标签:脚本 systemd contains echo Centos7 etc conf rc 优化
#!/bin/bash
#服务器一键优化工具
function define_check_network() {
echo 主机名为`hostname -f`
ping www.baidu.com -c 6
}
function define_yum () {
#关闭selinux
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
#常用软件安装
yum clean all
yum -y install bash vim wget curl sysstat gcc gcc-c++ make lsof sudo unzip openssh-clients net-tools systemd rpm yum rsyslog logrotate crontabs python-libs centos-release p7zip file
yum -y update && yum -y upgrade
}
function define_tuning_services() {
#关闭多余服务
systemctl stop postfix firewalld chronyd cups
#停止开机自启动
systemctl disable postfix firewalld chronyd cups
echo "非关键系统服务已经关闭"
}
function define_tuning_kernel () {
#4.内核参数优化
echo "内核参数优化"
cp /etc/sysctl.conf /etc/sysctl.conf.bak
cat /dev/null > /etc/sysctl.conf
cat >> /etc/sysctl.conf << EOF
##内核默认参数
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
kernel.sem=500 64000 64 256
##打开文件数参数(20*1024*1024)
fs.file-max= 20971520
##WEB Server参数
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=1200
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_rmem=4096 87380 8388608
net.ipv4.tcp_wmem=4096 87380 8388608
net.ipv4.tcp_max_syn_backlog=8192
net.ipv4.tcp_max_tw_buckets = 5000
##TCP补充参数
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 65535
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
##禁用ipv6
net.ipv6.conf.all.disable_ipv6 =1
net.ipv6.conf.default.disable_ipv6 =1
##swap使用率优化
vm.swappiness=0
EOF
echo "系统参数设置OK"
}
function define_tuning_system () {
#加一个防呆判断
if [ ` cat /etc/fstab |grep noatime|wc -l` = 0 ]; then
echo "脚本首次执行"
else
echo "第二次执行脚本,请手动检查错误"
exit 1
fi
#磁盘IO优化
sed -i '/xfs/s/defaults/defaults,noatime/' /etc/fstab
##nproc设置仅适合centos6
#sed -i 's/1024/65535/' /etc/security/limits.d/90-nproc.conf
##nproc设置仅适合centos7
sed -i 's/4096/524288/' /etc/security/limits.d/20-nproc.conf
#管理open files数量
echo "* soft nofile 1024000" >> /etc/security/limits.conf
echo "* hard nofile 1024000" >> /etc/security/limits.conf
#管理最大进程数
echo "* soft nproc 1024000" >> /etc/security/limits.conf
echo "* hard nproc 1024000" >> /etc/security/limits.conf
echo "session required /lib64/security/pam_limits.so" >> /etc/pam.d/login
#全局变量设置优化
echo 'export TMOUT=600' >> /etc/profile
echo 'export TIME_STYLE="+%Y/%m/%d %H:%M:%S"' >> /etc/profile
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile
echo 'unset MAILCHECK' >> /etc/profile
sed -i '/HISTSIZE/s/1000/12000/' /etc/profile
source /etc/profile
#关闭日志无效输出
echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf
systemctl restart rsyslog
#权限优化
# echo 'umask 0022' >> /etc/profile
#禁止Ctrl+Alt+Del重启
rm -rf /usr/lib/systemd/system/ctrl-alt-del.target
#修改运行级别
systemctl set-default multi-user.target
#关闭hugepage
chmod +x /etc/rc.d/rc.local
echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled;" >> /etc/rc.d/rc.local
echo "echo never > /sys/kernel/mm/transparent_hugepage/defrag;" >> /etc/rc.d/rc.local
##启用日志压缩
sed -i 's/'#compress'/'compress'/' /etc/logrotate.conf
## ssh弱密码算法修复
echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" >> /etc/ssh/sshd_config
## 限制journal大小
echo "SystemMaxUse=2048M" >> /etc/systemd/journald.conf
echo "ForwardToSyslog=no" >> /etc/systemd/journald.conf
echo "MaxFileSec=14day" >> /etc/systemd/journald.conf
systemctl restart systemd-journald.service
#系统别名设置
cat >> /etc/bashrc << EOF
##系统别名设置
alias vi='vim'
alias ls='ls -trlh --color=auto'
alias grep='grep --color=auto'
EOF
source /etc/bashrc
echo '系统别名设置完成'
}
function define_ntpdate1 () {
#本地时间同步
yum -y install ntpdate
echo "/usr/sbin/ntpdate -us ntp1.aliyun.com;hwclock -w;" >> /etc/rc.d/rc.local
##时区校正
timedatectl set-timezone Asia/Shanghai
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && hwclock -w
##时间同步
/usr/sbin/ntpdate -us ntp1.aliyun.com;hwclock -w;
cat >> /var/spool/cron/root << EOF
##时间同步
0-59/20 * * * * /usr/sbin/ntpdate -us ntp1.aliyun.com;hwclock -w;
EOF
}
function define_update () {
## yum update
cat >> /var/spool/cron/root << EOF
#yum update software
45 00 * * * /usr/bin/yum -y install bash sudo ntpdate openssh openssl vim systemd rpm yum rsyslog logrotate crontabs curl; > /dev/null 2>&1;
EOF
}
}
function denfine_swap () {
cat >> /var/spool/cron/root << EOF
## swap enable/disable
15 * * * * /usr/sbin/swapoff -a && /usr/sbin/swapon -a;
EOF
}
function define_localhost () {
define_yum
define_tuning_services
define_tuning_kernel
define_tuning_system
define_ntpdate1
define_update
denfine_swap
}
function define_exit () {
echo '' > /tmp/one_key.sh
exit
}
while :
do
echo ""
echo "服务器一键优化脚本"
echo ""
echo ""
echo " 0) 检查服务器网络 1) 本地环境专用"
echo " 2) 退出脚本"
echo
read -p "请输入一个选项: " opmode
echo
case ${opmode} in
0) define_check_network;;
1) define_localhost;;
2) define_exit;;
*) echo "无效输入" ;;
esac
done
标签:脚本,systemd,contains,echo,Centos7,etc,conf,rc,优化 来源: https://www.cnblogs.com/Dr-wei/p/16654162.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。