服务器最小化安装后的优化脚本vim sys_optimize.sh
#!/bin/bash
#add 163 epel yum
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
ver=`cat /etc/redhat-release |awk '{print $3}'| awk -F "." '{print $1}'`
if [ $ver eq 5 ];then
#CentOS 5
rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/5/i386/epel-release-5-4.noarch.rpm
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS5-Base-163.repo
#CentOS 6
else
rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/i386/epel-release-6-8.noarch.rpm
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS6-Base-163.repo
yum clean all
yum makecache
#install gcc sysstat
yum -y install gcc gcc-c++ vim-enhanced unzip unrar sysstat
#install ntp
yum -y install ntp
echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz >> /dev/null 2>&1" >> /etc/crontab
ntpdate ntp.api.bz
service crond restart
#conf_ulimit
ulimit -SHn 65535
echo "ulimit -SHn 65535" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 60000
* hard nofile 65535
EOF
#tune kernel parametres
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p
#disable control-alt-delete key
sed -i 's@ca::ctrlaltdel:/sbin/shutdown -t3 -r now@#ca::ctrlaltdel:/sbin/shutdown -t3 -r now@' /etc/inittab
#disable SElinux
sed -i 's@SELINUX=enforcing@SELINUX=disabled@' /etc/selinux/config
#ssh configure optimize
sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' /etc/ssh/sshd_config
sed -i 's@#UseDNS yes@UseDNS no@' /etc/ssh/sshd_config
service sshd restart
#disable ipv6 address
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
echo "install ipv6 /bin/true" >> /etc/modprobe.conf
echo "IPV6INIT=no" >> /etc/sysconfig/network
sed -i 's@NETWORKING_IPV6=yes@NETWORKING_IPV6=no@' /etc/sysconfig/network
#vim base syntax optimize
echo "syntax on" >> /root/.vimrc
echo "set nohlsearch" >> /root/.vimrc
#stop sys services for not used
chkconfig bluetooth off
chkconfig sendmail off
chkconfig kudzu off
chkconfig nfslock off
chkconfig portmap off
chkconfig iptables off
chkconfig autofs off
chkconfig yum-updatesd off
chkconfig cups off
chkconfig hplip off
chkconfig ip6tables off
chkconfig iscsi off
chkconfig iscsid off
chkconfig isdn off
chkconfig smartd off
#set initdefault
sed -i 's@id:5:initdefault:@id:3:initdefault:@' /etc/inittab
#重启服务器
reboot
说明:
tune kernel parametres为系统内核优化部分,在这里我只做了基础处理,大家有需求可以自行修改,记住:一切以系统稳定为原则。
vim优化部分为vim的个性化配置,如果想vim语法高亮,则必须安装vim-enhanced包,另外,vim在使用搜索功能,搜索选中内容为高亮,感觉不是特别舒服,所以我这里用了set nohlsearch选项,如果大家不介意此项功能,则不需要添加此语句;
disable ipv6选项我在测试时发现,在CentOS5.8 x86_64系统下,如果不添加install ipv6 /bin/true此语句到/etc/modprobe.conf文件里,是关闭不了ipv6选项的,而测试的CentOS{5.5,5,6} x86_64系统不添加此句均可以顺利关闭ipv6,这点请大家注意下。
