Centos7 常用优化脚本
2022/9/5 5:23:28
本文主要是介绍Centos7 常用优化脚本,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
#!/bin/bash #服务器一键优化工具 function define_check_network() { echo 主机名为`hostname -f` ping www.baidu.com -c 6 } function define_yum () { #关闭selinux sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config #常用软件安装 yum clean all yum -y install bash vim wget curl sysstat gcc gcc-c++ make lsof sudo unzip openssh-clients net-tools systemd rpm yum rsyslog logrotate crontabs python-libs centos-release p7zip file yum -y update && yum -y upgrade } function define_tuning_services() { #关闭多余服务 systemctl stop postfix firewalld chronyd cups #停止开机自启动 systemctl disable postfix firewalld chronyd cups echo "非关键系统服务已经关闭" } function define_tuning_kernel () { #4.内核参数优化 echo "内核参数优化" cp /etc/sysctl.conf /etc/sysctl.conf.bak cat /dev/null > /etc/sysctl.conf cat >> /etc/sysctl.conf << EOF ##内核默认参数 kernel.sysrq = 0 kernel.core_uses_pid = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 kernel.sem=500 64000 64 256 ##打开文件数参数(20*1024*1024) fs.file-max= 20971520 ##WEB Server参数 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_tw_recycle=1 net.ipv4.tcp_fin_timeout=30 net.ipv4.tcp_keepalive_time=1200 net.ipv4.ip_local_port_range = 1024 65535 net.ipv4.tcp_rmem=4096 87380 8388608 net.ipv4.tcp_wmem=4096 87380 8388608 net.ipv4.tcp_max_syn_backlog=8192 net.ipv4.tcp_max_tw_buckets = 5000 ##TCP补充参数 net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 262144 net.core.somaxconn = 65535 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 ##禁用ipv6 net.ipv6.conf.all.disable_ipv6 =1 net.ipv6.conf.default.disable_ipv6 =1 ##swap使用率优化 vm.swappiness=0 EOF echo "系统参数设置OK" } function define_tuning_system () { #加一个防呆判断 if [ ` cat /etc/fstab |grep noatime|wc -l` = 0 ]; then echo "脚本首次执行" else echo "第二次执行脚本,请手动检查错误" exit 1 fi #磁盘IO优化 sed -i '/xfs/s/defaults/defaults,noatime/' /etc/fstab ##nproc设置仅适合centos6 #sed -i 's/1024/65535/' /etc/security/limits.d/90-nproc.conf ##nproc设置仅适合centos7 sed -i 's/4096/524288/' /etc/security/limits.d/20-nproc.conf #管理open files数量 echo "* soft nofile 1024000" >> /etc/security/limits.conf echo "* hard nofile 1024000" >> /etc/security/limits.conf #管理最大进程数 echo "* soft nproc 1024000" >> /etc/security/limits.conf echo "* hard nproc 1024000" >> /etc/security/limits.conf echo "session required /lib64/security/pam_limits.so" >> /etc/pam.d/login #全局变量设置优化 echo 'export TMOUT=600' >> /etc/profile echo 'export TIME_STYLE="+%Y/%m/%d %H:%M:%S"' >> /etc/profile echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile echo 'unset MAILCHECK' >> /etc/profile sed -i '/HISTSIZE/s/1000/12000/' /etc/profile source /etc/profile #关闭日志无效输出 echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf systemctl restart rsyslog #权限优化 # echo 'umask 0022' >> /etc/profile #禁止Ctrl+Alt+Del重启 rm -rf /usr/lib/systemd/system/ctrl-alt-del.target #修改运行级别 systemctl set-default multi-user.target #关闭hugepage chmod +x /etc/rc.d/rc.local echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled;" >> /etc/rc.d/rc.local echo "echo never > /sys/kernel/mm/transparent_hugepage/defrag;" >> /etc/rc.d/rc.local ##启用日志压缩 sed -i 's/'#compress'/'compress'/' /etc/logrotate.conf ## ssh弱密码算法修复 echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" >> /etc/ssh/sshd_config ## 限制journal大小 echo "SystemMaxUse=2048M" >> /etc/systemd/journald.conf echo "ForwardToSyslog=no" >> /etc/systemd/journald.conf echo "MaxFileSec=14day" >> /etc/systemd/journald.conf systemctl restart systemd-journald.service #系统别名设置 cat >> /etc/bashrc << EOF ##系统别名设置 alias vi='vim' alias ls='ls -trlh --color=auto' alias grep='grep --color=auto' EOF source /etc/bashrc echo '系统别名设置完成' } function define_ntpdate1 () { #本地时间同步 yum -y install ntpdate echo "/usr/sbin/ntpdate -us ntp1.aliyun.com;hwclock -w;" >> /etc/rc.d/rc.local ##时区校正 timedatectl set-timezone Asia/Shanghai ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && hwclock -w ##时间同步 /usr/sbin/ntpdate -us ntp1.aliyun.com;hwclock -w; cat >> /var/spool/cron/root << EOF ##时间同步 0-59/20 * * * * /usr/sbin/ntpdate -us ntp1.aliyun.com;hwclock -w; EOF } function define_update () { ## yum update cat >> /var/spool/cron/root << EOF #yum update software 45 00 * * * /usr/bin/yum -y install bash sudo ntpdate openssh openssl vim systemd rpm yum rsyslog logrotate crontabs curl; > /dev/null 2>&1; EOF } } function denfine_swap () { cat >> /var/spool/cron/root << EOF ## swap enable/disable 15 * * * * /usr/sbin/swapoff -a && /usr/sbin/swapon -a; EOF } function define_localhost () { define_yum define_tuning_services define_tuning_kernel define_tuning_system define_ntpdate1 define_update denfine_swap } function define_exit () { echo '' > /tmp/one_key.sh exit } while : do echo "" echo "服务器一键优化脚本" echo "" echo "" echo " 0) 检查服务器网络 1) 本地环境专用" echo " 2) 退出脚本" echo read -p "请输入一个选项: " opmode echo case ${opmode} in 0) define_check_network;; 1) define_localhost;; 2) define_exit;; *) echo "无效输入" ;; esac done
这篇关于Centos7 常用优化脚本的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-04-26高性能表格工具VTable总体构成-icode9专业技术文章分享
- 2024-04-16软路由代理问题, tg 无法代理问题-icode9专业技术文章分享
- 2024-04-16程序猿用什么锅-icode9专业技术文章分享
- 2024-04-16自建 NAS 的方案-icode9专业技术文章分享
- 2024-04-14ansible 在远程主机上执行脚本,并传入参数-icode9专业技术文章分享
- 2024-04-14ansible 在远程主机上执行脚本,并传入参数, 加上remote_src: yes 配置-icode9专业技术文章分享
- 2024-04-14ansible 检测远程主机的8080端口,如果关闭,则echo 进程已关闭-icode9专业技术文章分享
- 2024-04-14result 成功怎么写-icode9专业技术文章分享
- 2024-04-14stopped 状态设置为变量,由外部传递进来-icode9专业技术文章分享
- 2024-04-14为什么ansible执行远程脚本需要放到后台-icode9专业技术文章分享