CentOS系统生产系统优化脚本,centos系统优化脚本

CentOS系统生产系统优化脚本,centos系统优化脚本

#!/bin/bash

#add the epel repo and rpmforge repo

cd /root/

wget https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm

wget http://repository.it4i.cz/mirrors/repoforge/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm

rpm -ivh epel-release-7-9.noarch.rpm

rpm -ivh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm

#remove *.rpm packages

sleep 20

cd /root/

rm -rf epel-release-7-9.noarch.rpm rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm

#yum install sysstat

yum install -y gcc gcc-c++ vim unzip zip

yum install -y iostat sysstat

#set the ntp

yum install -y ntp

echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz >> /dev/null 2>&1" >> /etc/crontab ntpdate ntp.api.bz

service crond restart

#set the file limit

ulimit -SHn 65535

echo "ulimit -SHn 65535" >> /etc/rc.local

cat >> /etc/security/limits.conf << EOF

* soft nofile 60000

* hard nofile 65535

EOF

#tune kernel parametres

cat >> /etc/sysctl.conf << EOF

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_keepalive_time = 1200

net.ipv4.tcp_local_port_range = 1024 65535

EOF

/sbin/sysctl -p

#set the control -alt-delete to guard against the misuse

sed -i 's@ ca::ctrlaltdel:/sbin/shutdown -t3 -r now@ #ca::ctrlaltdel:/sbin/shutdown -t3 -r now@' /etc/inittab

#disable selinux

sed -i 's@ SELINUX=enforcing@ SELINUX=disabled@' /etc/selinux/config

#ssh setting

sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' /etc/ssh/sshd_config

sed -i 's@ #UseDNS yes@ UseDNS no@' /etc/ssh/sshd_config

service sshd restart

#disable ipv6

echo "alias net -pf -10 off" >> /etc/modprobe.conf

echo "alias ipv6 off" >> /etc/modprobe.conf

echo "install ipv6 /bin/true" >> /etc/modprobe.conf

echo "IPV6INIT=no" >> /etc/sysconfig/network

sed -i 's@ NETWORKING_IPV6=yes@ NETWORKING_IPV6=no@' /etc/sysconfig/network

chkconfig ip6tables off

#vim setting

echo "syntax on" >> /root/.vimrc

echo "set nohlsearch" >> /root/.vimrc

echo "set num" >> /root/.vimrc

#chkconfig off services

chkconfig bluetooth off

chkconfig sendmail off

chkconfig kudzu off

chkconfig nfslock off

chkconfig portmap off

chkconfig iptables off

chkconfig autofs off

chkconfig yum-updatesd off

#reboot system

reboot