文章

Init

服务器初始化

作为数据库服务器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#替换源
yum -y install epel-release
yum install gcc make ntp vim nfs-utils rpcbind mailx dos2unix screen rsync wget lrzsz readline-devel zlib-devel bzip2-devel openssl-devel libssl-dev ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel -y

#同步服务器时间
*/15 * * * * /usr/sbin/ntpdate ntp1.aliyun.com && hwclock -w

# 关闭 SELINUX
setenforce 0
sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config

#硬盘挂载参数修改

#更改打开文件数
vi /etc/security/limits.conf  
* soft    nofile  1024000
* hard    nofile  1024000
* soft    nproc   unlimited
* hard    nproc   unlimited
* soft    core    unlimited
* hard    core    unlimited
* soft    memlock unlimited
* hard    memlock unlimited

#证书登陆授信 authorized_keys

#作为数据库,关闭透明大页
在 /etc/rc.local 中增加
echo never > /sys/kernel/mm/redhat_transparent_hugepage/defrag 
echo never > /sys/kernel/mm/redhat_transparent_hugepage/enabled


#更改sshd连接慢的问题
UseDNS no
GSSAPIAuthentication no
#加密方式更改为
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160
/etc/profile 目录 增加vi 别名,审计
/etc/skel/.bashrc 下面增加
PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\[\e[0;34m\]$(hostname)_\[\e[1;37m\]$STY\[\e[35;40m\]\w\[\e[0m\]]\\n\\$"
umask 002

export HISTTIMEFORMAT="%F %T `whoami` "
PS1="\n\e[1;37m[\e[0;32m\u\e[0;35m@\e[0;32m$HOSTNAME\e[1;37m]\e[1;37m[\e[0;31m\w\e[1;37m]\n"'\$'




sysct.conf

fs.file-max=102400
net.ipv4.tcp_max_tw_buckets = 60000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 1 
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 1024 65000
net.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_established = 3600
vm.swappiness = 0
vm.zone_reclaim_mode = 0
fs.nr_open=20480000
kernel.sem=250 32000 100 102400



#两台公网地址做网关

安装mail 支持发信
yum -y install mailx dos2unix
set from=m@laomm.com  smtp=smtp.exmail.qq.com
set smtp-auth-user=m@laomm.com smtp-auth-password=778899aA
set smtp-auth=login

PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@瑞翼221_\[\e[0;34m\]$STY\[\e[35;40m\]\w\[\e[0m\]]\\n\\$ "
alias ll='ls -lhS'
alias n='netstat -tnlp'
alias na='netstat -n | awk '"'"'/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'"'"
alias t2='sh /home/liuzhiguo/soft/tools/t2.sh'
alias t1='sh /home/liuzhiguo/soft/tools/t1.sh'
alias pg='sudo su - postgres'

echo "unset MAILCHECK" >>/etc/profile 关闭emai提示

cat >> /etc/security/limits.conf <<EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF
#修改linux连接数
#history命令增加时间戳
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile
#linux增加命令记录功能
export HISTORY_FILE=/var/tmp/audit.log
export PROMPT_COMMAND='{ z=$(history 1 | { read x y; echo -e "$x --- $y"; });a=`who am i | awk "{print \\$1\" \"\\$2\" \"\\$6}"`;c=`echo $z | awk "{print $1}"`;if [[ `grep "$a \-\-\- $c" $HISTORY_FILE` = "" ]];then echo -e $(date "+%Y-%m-%d_%H:%M:%S") --- $a --- $z;fi;}  >> $HISTORY_FILE && logger "$(date "+%Y-%m-%d_%H:%M:%S")-----$a-----$z" -p local2.debug'


cat >> /etc/sysctl.conf << EOF
fs.file-max=65535
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_max_orphans = 262144
EOF
sysctl -p

alias df='df -TPh'
umask 002

PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@瑞翼221 \[\e[35;40m\]\w\[\e[0m\]]\\n\\$ "
本文由作者按照 CC BY 4.0 进行授权