
    知乎:GAN 的发展对于研究通用人工智能有什么意义?
    2016年总结:教师路的开启,爱情味的初尝 (下)
    WinForm 窗口缩放动画效果
    关于DrawIndexedPrimitive函数的调用
    spring mvc--默认都使用了哪些bean
    杭电 HDU 1031 Design T-Shirt
    Android选择/拍照 剪裁 base64/16进制/byte上传图片+PHP接收图片
    hdoj5645DZY Loves Balls
  • 原文地址:https://www.cnblogs.com/wangyong-blog/p/13678927.html
Copyright © 2020-2023  润新知