01: Changing the yum source
-o curl /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
02: Installation of common tools I package
yum install -y tree lrzsz telnet wget bzip2 unzip gzip dos2unix vim net-tools lsof pinfo nc nmap ntpdate yum install -y psmisclsof sysstat yum-utils yum install -y gcc gcc-c++ make cmake libaio zlib-devel pcre-devel
03: Empty display system version
>/etc/issue >/etc/issue.net
04: Close selinux
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config setenforce 0
05: turn off the firewall and permanently closed firewalld [under the circumstances]
systemctl stop firewalld.service systemctl disable firewalld.service
06: Let the user and password never expires [in particular, there is a cloud server "optimization" option when installing, if not control, the problem will back]
cat >>/etc/login.defs<<EOF PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 EOF
07: adapt the character set to Chinese character set
echo "LANG=\"zh_CN.UTF-8\"" >/etc/locale.conf
08: command line history keeps a record 10; 10 reserve command line history file; command line command at the beginning of the spaces are not recorded,
echo "export HISTSIZE=10" >>/etc/bashrc echo "export HISTFILESIZE=10" >>/etc/bashrc echo "HISTCONTROL=ignorespace" >>/etc/bashrc source /etc/bashrc
09: Change /etc/rc.d/rc.local file permissions 744 [I tend to start services in the script file]
chmod 744 /etc/rc.d/rc.local
10: Create a directory to store the relevant script / server / scripts /
mkdir /server/scripts/ -p ls -ld /server/scripts/
11: rm command aliases do not let it use
echo "alias rm='echo Do not use the rm command'" >>/etc/bashrc source /etc/bashrc
12: Modify resource qualifier, allocate resources qualifier, and allowed to take effect
cat >>/etc/security/limits.conf<<EOF * soft nproc 65535 * hard nproc 65535 * Soft nofile 65535 * Hard nofile 65535 * soft stack 65535 * hard stack 65535 EOF echo " * - nproc 65535" >/etc/security/limits.d/20-nproc.conf echo "session required pam_limits.so" >>/etc/pam.d/login
13: linux kernel optimization optimization Mastering the knowledge point and then set up, do a search on Baidu to set]
cat >>/etc/sysctl.conf<<EOF # disable ipv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 # tcp socket optimize net.ipv4.ip_local_port_range = 15000 65000 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_tw_recycle = 0 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_max_tw_buckets = 4096 net.ipv4.tcp_max_syn_backlog=8192 EOF sysctl -p
14: Create a regular user and set a password and allow ordinary users to join the group wheel; [or cloud server selected the "optimization" option when installing the system]
chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow useradd chenliang -G wheel && echo "chenliang"|passwd --stdin chenliang id chenliang
15: Optimizing ssh connection service efficiency, and prohibit root user login, change the ssh port services [production do not make settings, because there are significant business association]
cat >>/etc/ssh/sshd_config<<EOF Port 921 PermitRootLogin no PermitEmptyPasswords not UseDNS no GSSAPIAuthentication no EOF
16: The key to the file to be locked.
chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/fstab /etc/login.defs