linux optimization items

Others 2022-05-26 22:18:01 views: 0
Note: Before modifying system files, please back up! ! ! ! ! ! ! ! ! ! ! ! !

1. Modify ip address, gateway, host name, host list, DNS
a: Modify ip address, gateway
vim /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes #Automatically activate the network card when booting
BOOTPROTO=static #Static IP address The acquisition status is such as: DHCP means to automatically obtain the IP address
IPADDR=192.168.10.1#IP
NETMASK=255.255.255.0 #Network mask corresponding to the network card
GATEWAY=192.168.10.253 #Gateway address

b: modify the hostname
vim /etc/sysconfig/network
# Indicates whether the system uses the network, generally set to yes. If it is set to no, the network cannot be used, and many system service programs will not be able to start
NETWORKING=yes #Set
the hostname of the machine, the hostname set here should correspond to the hostname set in /etc/hosts
HOSTNAME=master

c : Modify the hosts list
vim /etc/hosts
Add a line of code to the file: 192.168.10.1 master

d: Modify DNS
vim /etc/resolv.conf
Add:
nameserver 8.8.8.8
nameserver 4.4.4.4 #Restart

the network server The above configuration takes effect
service network restart


2. Turn off the firewall, turn off selinux, and clear iptables
a: Turn off the firewall
setup --> Firewall configuratio

b: Turn off selinux
and modify the selinux state. If you modify the configuration file, it will take effect permanently. But you must restart the system
vim /etc/selinux/config Modify SELINUX=disabled
if you want to take effect immediately (temporary change) setenforce 0
setenforce 1 Set SELinux to become enforcing mode setenforce 0 Set SELinux to become permissive mode
View status getenforce

c: clear iptables
iptables -F #Clear iptables rules
iptables -L #View iptables rules #Save
rules, note that although it is cleared, if it is not saved, after restarting, there will be rules again.
/etc/init.d/iptables save


3. Streamlined startup service
crond #Scheduled task
network
#Network syslog #System log
sshd #Remote management
Only keep the above 4 services.
Shut down the system service command: setup --> System services

4. Add a new user for sudo authorization #Reduce the
number of root user operations
useradd admin
echo "admin" | passwd --stdin admin&&history -c #Modify the password and clear it The historical command

visudo adds a line of admin ALL=(ALL) ALL
under root ALL=( ALL) ALL so that admin is equivalent to an administrator 5. Update yum source a: Update source Minimal installation does not have wget tool, it must be installed first In modifying the source yum install wget b:mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup c:#Download the NetEase mirror source: http:/ /mirrors.163.com/.help/CentOS6-Base-163.repo #Or #Download the Sohu mirror source: http://mirrors.sohu.com/help/CentOS-Base-sohu.repo and then download the downloaded mirror Copy the source to the /etc/yum.repos.d directory d: yum clean all #Empty the yum cache


















yum makecache #Create a yum cache
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY #Instruction to import signature key
yum upgrade #Start updating the system and kernel



6, timing automatic update time Two website time for
proofreading
time .windows.com time.nist.gov

sync time every 5 minutes
echo '*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2 ​​>&1' >>/var/ spool/cron/root


7. Optimize SSH and shield root account remote login
Note : Do not modify the port number in hadoop cluster environment
a: Backup SSH configuration
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bak

b: Modify SSH configuration
vim / etc/ssh/sshd_config
PermitRootLogin no #Prohibit root account login
PermitEmptyPasswords no #Prohibit empty passwords
UseDNS no #Do not use DNS

c: Reload SSH configuration /etc/init.d/sshd reload

d: If using a virtual machine, also modify Virtual network card ip address: 192.168.10.253



8. Lock key file system
chattr +i /etc/passwd
chattr +i /etc/inittab
chattr +i /etc/group
chattr +i /etc/shadow
chattr +i /etc/gshadow

unlock is: chattr -i /etc The safe operation of /passwd

is to move the chattr file to another directory and change the name
. Example : /bin/mv /usr/bin/chattr /usr/bin/my.txt


9. Adjust the file descriptor
a: #View the file description Character size
ulimit -n

b:
The first type: echo '* - nofile 65535' >> /etc/security/limits.conf

The second type: Add the ulimit -SHn 65535 command to /etc/rc.local, and then every time Restart takes effect and append the command to the rc.local configuration file
cat >>/etc/rc.local<<EOF
#open files
ulimit -HSn 65535
#stack size
ulimit -s 65535
EOF



10. Kernel parameter optimization vim /etc/sysctl. conf
a: Copy the following content into the above file
#可用于apache,nginx,squid多种等web应用
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768

net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800

#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 1024 65535

#The following parameters are optimized for the iptables firewall of centos6.x. There will be a prompt when the firewall does not open, which can be ignored.
#If it is centos5.X, replace netfilter.nf_conntrack with ipv4.netfilter.ip
#centos5.X is net.ipv4.ip_conntrack_max = 25000000
net.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_max
= 25000000
net.netfilter.nf_conntrack_tcp_timeout_neted = 18
.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120



b: effective immediately /sbin/sysctl -p centos6.5 may report an

error error: "net.bridge.bridge-nf-call-ip6tables " is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
The reason for this is that the bridge bridge module is not automatically loaded

modprobe bridge
echo "modprobe bridge" >> /etc/rc.local




11,, Set the system character set

vim /etc/sysconfig/i18n

If you want to use Chinese prompt: LANG=”zh_CN.UTF-8” If you want to use English prompt: LANG=”en_US.UTF-8” If you switch temporarily, you can also use LANG=zh_CN. UTF-8





Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=327032707&siteId=291194637
Recommended
Rich text editor Quill 2.0 is released, with greatly improved features, reliability and developer experience
Ranking
The bootstrap table export function is invalid and an error is reported Uncaught INVALID_CHARACTER_ERR: DOM Exception 5 and the problem of exporting Chinese garbled characters
The application could not be installed: INSTALL_FAILED_SHARED_USER_INCOMPATIBLE
Fools Modeling-Simulated Annealing Algorithm
Web-based live chat one on one swoole
타사 플랫폼, 서버 노트
Precautions for local.properties developed by android studio
Talking about data structure - reprint
thinkphp5 installation
Bit plane layering of images
Summary of the process of creating a Windows installer with Inno Setup
Daily
More
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)
2024-04-14(0)
2024-04-13(18)
2024-04-12(5)
2024-04-11(0)
2024-04-10(1)
2024-04-09(0)
2024-04-08(1)

Code World

© 2018 codetd.com