自己常用的linux系统优化shell（Centos6 64）

优化内容包括 内核(文章末尾注释掉了，看个人需求) ssh 时间同步 yum源

#!/bin/bash #update time 20180824 #version 1.1.0 echo -e "\033[31m ------------------------------ Author name is HeFangYaonie-------------------------- \033[0m" if [[ "$(whoami)" != "root" ]]; then echo "please run this script as root !" >&2 exit 1 fi echo -e "\033[31m the script only Support CentOS_6 x86_64 \033[0m" echo -e "\033[31m system initialization script, Please Seriously. press ctrl+C to cancel \033[0m"

yn="n" echo "please input [Y\N]" echo -n "default [N]: " read yn if [ "$yn" != "y" -a "$yn" != "Y" ]; then echo "bye-bye!" exit 0 fi

for i in seq -w 3 -1 1 do echo -ne "\b>>>>>$i"; sleep 1; done echo -e "\b\Good Luck"

platform=uname -i if [ $platform != "x86_64" ];then echo "this script is only for 64bit Operating System !" exit 1 fi echo "the platform is ok"

distributor=lsb_release -i | awk '{print $NF}' version=lsb_release -r | awk '{print substr($NF,1,1)}' if [ $distributor != 'CentOS' -o $version != '6' ]; then echo "this script is only for CentOS 6 !" exit 1 fi

cat << EOF +---------------------------------------+ | your system is CentOS 6.x x86_64 | | start optimizing | +---------------------------------------+ EOF sleep 5

sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
#systemctl disable firewalld.service systemctl stop firewalld.service sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config setenforce 0

sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config #禁止DNS反向解析客户端 #sed -i 's/#Port 22/Port 5199/' /etc/ssh/sshd_config

if [ ! -e "/etc/yum.repos.d/bak" ]; then mkdir /etc/yum.repos.d/bak mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/bak/CentOS-Base.repo.backup fi

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

#yum clean all && yum makecache #yum -y update glibc* #yum -y update yum* rpm* python* #yum -y update #慎用 n多个包 网速慢的别用了 echo -e "\033[31m --------------------------systeam yum source ok , base and epel for aliyun.com ----------- \033[0m" sleep 5

yum -y install vim lrzsz bash-completion nmap htop nc tree wget ntp echo "Tools installation is complete"

ntpdate ntp1.aliyun.com cat >> /var/spool/cron/root << EOF */5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1 EOF

date /sbin/service crond restart echo -e "\033[31m ------------------------------update time is ok !!! --------------------------------------\033[0m" sleep 5 sed -i "/^ulimit -SHn.*/d" /etc/rc.local echo "ulimit -SHn 102400" >> /etc/rc.local

sed -i "/^ulimit -s./d" /etc/profile sed -i "/^ulimit -c./d" /etc/profile sed -i "/^ulimit -SHn.*/d" /etc/profile

cat >> /etc/profile << EOF ulimit -c unlimited ulimit -s unlimited ulimit -SHn 102400 EOF

source /etc/profile ulimit -a cat /etc/profile | grep ulimit echo -e "\033[31m ------------------------------- hosts ok -------------------------------------------------\033[0m" sleep 3 if [ ! -f "/etc/security/limits.conf.bak" ]; then cp /etc/security/limits.conf /etc/security/limits.conf.bak fi sed -i "/^*.*soft.nofile/d" /etc/security/limits.conf sed -i "/^.*hard.nofile/d" /etc/security/limits.conf sed -i "/^.*soft.nproc/d" /etc/security/limits.conf sed -i "/^.*hard.*nproc/d" /etc/security/limits.conf

cat >> /etc/security/limits.conf << EOF

#---------custom-----------------------

•       soft   nofile       65535
  

•       hard   nofile       65535
  

•       soft   nproc        65535
  

•       hard   nproc        65535
  

EOF cat /etc/security/limits.conf | grep "^* .*" echo -e "\033[31m ------------------------------limits ok---------------------------------------------- \033[0m" sleep 3

if [ ! -f "/etc/sysctl.conf.bak" ]; then cp /etc/sysctl.conf /etc/sysctl.conf.bak fi sed -i "/^net.ipv4.ip_forward/d" /etc/sysctl.conf sed -i "/^net.ipv4.conf.default.rp_filter/d" /etc/sysctl.conf sed -i "/^net.ipv4.conf.default.accept_source_route/d" /etc/sysctl.conf sed -i "/^kernel.sysrq/d" /etc/sysctl.conf sed -i "/^kernel.core_uses_pid/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_syncookies/d" /etc/sysctl.conf sed -i "/^kernel.msgmnb/d" /etc/sysctl.conf sed -i "/^kernel.msgmax/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_max_tw_buckets/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_sack/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_window_scaling/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_rmem/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_wmem/d" /etc/sysctl.conf sed -i "/^net.core.wmem_default/d" /etc/sysctl.conf sed -i "/^net.core.rmem_default/d" /etc/sysctl.conf sed -i "/^net.core.rmem_max/d" /etc/sysctl.conf sed -i "/^net.core.wmem_max/d" /etc/sysctl.conf sed -i "/^net.core.netdev_max_backlog/d" /etc/sysctl.conf sed -i "/^net.core.somaxconn/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_max_orphans/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_max_syn_backlog/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_timestamps/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_synack_retries/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_syn_retries/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_tw_recycle/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_tw_reuse/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_mem/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_fin_timeout/d" /etc/sysctl.conf sed -i "/^net.ipv4.tcp_keepalive_time/d" /etc/sysctl.conf sed -i "/^net.ipv4.ip_local_port_range/d" /etc/sysctl.conf #sed -i "/^net.ipv4.tcp_tw_len/d" /etc/sysctl.conf

cat >> /etc/sysctl.conf << EOF #-------custom---------------------------------------------

net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 262144 net.core.somaxconn = 262144 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_timestamps = 0 #net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_synack_retries = 2 #net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 #net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_fin_timeout = 15 net.ipv4.tcp_keepalive_time = 30 net.ipv4.ip_local_port_range = 1024 65535 #net.ipv4.tcp_tw_len = 1 #-------end--------------------------------------------------- EOF

#buckets echo 6000 > /proc/sys/net/ipv4/tcp_max_tw_buckets

#delete sed -i "/^kernel.shmmax/d" /etc/sysctl.conf sed -i "/^kernel.shmall/d" /etc/sysctl.conf

#add shmmax=free -l |grep Mem |awk '{printf("%d\n",$2*1024*0.9)}' shmall=$[$shmmax/4] echo "kernel.shmmax = "$shmmax >> /etc/sysctl.conf echo "kernel.shmall = "$shmall >> /etc/sysctl.conf

#bridge modprobe bridge lsmod|grep bridge

#reload sysctl /sbin/sysctl -p echo -e "\033[31m ---------------------------sysctl ok----------------------------------------------- \033[0m" sleep 3

#系统服务优化,可适当选择下列服务 #SERVICES="acpid atd auditd avahi-daemon avahi-dnsconfd bluetooth conman cpuspeed cups dnsmasq dund firstboot hidd httpd ibmasm ip6tables irda kdump lm_sensors mcstrans messagebus microcode_ctl netconsole netfs netplugd nfs nfslock nscd oddjobd pand pcscd portmap psacct rdisc restorecond rpcgssd rpcidmapd rpcsvcgssd saslauthd sendmail setroubleshoot smb vncserver winbind wpa_supplicant ypbind" #for service in $SERVICES #do #关闭所选服务随系统启动 #systemctl disable $SERVICES #停止所选的服务 #syatemctl stop $SERVICES #done

echo -e "\033 [31m ------------------优化完成-------------------- \033[0m"