更新yum源

1
2
3
4
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo&& \
echo "set aliyun OK ....." ||echo "yum update error ....."

安装基础软件

1
yum install -y tree nmap sysstat lrzsz dos2unix wget vim lsof ntpdate iotop iftop screen zabbix-agent salt-minion

优化开机启动项

centos6 优化开机启动项

1
chkconfig --list |grep 3:on |awk '{print $1}' |egrep -v "sshd|network|crond|rsyslog"|sed -rn 's#(.*)#chkconfig \1 off#gp'|bash

centos7 优化开机启动项

1
2
3
systemctl list-unit-files |grep enabled |awk '{print $1}' |egrep -v "sshd.service|rsyslog.service|crond.service"| sed -rn 's#(.*)#systemctl disable \1 #gp' |bash
# 如果使用rc.local 需要坚持rc-local启动项
systemctl list-unit-files |grep rc-local.service

关闭selinux配置

1
2
cp /etc/selinux/config /etc/selinux/config.bak
sed 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config.bak >/etc/selinux/config

优化SSH配置

1
2
3
4
5
6
7
8
9
sed -i 's/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g' /etc/ssh/ssh_config
sed -i "s/Port 22/#Port 22/g" /etc/ssh/sshd_config
cat >>/etc/ssh/sshd_config<<EOF
Port 52113
PermitRootLogin no
PermitEmptyPasswords no
UseDNS no
GSSAPIAuthentication no
EOF
  • 修改SSH的默认端口。
  • 禁止root登录。
  • 优化SSH连接速度。

配置普通用户登录

创建普通用户,并加入到sudo中。

1
2
3
id niu || useradd niu
echo "123456" |passwd niu --stdin
echo "niu ALL=(ALL) ALL" >>/etc/sudoers

配置时间更新

1
2
3
4
cat >>/var/spool/cron/root<<EOF
time sync by niu at 2010-2-1
*/10 * * * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1
EOF

修改文件描述符

1
echo '* - nofile 65535' >> /etc/security/limits.conf

关闭登录显示服务器信息

1
2
3
## close Login Information
> /etc/issue
> /etc/issue.net

关闭防火墙

关闭centos6的防火墙

1
2
/etc/init.d/iptables stop
chkconfig iptables off

关闭centos7的防火墙

1
2
systemctl stop firewalld
systemctl disable firewalld

补充知识

vmware克隆虚拟机后网卡无法启动问题

第一步:修改克隆后虚拟机的网卡mac地址
第二步:执行如下脚本

1
2
3
4
5
cat /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i '/HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth0
>/etc/udev/rules.d/70-persistent-net.rules
reboot