①. 模板机优化配置---hosts文件配置
[root@su ~]# \cp /etc/hosts{,.bak}
[root@su ~]# cat >/etc/hosts<<EOF
> 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
> ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
> 172.16.1.5 lb01
> 172.16.1.6 lb02
> 172.16.1.7 web01
> 172.16.1.8 web02
> 172.16.1.9 web03
> 172.16.1.51 db01
> 172.16.1.31 nfs01
> 172.16.1.41 backup
> 172.16.1.61 m01
> EOF
[root@su ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.9 web03
172.16.1.51 db01
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.61 m01
[root@su ~]#
②. 模板机优化配置---更改yum源
CentOS6.9中的yum源是国外的地址,会影响我们的下载速度,因此我们改为阿里云提供的地址
/etc/yum.repos.d/CentOS-Base.repo 是基本的yum源
/etc/yum.repos.d/epel.repo 是额外的源
[root@su ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
--2019-11-06 23:52:41-- http://mirrors.aliyun.com/repo/Centos-6.repo
Resolving mirrors.aliyun.com... 114.80.179.245, 114.80.179.243, 114.80.179.242, ...
Connecting to mirrors.aliyun.com|114.80.179.245|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2523 (2.5K) [application/octet-stream]
Saving to: “/etc/yum.repos.d/CentOS-Base.repo”
100%[=============================================================================================================>] 2,523 --.-K/s in 0s
2019-11-06 23:52:46 (791 MB/s) - “/etc/yum.repos.d/CentOS-Base.repo” saved [2523/2523]
[root@su ~]#wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
--2019-11-06 23:52:50-- http://mirrors.aliyun.com/repo/epel-6.repo
Resolving mirrors.aliyun.com... 114.80.179.246, 114.80.179.243, 114.80.179.245, ...
Connecting to mirrors.aliyun.com|114.80.179.246|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 664 [application/octet-stream]
Saving to: “/etc/yum.repos.d/epel.repo”
100%[=============================================================================================================>] 664 --.-K/s in 0s
2019-11-06 23:52:55 (64.3 MB/s) - “/etc/yum.repos.d/epel.repo” saved [664/664]
[root@su ~]#
进入yum源文件夹中,查看列表
[root@su ~]# cd /etc/yum.repos.d/
[root@su yum.repos.d]# ll
total 28
-rw-r--r--. 1 root root 2523 Jun 16 2018 CentOS-Base.repo
-rw-r--r--. 1 root root 647 Mar 28 2017 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root 289 Mar 28 2017 CentOS-fasttrack.repo
-rw-r--r--. 1 root root 630 Mar 28 2017 CentOS-Media.repo
-rw-r--r--. 1 root root 7989 Mar 28 2017 CentOS-Vault.repo
-rw-r--r--. 1 root root 664 May 11 2018 epel.repo
查看CentOS-Base.repo地址来源,可以看到已经变成阿里云:mirrors.aliyun.com
[root@su yum.repos.d]# cat CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
#released updates
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
[root@su yum.repos.d]#
③. 模板机优化配置---关闭selinux
sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config 属于永久关闭,需要重启系统才能生效
setenforce 0 属于临时关闭,立即生效
[root@su yum.repos.d]# sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
[root@su yum.repos.d]# grep SELINUX=disabled /etc/selinux/config
SELINUX=disabled
[root@su yum.repos.d]# setenforce 0
[root@su yum.repos.d]# getenforce
Permissive
④. 模板机优化配置---关闭iptables
[root@su yum.repos.d]# /etc/init.d/iptables stop 关闭防火墙
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@su yum.repos.d]# chkconfig iptables off 关闭防火墙的开机自启动
[root@su yum.repos.d]# /etc/init.d/iptables status 查看防火墙的状态
iptables: Firewall is not running.
[root@su yum.repos.d]#
⑤. 模板机优化配置---精简开机自启动服务
[root@su yum.repos.d]# export LANG=en
[root@su yum.repos.d]# chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash
[root@su yum.repos.d]# chkconfig --list|grep 3:on
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off
[root@su yum.repos.d]#
⑥. 模板机优化配置---提权fxw可以sudo (如果有需要请设置)
[root@su yum.repos.d]# useradd fxw
[root@su yum.repos.d]# echo 123456|passwd --stdin fxw
Changing password for user fxw.
passwd: all authentication tokens updated successfully.
[root@su yum.repos.d]# \cp /etc/sudoers /etc/sudoers.ori
[root@su yum.repos.d]# echo "fxw ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers
[root@su yum.repos.d]# tail -1 /etc/sudoers
fxw ALL=(ALL) NOPASSWD: ALL
[root@su yum.repos.d]# visudo -c
/etc/sudoers: parsed OK
[root@su yum.repos.d]#
⑦. 模板机优化配置---英文字符集
[root@su yum.repos.d]# cp /etc/sysconfig/i18n /etc/sysconfig/i18n.ori
[root@su yum.repos.d]# echo 'LANG="en_US.UTF-8"' >/etc/sysconfig/i18n
[root@su yum.repos.d]# source /etc/sysconfig/i18n
[root@su yum.repos.d]# echo $LANG
en_US.UTF-8
⑧. 模板机优化配置---时间同步 (设置时间同步的定时任务)
[root@su yum.repos.d]# echo '#time sync by lidao at 2019-11-06' >>/var/spool/cron/root
[root@su yum.repos.d]# echo '*/5 * * * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1' >>/var/spool/cron/root
[root@su yum.repos.d]# crontab -l
#time sync by lidao at 2019-11-06
*/5 * * * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1
[root@su yum.repos.d]#
⑨. 模板机优化配置---加大文件描述(系统的每个服务可以打开文件的数量)
[root@su yum.repos.d]# echo '* - nofile 65535 ' >>/etc/security/limits.conf
[root@su yum.repos.d]# tail -1 /etc/security/limits.conf
* - nofile 65535
[root@su yum.repos.d]#
⑩. 模板机优化配置---内核优化(sysctl -p 生效)
[root@su yum.repos.d]# cat >>/etc/sysctl.conf<<EOF
> net.ipv4.tcp_fin_timeout = 2
> net.ipv4.tcp_tw_reuse = 1
> net.ipv4.tcp_tw_recycle = 1
> net.ipv4.tcp_syncookies = 1
> net.ipv4.tcp_keepalive_time = 600
> net.ipv4.ip_local_port_range = 4000 65000
> net.ipv4.tcp_max_syn_backlog = 16384
> net.ipv4.tcp_max_tw_buckets = 36000
> net.ipv4.route.gc_timeout = 100
> net.ipv4.tcp_syn_retries = 1
> net.ipv4.tcp_synack_retries = 1
> net.core.somaxconn = 16384
> net.core.netdev_max_backlog = 16384
> net.ipv4.tcp_max_orphans = 16384
> #以下参数是对iptables防火墙的优化,防火墙不开会提示,可以忽略不理。
> net.nf_conntrack_max = 25000000
> net.netfilter.nf_conntrack_max = 25000000
> net.netfilter.nf_conntrack_tcp_timeout_established = 180
> net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
> net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
> net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
> EOF
[root@su yum.repos.d]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
[root@su yum.repos.d]#
(11)模板机优化配置---安装其他小软件(常用的软件)
[root@su yum.repos.d]# yum install lrzsz nmap tree dos2unix nc telnet sl -y
(12)模板机优化配置---ssh连接速度慢优化
[root@su yum.repos.d]# sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
[root@su yum.repos.d]# /etc/init.d/sshd reload
Reloading sshd: [ OK ]

