linux系统优化

/etc/init.d/iptables stop
/etc/init.d/iptables stop
chkconfig iptables off

sed -i 's#SELINUX=.*#SELINUX=disabled#g' /etc/selinux/config
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config 
setenforce 0
getenforce

yum -y install wget #没有先安装
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo  #7为Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo  #7为epel-7.repo
cd /etc/yum.repos.d/ && mv CentOS-Base.repo CentOS-Base.repobak
mv CentOS-6.repo CentOS-Base.repo #7一样
yum clean all
yum makecache
yum update

chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash
export LANG=en
chkconfig --list|grep 3:on

echo -e "alias grep='grep --color=auto'\nalias egrep='egrep --color=auto'" >>/etc/profile
#说明：定义grep命令查找的内容有颜色显示，便于查看
echo "alias ll='ls -l --color --time-style=long-iso'" >>/etc/profile #时间长格式显示
source /etc/profile

echo 'PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\$ "'  >>/root/.bashrc
source /root/.bashrc
#或者定制个性化：echo 'PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\$ \[\e[33;40m\]"' >>/root/.bashrc
#或者纯颜色区分：echo "export PS1='\[\e[33;1m\][\u@\h \W]\$ \[\e[0m\]'" >>/etc/profile && source /etc/profile
#修改终端显示用户名、主机名和日期颜色区分：PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \e[36;40m\]\t \[\e[35;40m\]\W\[\e[0m\]]\\$ \[\e[33;40m\]"

  PS:默认的特殊符号所代表的意义：
    \d ：代表日期，格式为weekday month date，例如："Mon Aug 1"
  　\H ：完整的主机名称。例如：我的机器名称为：fc4.linux，则这个名称就是fc4.linux
　　\h ：仅取主机的第一个名字，如上例，则为fc4，.linux则被省略
　　\t ：显示时间为24小时格式，如：HH：MM：SS
　　\T ：显示时间为12小时格式
　　\A ：显示时间为24小时格式：HH：MM
　　\u ：当前用户的账号名称
　　\v ：BASH的版本信息
　　\w ：完整的工作目录名称。家目录会以 ~代替
　　\W ：利用basename取得工作目录名称，所以只会列出最后一个目录
　　\# ：下达的第几个命令
　　\$ ：提示字符，如果是root时，提示符为：# ，普通用户则为：$
　　----------------------------------------------------

useradd zhang
echo 123456|passwd --stdin zhang
\cp /etc/sudoers /etc/sudoers.ori
echo "zhang  ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers
tail -1 /etc/sudoers
visudo -c

cp /etc/sysconfig/i18n /etc/sysconfig/i18n.ori
echo 'LANG="zh_CN.UTF-8"' >/etc/sysconfig/i18n  #默认就是en_US.UTF-8
source /etc/sysconfig/i18n 
echo $LANG

echo '#crond-id-001:time sync by human' >>/var/spool/cron/root
echo "*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1">>/var/spool/cron/root
crontab -l
#（或者：ntpdate cn.pool.ntp.org）
#没有ntpdate命令：yum -y install ntpdate

echo '*               -       nofile          65535 ' >>/etc/security/limits.conf 
tail -1 /etc/security/limits.conf
ulimit -SHn   65535 
ulimit -n

cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000    65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
#以下参数是对iptables防火墙的优化，防火墙不开会提示，可以忽略不理。
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
EOF
sysctl -p

yum install vim lrzsz nmap tree dos2unix nc zip unzip pigz -y

sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
/etc/init.d/sshd reload