1、常用工具的安装,时间系统更新,更换阿里云网络镜像源,SSH安全配置,修改IP和DNS,关闭selinux,关闭防火墙,锁定系统关键文件,精简开机自启动服务
常用工具的安装,时间系统更新,更换阿里云网络镜像源
yum -y install wget
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache
yum -y install net-tools lrzsz ntpdate lsof vim telnet gcc unzip make gcc-c++ net-tools
ntpdate ntp1.aliyun.com && hwclock --systohc
修改IP和DNS
vim /etc/sysconfig/network-scripts/ifcfg-ens33
关闭selinux,关闭防火墙
cp /etc/selinux/config /etc/selinux/config.bakdefault
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
getenforce
systemctl stop firewalld
systemctl disable firewalld
锁定系统关键文件,精简开机自启动服务
chattr +i /etc/passwd
chattr +i /etc/inittab
chattr +i /etc/group
chattr +i /etc/shadow
chattr +i /etc/gshadow
systemctl list-unit-files
2、增大系统文件描述符,内核参数优化
增大系统文件描述符
ulimit -a
vim /etc/security/limits.conf
* - nproc 65535
* - nofile 65535
vim /etc/security/limits.d/20-nproc.conf
* soft nproc 65535
root soft nproc unlimited
内核参数优化
vim /etc/sysctl.conf
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
/sbin/sysctl -p
***可以使用netstat命令去查TIME_WAIT状态的连接状态,输入下面的组合命令,查看当前TCP连接的状态和对应的连接数量:netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
参考:https://help.aliyun.com/knowledge_detail/41334.html
https://blog.51cto.com/hequan/1789146
https://blog.csdn.net/jiujiu372/article/details/76212167
https://blog.51cto.com/nosmoking/1684114
https://www.cnblogs.com/fczjuever/archive/2013/04/17/3026694.html