CentOS6 x86_64最小化安装优化脚本

#!/bin/bash

#centos6. x86_64系统最小化安装优化脚本

#系统基础优化，建议以root运行

if [ $USER != "root" ];then

    echo "需要使用sudo运行此脚本"

    exit

fi


yum -y intall wget

cd /usr/local/src

wget http://mirrors.163.com/.help/CentOS6-Base-163.repo

cd /etc/yum.repos.d/

mv CentOS-Base.repo CentOS-Base.repo.bak

cp /usr/local/src/CentOS6-Base-.repo ./CentOS-Base.repo

yum clean all #清除yum缓存

yum makecache #重建缓存

yum -y update

cd /usr/local/src

#添加epel外部扩展源

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

rpm -ivh epel-release--.noarch.rpm

#安装gcc ，sysstat等工具

yum -y install gcc gcc-c++ vim-enhanced unzip unrar sysstat

#配置ntp自动对时

yum -y install ntp

echo "01 01 * * *  /usr/sbin/ntpdate ntp.api.bz >> /dev/null 2>&1 " >> /etc/crontab

/usr/sbin/ntpdate ntp.api.bz

service crond restart

#配置文件的ulimit值

ulimit -SHn

echo "ulimit -SHn 65534" >> /etc/rc.local

cat >> /etc/security/limits.conf << EOF

*           soft    nofile

*           hard    nofile

EOF

#基础系统内核优化

cat >> /etc/sysctl.conf << EOF

net.ipv4.tcp_syncookies =

net.ipv4.tcp_syn_retries =

net.ipv4.tcp_tw_recycle =

net.ipv4.tcp_tw_reuse =

net.ipv4.tcp_fin_timeout =

net.ipv4.tcp_keepalive_time =

net.ipv4.tcp_local_port_range =

net.ipv4.tcp_max_syn_backlog =

net.ipv4.tcp_max_tw_buckets =

net.ipv4.route.gc_timeout =

net.core.somaxconn =

net.core.netdev_max_backlog =

net.ipv4.tcp_max_orphans =

EOF

/sbin/sysctl -p

#关闭selinux

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

setenforce

#关闭itables

service iptables stop

chkconfig iptables off

#ssh配置优化

sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config

sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config

service sshd restart

#禁用基于ipv6 网络

chkconfig ip6tables off

#vim 基础语法优化

cat >> /root/.vimrc << EOF

set nu

set ruler

set shiftwidth=

set tabstop=

set expandtab

set cindent

set autoindent

set mouse=v

syntax on

EOF

#精简开机启动服务，安装最小化服务的机器初始只留 cron|network|rsyslog|sshd 四个服务

for i in `chkconfig --list | grep :on | awk '{print $1}'`;do chkconfig --level  $i off;done

for CURSRV in crond rsyslog sshd network;do chkconfig --level  $CURSRV on;done

#重启服务器

reboot