一、基础优化
1、关闭SELinux
[root@aspen ~]# vim /etc/selinux/config #永久关闭SElinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled #把该处改为disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@aspen ~]# setenforce 0 #临时关闭SElinux
[root@aspen ~]# getenforce #查看SElinux状态
permissive
[root@aspen ~]# reboot
[root@aspen ~]# getenforce #重启系统后,服务状态变为Disable;
Disabled
2、关闭firewalled
[root@aspen ~]# systemctl stop firewalld #临时关闭系统防火墙
[root@aspen ~]# systemctl disable firewalld #永久关闭系统防火墙
[root@aspen ~]# systemctl status firewalld #查看系统防火墙状态
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
3、关闭NetworkManager
[root@aspen ~]# systemctl stop NetworkManager #临时关闭NetworkManager
[root@aspen ~]# systemctl disable NetworkManager #永久关闭NetworkManager
[root@aspen ~]# systemctl status NetworkManager #查看NetworkManager状态
● NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:NetworkManager(8)
4、为系统运维管理员创建普通用户,并配置sudo
[root@aspen ~]# visudo
....
99 ## Allow root to run any commands anywhere
100 root ALL=(ALL) ALL
101
......
5、调整用户登录提示信息
[root@aspen ~]# vim /etc/motd #根据实际需要和个人喜好填写内容;
[root@aspen ~]# cat /etc/motd
6、清空泄漏系统版本信息的文件
[root@aspen ~]# > /etc/issue
[root@aspen ~]# > /etc/issue.net
7、设置定时任务,自动更新时间
[root@aspen ~]# crontab -e
#sync time by Aspen 20190511
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
二、服务优化
服务配置文件修改后,需重启服务使配置文件生效
1、基础优化sshd服务
[root@aspen ~]# vim /etc/ssh/sshd_config
79 GSSAPIAuthentication no
115 UseDNS no
[root@aspen ~]# egrep -n 'GSSAPIA|UseDNS' /etc/ssh/sshd_config
79:GSSAPIAuthentication no
115:UseDNS no
2、修改系统YUM源,添加系统epel源
本文所用的YUM源是阿里云提供的YUM源;
[root@aspen ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo #修改系统YUM源
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2523 100 2523 0 0 31228 0 --:--:-- --:--:-- --:--:-- 31537
[root@aspen ~]# curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo #添加系统epel源
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 664 100 664 0 0 5170 0 --:--:-- --:--:-- --:--:-- 5187
[root@aspen ~]# yum repolist #查看系统YUM源和epel源
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
repo id repo name status
!base/7/x86_64 CentOS-7 - Base - mirrors.aliyun.com 10,019
!epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 13,229
!extras/7/x86_64 CentOS-7 - Extras - mirrors.aliyun.com 409
!updates/7/x86_64 CentOS-7 - Updates - mirrors.aliyun.com 2,076
3、安装系统常用软件
| 软件包名称 | 作用 |
|---|---|
| tree | 以树形显示目录结构 |
| vim | vi升级版 |
| wget | 下载工具 |
| bash-completion(默认源) | 自动补全增强工具,可以补全命令参数 |
| bash-completion-extras(epel) | 自动补全超级增强工具,可以补全命令参数 |
| lrzsz | 上传下载工具 rz和sz |
| net-tools | ifconfig route命令属于的软件包 |
| sysstat | sar iostat 属于的软件包 |
| iotop | 查询系统每个进程的io读写情况 swap写入情况 |
| iftop | 查询网络流量情况 |
| htop | top升级版 |
| unzip | 解压 |
| nc | ncat 类似telnet |
| nmap | 网络扫描工具 |
| telnet | 检查端口是否开启 |
| psmisc | pstree 等命令 |
| nethogs | 显示每个进程的流量情况 |
[root@aspen ~]# yum install -y tree vim wget bash-completion bash-completion-extras lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
No Match for argument: unzipnc
------------------------------------------------------------------------------------------------------------------
Total 1.4 MB/s | 7.0 MB 00:00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:bash-completion-2.1-6.el7.noarch 1/15
Installing : 1:bash-completion-extras-2.1-11.el7.noarch 2/15
Installing : net-tools-2.0-0.24.20131004git.el7.x86_64 3/15
Installing : bc-1.06.95-13.el7.x86_64 4/15
Installing : sysstat-10.1.5-17.el7.x86_64 5/15
Installing : lrzsz-0.12.20-36.el7.x86_64 6/15
Installing : wget-1.14-18.el7_6.1.x86_64 7/15
Installing : htop-2.2.0-3.el7.x86_64 8/15
Installing : tree-1.6.0-10.el7.x86_64 9/15
Installing : iftop-1.0-0.14.pre4.el7.x86_64 10/15
Installing : psmisc-22.20-15.el7.x86_64 11/15
Installing : 2:vim-enhanced-7.4.160-5.el7.x86_64 12/15
Installing : iotop-0.6-4.el7.noarch 13/15
Installing : 2:nmap-6.40-16.el7.x86_64 14/15
Installing : 1:telnet-0.17-64.el7.x86_64 15/15
Verifying : 1:telnet-0.17-64.el7.x86_64 1/15
Verifying : 2:nmap-6.40-16.el7.x86_64 2/15
Verifying : 1:bash-completion-2.1-6.el7.noarch 3/15
Verifying : iotop-0.6-4.el7.noarch 4/15
Verifying : 2:vim-enhanced-7.4.160-5.el7.x86_64 5/15
Verifying : psmisc-22.20-15.el7.x86_64 6/15
Verifying : iftop-1.0-0.14.pre4.el7.x86_64 7/15
Verifying : tree-1.6.0-10.el7.x86_64 8/15
Verifying : htop-2.2.0-3.el7.x86_64 9/15
Verifying : wget-1.14-18.el7_6.1.x86_64 10/15
Verifying : lrzsz-0.12.20-36.el7.x86_64 11/15
Verifying : 1:bash-completion-extras-2.1-11.el7.noarch 12/15
Verifying : sysstat-10.1.5-17.el7.x86_64 13/15
Verifying : bc-1.06.95-13.el7.x86_64 14/15
Verifying : net-tools-2.0-0.24.20131004git.el7.x86_64 15/15
Installed:
bash-completion.noarch 1:2.1-6.el7 bash-completion-extras.noarch 1:2.1-11.el7 bc.x86_64 0:1.06.95-13.el7
htop.x86_64 0:2.2.0-3.el7 iftop.x86_64 0:1.0-0.14.pre4.el7 iotop.noarch 0:0.6-4.el7
lrzsz.x86_64 0:0.12.20-36.el7 net-tools.x86_64 0:2.0-0.24.20131004git.el7 nmap.x86_64 2:6.40-16.el7
psmisc.x86_64 0:22.20-15.el7 sysstat.x86_64 0:10.1.5-17.el7 telnet.x86_64 1:0.17-64.el7
tree.x86_64 0:1.6.0-10.el7 vim-enhanced.x86_64 2:7.4.160-5.el7 wget.x86_64 0:1.14-18.el7_6.1
Complete!
4、修改文件描述符
文件描述符:每个进程可以打开的最大文件数量
临时修改文件描述符
ulimit -n 数字
永久修改文件描述符 修改/etc/security/limits.confecho '* - nofile 数字' >>/etc/security/limits.conf
[root@aspen ~]# ulimit -n 65535
[root@aspen ~]# echo '* - nofile 65535' >>/etc/security/limits.conf
[root@aspen ~]# tail -1 /etc/security/limits.conf
* - nofile 65535
5、修改环境变
美化命令行格式,修改PS1环境变量
export PS1="[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\] \[\e[31;1m\]\w\[\e[0m\]]\\$"
设置超时时间(单位:s)
export TIMEOUT=时间
history命令记录数量
export HISTFILE=数字
history历史记录文件内记录数量
export HISTFILESIZE=数字
history命令不记录以空格开头的命令
export HISTCONTROL=ignorespace
永久修改系统环境变量需修改/etc/profile文件后,再使用source命令使配置文件生效
export TMOUT=300 #timeout linux不进行任何操作 300s之后自动登出
export HISTFILE=1000 history 命令最多记录几条
export HISTFILESIZE=1000 history 历史记录的文件里面最多记录几条
export HISTCONTROL=ignorespace #控制history 命令如何记录 历史命令
[root@aspen ~]# tail -2 /etc/profile
export PS1="[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\] \[\e[31;1m\]\w\[\e[0m\]]\\$ "
[root@aspen ~]# export TMOUT=300 #linux不进行任何操作 300s之后自动登出
[root@aspen ~]# export HISTFILE=1000 #history 命令最多记录1000条
[root@aspen ~]# export HISTFILESIZE=1000 #history历史记录的文件里面最多记录1000条
[root@aspen ~]# export HISTCONTROL=ignorespace #history命令不记录以空格开头的命令
验证history命令不记录以空格开头的命令
[root@aspen ~]# history -c
[root@aspen ~]# ls /
bin data dev home lib64 Memory opt root sbin sys usr
boot data01 etc lib media mnt proc run srv tmp var
[root@aspen ~]# cd
[root@aspen ~]# history
1 cd
2 history
附:思维导图
Cent OS 7 系统优化.jpg
:
网友评论