服务器优化3.0

1.更新内核
yum update kernel
yum update kernel-devel
yum update kernel-firmware
yum update kernel-headers

2.历史记录数
vim /etc/profile
TMOUT=300
HISTTIMEFORMAT="%F %T whoami "
HISTSIZE=4000
HISTFILESIZE=4000
source /etc/profile

3.配置ip地址
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0 #网卡名字
BOOTPROTO=static #静态IP地址获取状态 如：DHCP表示自动获取IP地址
IPADDR=192.168.1.113 #IP地址
NETMASK=255.255.255.0 #子网掩码
ONBOOT=yes #引导时是否激活

4.配置主机名与网关
vim /etc/sysconfig/network
HOSTNAME=web #修改主机名，重启生效
GATEWAY=192.168.1.1 #修改默认网关,如果上面eth0里面不配置网关的话，默认就使用这里的网关了。

5.修改DNS信息
vim /etc/resolv.conf
nameserver 114.114.114.114
nameserver 8.8.8.8
service network restart

6.关闭防火墙
service iptables stop

7.关闭SELinux
vim /etc/selinux/config
SELINUX=disabled
setenforce 0
getenforce

8.更换yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget http://mirrors.163.com/.help/CentOS6-Base-163.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum update -y

9.安装rz、sz
yum install lrzsz -y
rz
sz 文件

10.添加普通用户
useradd king
passwd king

11.使用sudo
visudo
king ALL=(ALL) NOPASSWD: ALL

sudo ls /root/

12.关闭不必须要服务
chkconfig --list|grep 3:on|grep -vE "crond|sshd|network|rsyslong|sysstat"|awk '{print "chkconfig "$1" off"}'|bash
chkonfig --list|grep 3:on

13.修改ssh服务配置文件
vim /etc/ssh/sshd_config
Port 8877
PermitRootLogin no
PermitEmptyPasswords no
GSSAPIAuthentication no
UseDNS no
ListenAddress 192.168.8.10:8888(内网使用)
/etc/init.d/sshd reload

iptables -I INPUT -p tcp --dport 8888 -s 192.168.8.0/24 -j ACCEPT

14.时间同步
/usr/sbin/ntpdate ntp.sjtu.edu.cn

15.调整描述符数据
vim /etc/security/limits.conf

• • nofile 65535

16.服务器内核参数优化(阿里云)
vim /etc/sysctl.conf
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120

see details in https://help.aliyun.com/knowledge_detail/39428.html

net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2

see details in https://help.aliyun.com/knowledge_detail/41334.html

net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

sysctl -p

17.隐藏版本信息

/etc/issue
/etc/issue.net

18.锁定关键系统文件，防止被提权篡改
chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab
mv /usr/bin/chattr /usr/bin/kin

19.清除多余的系统虚拟账户

20.禁止被ping
vim /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all=1
sysctl -p

21.升级软件版本
rpm -qa openssl openssh bash
yum install openssl openssh bash -y