基于Cent OS 7的Linux系统基础优化

一、基础优化

1、关闭SELinux

[root@aspen ~]# vim /etc/selinux/config    #永久关闭SElinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled #把该处改为disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@aspen ~]# setenforce 0 #临时关闭SElinux
[root@aspen ~]# getenforce  #查看SElinux状态
 permissive 
[root@aspen ~]# reboot
[root@aspen ~]# getenforce #重启系统后,服务状态变为Disable; 
Disabled

2、关闭firewalled

[root@aspen ~]# systemctl stop firewalld #临时关闭系统防火墙
[root@aspen ~]# systemctl disable firewalld #永久关闭系统防火墙
[root@aspen ~]# systemctl status firewalld #查看系统防火墙状态
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

3、关闭NetworkManager

[root@aspen ~]# systemctl stop NetworkManager #临时关闭NetworkManager
[root@aspen ~]# systemctl disable NetworkManager  #永久关闭NetworkManager
[root@aspen ~]# systemctl status NetworkManager  #查看NetworkManager状态
● NetworkManager.service - Network Manager
   Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:NetworkManager(8)

4、为系统运维管理员创建普通用户,并配置sudo

[root@aspen ~]# visudo 
....     
    99 ## Allow root to run any commands anywhere
    100 root    ALL=(ALL)       ALL
    101 
......

5、调整用户登录提示信息

[root@aspen ~]# vim /etc/motd #根据实际需要和个人喜好填写内容;

[root@aspen ~]# cat /etc/motd 

6、清空泄漏系统版本信息的文件

[root@aspen ~]# > /etc/issue
[root@aspen ~]# > /etc/issue.net 

7、设置定时任务,自动更新时间

[root@aspen ~]# crontab -e
#sync time by Aspen 20190511
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1

二、服务优化

服务配置文件修改后,需重启服务使配置文件生效

1、基础优化sshd服务

[root@aspen ~]# vim /etc/ssh/sshd_config 
 79 GSSAPIAuthentication no 
115 UseDNS no
[root@aspen ~]# egrep -n 'GSSAPIA|UseDNS' /etc/ssh/sshd_config
79:GSSAPIAuthentication no
115:UseDNS no

2、修改系统YUM源,添加系统epel源

本文所用的YUM源是阿里云提供的YUM源;
[root@aspen ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo #修改系统YUM源
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2523  100  2523    0     0  31228      0 --:--:-- --:--:-- --:--:-- 31537
[root@aspen ~]# curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo #添加系统epel源
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   664  100   664    0     0   5170      0 --:--:-- --:--:-- --:--:--  5187
[root@aspen ~]# yum repolist  #查看系统YUM源和epel源
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
repo id                            repo name                                                       status
!base/7/x86_64                     CentOS-7 - Base - mirrors.aliyun.com                            10,019
!epel/x86_64                       Extra Packages for Enterprise Linux 7 - x86_64                  13,229
!extras/7/x86_64                   CentOS-7 - Extras - mirrors.aliyun.com                             409
!updates/7/x86_64                  CentOS-7 - Updates - mirrors.aliyun.com                          2,076

3、安装系统常用软件

软件包名称 作用
tree 以树形显示目录结构
vim vi升级版
wget 下载工具
bash-completion(默认源) 自动补全增强工具,可以补全命令参数
bash-completion-extras(epel) 自动补全超级增强工具,可以补全命令参数
lrzsz 上传下载工具 rz和sz
net-tools ifconfig route命令属于的软件包
sysstat sar iostat 属于的软件包
iotop 查询系统每个进程的io读写情况 swap写入情况
iftop 查询网络流量情况
htop top升级版
unzip 解压
nc ncat 类似telnet
nmap 网络扫描工具
telnet 检查端口是否开启
psmisc pstree 等命令
nethogs 显示每个进程的流量情况
[root@aspen ~]# yum install -y tree vim wget bash-completion bash-completion-extras lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc 
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
No Match for argument: unzipnc
------------------------------------------------------------------------------------------------------------------
Total                                                                             1.4 MB/s | 7.0 MB  00:00:05     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 1:bash-completion-2.1-6.el7.noarch                                                            1/15 
  Installing : 1:bash-completion-extras-2.1-11.el7.noarch                                                    2/15 
  Installing : net-tools-2.0-0.24.20131004git.el7.x86_64                                                     3/15 
  Installing : bc-1.06.95-13.el7.x86_64                                                                      4/15 
  Installing : sysstat-10.1.5-17.el7.x86_64                                                                  5/15 
  Installing : lrzsz-0.12.20-36.el7.x86_64                                                                   6/15 
  Installing : wget-1.14-18.el7_6.1.x86_64                                                                   7/15 
  Installing : htop-2.2.0-3.el7.x86_64                                                                       8/15 
  Installing : tree-1.6.0-10.el7.x86_64                                                                      9/15 
  Installing : iftop-1.0-0.14.pre4.el7.x86_64                                                               10/15 
  Installing : psmisc-22.20-15.el7.x86_64                                                                   11/15 
  Installing : 2:vim-enhanced-7.4.160-5.el7.x86_64                                                          12/15 
  Installing : iotop-0.6-4.el7.noarch                                                                       13/15 
  Installing : 2:nmap-6.40-16.el7.x86_64                                                                    14/15 
  Installing : 1:telnet-0.17-64.el7.x86_64                                                                  15/15 
  Verifying  : 1:telnet-0.17-64.el7.x86_64                                                                   1/15 
  Verifying  : 2:nmap-6.40-16.el7.x86_64                                                                     2/15 
  Verifying  : 1:bash-completion-2.1-6.el7.noarch                                                            3/15 
  Verifying  : iotop-0.6-4.el7.noarch                                                                        4/15 
  Verifying  : 2:vim-enhanced-7.4.160-5.el7.x86_64                                                           5/15 
  Verifying  : psmisc-22.20-15.el7.x86_64                                                                    6/15 
  Verifying  : iftop-1.0-0.14.pre4.el7.x86_64                                                                7/15 
  Verifying  : tree-1.6.0-10.el7.x86_64                                                                      8/15 
  Verifying  : htop-2.2.0-3.el7.x86_64                                                                       9/15 
  Verifying  : wget-1.14-18.el7_6.1.x86_64                                                                  10/15 
  Verifying  : lrzsz-0.12.20-36.el7.x86_64                                                                  11/15 
  Verifying  : 1:bash-completion-extras-2.1-11.el7.noarch                                                   12/15 
  Verifying  : sysstat-10.1.5-17.el7.x86_64                                                                 13/15 
  Verifying  : bc-1.06.95-13.el7.x86_64                                                                     14/15 
  Verifying  : net-tools-2.0-0.24.20131004git.el7.x86_64                                                    15/15 

Installed:
  bash-completion.noarch 1:2.1-6.el7  bash-completion-extras.noarch 1:2.1-11.el7   bc.x86_64 0:1.06.95-13.el7    
  htop.x86_64 0:2.2.0-3.el7           iftop.x86_64 0:1.0-0.14.pre4.el7             iotop.noarch 0:0.6-4.el7      
  lrzsz.x86_64 0:0.12.20-36.el7       net-tools.x86_64 0:2.0-0.24.20131004git.el7  nmap.x86_64 2:6.40-16.el7     
  psmisc.x86_64 0:22.20-15.el7        sysstat.x86_64 0:10.1.5-17.el7               telnet.x86_64 1:0.17-64.el7   
  tree.x86_64 0:1.6.0-10.el7          vim-enhanced.x86_64 2:7.4.160-5.el7          wget.x86_64 0:1.14-18.el7_6.1 

Complete!

4、修改文件描述符

文件描述符:每个进程可以打开的最大文件数量

临时修改文件描述符 ulimit -n 数字
永久修改文件描述符 修改/etc/security/limits.conf echo '* - nofile 数字' >>/etc/security/limits.conf
[root@aspen ~]# ulimit -n 65535
[root@aspen ~]# echo '* - nofile 65535' >>/etc/security/limits.conf
[root@aspen ~]# tail -1 /etc/security/limits.conf 
* - nofile 65535

5、修改环境变

美化命令行格式,修改PS1环境变量

export PS1="[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\] \[\e[31;1m\]\w\[\e[0m\]]\\$ " 

设置超时时间(单位:s)

export TIMEOUT=时间

history命令记录数量

export HISTSIZE=数字

history历史记录文件内记录数量

export HISTFILESIZE=数字

history命令不记录以空格开头的命令

export HISTCONTROL=ignorespace
永久修改系统环境变量需修改/etc/profile文件后,再使用source命令使配置文件生效

export TMOUT=300 #timeout linux不进行任何操作 300s之后自动登出
export HISTSIZE=1000 history 命令最多记录几条
export HISTFILESIZE=1000 history 历史记录的文件里面最多记录几条
export HISTCONTROL=ignorespace #控制history 命令如何记录 历史命令

[root@aspen ~]# tail -2 /etc/profile
export PS1="[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\] \[\e[31;1m\]\w\[\e[0m\]]\\$ " 
[root@aspen ~]# export TMOUT=300   #linux不进行任何操作 300s之后自动登出
[root@aspen ~]# export HISTSIZE=1000  #history 命令最多记录1000条
[root@aspen ~]# export HISTFILESIZE=1000  #history历史记录的文件里面最多记录1000条
[root@aspen ~]# export HISTCONTROL=ignorespace  #history命令不记录以空格开头的命令
验证history命令不记录以空格开头的命令
[root@aspen ~]# history -c
[root@aspen ~]#  ls /
bin   data    dev  home  lib64  Memory  opt   root  sbin  sys  usr
boot  data01  etc  lib   media  mnt     proc  run   srv   tmp  var
[root@aspen ~]# cd 
[root@aspen ~]# history 
    1  cd 
    2  history

附:思维导图