#!/bin/bash
#this script is only for CentOS 7.x by Anonym0x1.com
#是否使用root用户执行
if [ "$UID" != "0" ];then
echo "Please run this script by root"
exit 1
fi
#判断是否为64位系统
platform=`uname -i`
if [[ $platform != "x86_64" ]];then
echo "this script is only for 64bit Operating System !"
exit 2
fi
echo "the platform is ok"
cat << EOF
+---------------------------------------+
| your system is CentOS 7 x86_64 |
| start optimizing....... |
+---------------------------------------
EOF
set_dns() {
#设置公网DNS
cat >> /etc/resolv.conf << EOF
nameserver 114.114.114.114
nameserver 223.5.5.5
EOF
}
mod_yum() {
#更改阿里云yum源
yum install wget -y
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
}
add_epel() {
#添加epel源并重建缓存
yum install epel-release -y
yum clean all && yum makecache
}
time_sync() {
#同步网络时间
ntpdate cn.pool.ntp.org
echo "* 3 * * * /usr/sbin/ntpdate cn.pool.ntp.org > /dev/null 2>&1" >> /var/spool/cron/root
systemctl restart crond.service
}
open_file() {
#设置最大打开文件描述符数
echo "ulimit -SHn 102400" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 65535
* hard nofile 65535
EOF
}
close_selinux() {
#禁用selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
}
close_firewalld() {
#关闭防火墙
systemctl disable firewalld.service && systemctl stop firewalld.service
}
set_ssh() {
#配置ssh
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
sed -i 's/#Port 22/Port 6588/g' /etc/ssh/sshd_config
systemctl restart sshd.service
}
set_kernel() {
#内核参数优化
cat >> /etc/sysctl.conf << EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
kernel.msgmnb = 65536
kernel.msgmax = 65536
fs.file-max=65535
EOF
sysctl -p
}
update_linux() {
#更新系统并安装常用工具
yum -y update
yum install lrzsz tree bash-completion cmake vim net-tools htop zip unzip -y
cat << EOF
+-------------------------------------------------+
| optimizer is done |
| it's recommond to restart this server ! |
+-------------------------------------------------+
EOF
}
main() {
set_dns
mod_yum
add_epel
time_sync
open_file
close_selinux
close_firewalld
set_ssh
set_kernel
update_linux
}
main
Anonym0x1
