①. 模板机优化配置---hosts文件配置

[root@su ~]# \cp /etc/hosts{,.bak}
[root@su ~]# cat >/etc/hosts<<EOF
> 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
> 172.16.1.5      lb01
> 172.16.1.6      lb02
> 172.16.1.7      web01
> 172.16.1.8      web02
> 172.16.1.9      web03
> 172.16.1.51     db01
> 172.16.1.31     nfs01
> 172.16.1.41     backup
> 172.16.1.61     m01
> EOF
[root@su ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5      lb01
172.16.1.6      lb02
172.16.1.7      web01
172.16.1.8      web02
172.16.1.9      web03
172.16.1.51     db01
172.16.1.31     nfs01
172.16.1.41     backup
172.16.1.61     m01
[root@su ~]# 


 ②. 模板机优化配置---更改yum源
CentOS6.9中的yum源是国外的地址,会影响我们的下载速度,因此我们改为阿里云提供的地址
/etc/yum.repos.d/CentOS-Base.repo     是基本的yum源
/etc/yum.repos.d/epel.repo    是额外的源

[root@su ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
--2019-11-06 23:52:41--  http://mirrors.aliyun.com/repo/Centos-6.repo
Resolving mirrors.aliyun.com... 114.80.179.245, 114.80.179.243, 114.80.179.242, ...
Connecting to mirrors.aliyun.com|114.80.179.245|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2523 (2.5K) [application/octet-stream]
Saving to: “/etc/yum.repos.d/CentOS-Base.repo”

100%[=============================================================================================================>] 2,523       --.-K/s   in 0s      

2019-11-06 23:52:46 (791 MB/s) - “/etc/yum.repos.d/CentOS-Base.repo” saved [2523/2523]

[root@su ~]#wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
--2019-11-06 23:52:50--  http://mirrors.aliyun.com/repo/epel-6.repo
Resolving mirrors.aliyun.com... 114.80.179.246, 114.80.179.243, 114.80.179.245, ...
Connecting to mirrors.aliyun.com|114.80.179.246|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 664 [application/octet-stream]
Saving to: “/etc/yum.repos.d/epel.repo”

100%[=============================================================================================================>] 664         --.-K/s   in 0s      

2019-11-06 23:52:55 (64.3 MB/s) - “/etc/yum.repos.d/epel.repo” saved [664/664]

[root@su ~]# 

进入yum源文件夹中,查看列表

[root@su ~]# cd /etc/yum.repos.d/
[root@su yum.repos.d]# ll
total 28
-rw-r--r--. 1 root root 2523 Jun 16  2018 CentOS-Base.repo
-rw-r--r--. 1 root root  647 Mar 28  2017 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root  289 Mar 28  2017 CentOS-fasttrack.repo
-rw-r--r--. 1 root root  630 Mar 28  2017 CentOS-Media.repo
-rw-r--r--. 1 root root 7989 Mar 28  2017 CentOS-Vault.repo
-rw-r--r--. 1 root root  664 May 11  2018 epel.repo

查看CentOS-Base.repo地址来源,可以看到已经变成阿里云:mirrors.aliyun.com

[root@su yum.repos.d]# cat CentOS-Base.repo 
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#
 
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
 
#released updates 
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
 
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
 
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
 
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
[root@su yum.repos.d]# 


③. 模板机优化配置---关闭selinux
sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config   属于永久关闭,需要重启系统才能生效
 setenforce 0   属于临时关闭,立即生效

[root@su yum.repos.d]#  sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
[root@su yum.repos.d]# grep SELINUX=disabled /etc/selinux/config
SELINUX=disabled
[root@su yum.repos.d]# setenforce 0
[root@su yum.repos.d]# getenforce
Permissive


④. 模板机优化配置---关闭iptables

[root@su yum.repos.d]# /etc/init.d/iptables stop   关闭防火墙
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@su yum.repos.d]# chkconfig iptables off   关闭防火墙的开机自启动
[root@su yum.repos.d]# /etc/init.d/iptables status  查看防火墙的状态
iptables: Firewall is not running.
[root@su yum.repos.d]# 


⑤. 模板机优化配置---精简开机自启动服务

[root@su yum.repos.d]# export LANG=en
[root@su yum.repos.d]# chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash
[root@su yum.repos.d]# chkconfig --list|grep 3:on
crond          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
network        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
rsyslog        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
sshd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
sysstat        	0:off	1:on	2:on	3:on	4:on	5:on	6:off
[root@su yum.repos.d]# 


⑥. 模板机优化配置---提权fxw可以sudo (如果有需要请设置)

[root@su yum.repos.d]# useradd fxw
[root@su yum.repos.d]#  echo 123456|passwd --stdin fxw
Changing password for user fxw.
passwd: all authentication tokens updated successfully.
[root@su yum.repos.d]# \cp /etc/sudoers /etc/sudoers.ori
[root@su yum.repos.d]# echo "fxw  ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers
[root@su yum.repos.d]# tail -1 /etc/sudoers
fxw  ALL=(ALL) NOPASSWD: ALL 
[root@su yum.repos.d]# visudo -c
/etc/sudoers: parsed OK
[root@su yum.repos.d]# 


⑦. 模板机优化配置---英文字符集

[root@su yum.repos.d]# cp /etc/sysconfig/i18n /etc/sysconfig/i18n.ori
[root@su yum.repos.d]# echo 'LANG="en_US.UTF-8"'  >/etc/sysconfig/i18n
[root@su yum.repos.d]# source /etc/sysconfig/i18n
[root@su yum.repos.d]# echo $LANG
en_US.UTF-8


⑧. 模板机优化配置---时间同步 (设置时间同步的定时任务)

[root@su yum.repos.d]# echo '#time sync by lidao at 2019-11-06' >>/var/spool/cron/root
[root@su yum.repos.d]# echo '*/5 * * * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1' >>/var/spool/cron/root
[root@su yum.repos.d]# crontab -l
#time sync by lidao at 2019-11-06
*/5 * * * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1
[root@su yum.repos.d]# 


⑨. 模板机优化配置---加大文件描述(系统的每个服务可以打开文件的数量)

[root@su yum.repos.d]# echo '*               -       nofile          65535 ' >>/etc/security/limits.conf
[root@su yum.repos.d]# tail -1 /etc/security/limits.conf
*               -       nofile          65535 
[root@su yum.repos.d]# 


⑩. 模板机优化配置---内核优化(sysctl -p 生效

[root@su yum.repos.d]# cat >>/etc/sysctl.conf<<EOF
> net.ipv4.tcp_fin_timeout = 2
> net.ipv4.tcp_tw_reuse = 1
> net.ipv4.tcp_tw_recycle = 1
> net.ipv4.tcp_syncookies = 1
> net.ipv4.tcp_keepalive_time = 600
> net.ipv4.ip_local_port_range = 4000    65000
> net.ipv4.tcp_max_syn_backlog = 16384
> net.ipv4.tcp_max_tw_buckets = 36000
> net.ipv4.route.gc_timeout = 100
> net.ipv4.tcp_syn_retries = 1
> net.ipv4.tcp_synack_retries = 1
> net.core.somaxconn = 16384
> net.core.netdev_max_backlog = 16384
> net.ipv4.tcp_max_orphans = 16384
> #以下参数是对iptables防火墙的优化,防火墙不开会提示,可以忽略不理。
> net.nf_conntrack_max = 25000000
> net.netfilter.nf_conntrack_max = 25000000
> net.netfilter.nf_conntrack_tcp_timeout_established = 180
> net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
> net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
> net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
> EOF
[root@su yum.repos.d]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000    65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
[root@su yum.repos.d]# 


(11)模板机优化配置---安装其他小软件(常用的软件)

[root@su yum.repos.d]# yum install lrzsz nmap tree dos2unix nc telnet sl -y


​​​​​​​(12)模板机优化配置---ssh连接速度慢优化

[root@su yum.repos.d]# sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g'  /etc/ssh/sshd_config
[root@su yum.repos.d]# /etc/init.d/sshd reload
Reloading sshd:                                            [  OK  ]

 

最后修改于 2019-11-06 15:41:51
如果觉得我的文章对你有用,请随意赞赏
扫一扫支付
上一篇