1.4.3　CentOS 6.4 x86_64系統(tǒng)最小化優(yōu)化腳本

CentOS 6.4 x86_64系統(tǒng)最小化優(yōu)化腳本，腳本內(nèi)容如下所示（請注意下面的代碼中有中文注釋內(nèi)容，如果是放在線上運(yùn)行時則要注意）：

#!/bin/bash
#系統(tǒng)基礎(chǔ)升級
wget http://mirrors.163.com/.help/CentOS6-Base-163.repo
cd /etc/yum.repos.d/
mv CentOS-Base.repo CentOS-Base.repo.bak
mv CentOS6-Base-163.repo CentOS-Base.repo
yum clean all #清除yum緩存
yum makecache #重建緩存
yum update  #升級Linux系統(tǒng)
#添加epel外部yum擴(kuò)展源
cd /usr/local/src
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
#安裝gcc基礎(chǔ)庫文件及sysstat工具
yum -y install gcc gcc-c++ vim-enhanced unzip unrar sysstat
#配置ntpdate自動對時
yum -y install ntp
echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz    >> /dev/null 2>&1" >> /etc/crontab
ntpdate ntp.api.bz
service crond restart
#配置文件的ulimit值
ulimit -SHn 65534
echo "ulimit -SHn 65534" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
*                     soft     nofile             65534
*                     hard     nofile             65534
EOF
#基礎(chǔ)系統(tǒng)內(nèi)核優(yōu)化
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65535
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
EOF
/sbin/sysctl -p
#禁用control-alt-delete組合鍵以防止誤操作
sed -i 's@ca::ctrlaltdel:/sbin/shutdown -t3 -r now@#ca::ctrlaltdel:/sbin/shutdown       -t3 -r now@' /etc/inittab
#關(guān)閉SELinux
sed -i 's@SELINUX=enforcing@SELINUX=disabled@' /etc/selinux/config
#關(guān)閉iptables
service iptables stop
chkconfig iptables off
#ssh服務(wù)配置優(yōu)化,請保持機(jī)器中至少存在一個具有sudo權(quán)限的用戶，下面的配置會禁止root遠(yuǎn)程登錄
sed -i 's@#PermitRootLogin yes@PermitRootLogin no@' /etc/ssh/sshd_config 
#禁止空密碼登錄
sed -i 's@#PermitEmptyPasswords no@PermitEmptyPasswords no@' /etc/ssh/sshd_config 
#禁止SSH反向解析
sed -i 's@#UseDNS yes@UseDNS no@' /etc/ssh/sshd_config /etc/ssh/sshd_config
service sshd restart
#禁用IPv6地址
echo "install ipv6 /bin/true" > /etc/modprobe.d/disable-ipv6.conf
#每當(dāng)系統(tǒng)需要加載IPv6模塊時，強(qiáng)制執(zhí)行/bin/true來代替實(shí)際加載的模塊
echo "IPV6INIT=no" >> /etc/sysconfig/network-scripts/ifcfg-eth0
#禁用基于IPv6網(wǎng)絡(luò)，使之不會被觸發(fā)啟動
chkconfig ip6tables off
#vim基礎(chǔ)語法優(yōu)化
cat >> /root/.vimrc << EOF
set number
set ruler
set nohlsearch
set shiftwidth=2
set tabstop=4
set expandtab
set cindent
set autoindent
set mouse=v
syntax on
EOF
#精簡開機(jī)自啟動服務(wù)，安裝最小化服務(wù)的機(jī)器初始可以只保留crond|network|rsyslog|sshd這4個服務(wù)
for i in `chkconfig --list|grep 3:on|awk '{print $1}'`;do chkconfig --level 3 $i off;done
for CURSRV  in crond rsyslog sshd network;do chkconfig --level 3 $CURSRV on;done
#重啟服務(wù)器
reboot