#!/bin/bash
# 设置时区并同步时间
TIMEZONE="Asia/Shanghai"
ln -sf "/usr/share/zoneinfo/$TIMEZONE" /etc/localtime
ntpdate time.windows.com >/dev/null 2>&1
# 禁用SELinux
sed -i 's/SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
# 关闭防火墙
if grep -q "7.[0-9]" /etc/redhat-release; then
systemctl stop firewalld
systemctl disable firewalld
elif grep -q "6.[0-9]" /etc/redhat-release; then
service iptables stop
chkconfig iptables off
fi
# 历史命令显示操作时间
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/bashrc
# SSH超时时间
echo "export TMOUT=600" >> /etc/profile
# 禁止root远程登录
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
# 禁止定时任务向发送邮件
sed -i 's/^MAILTO=root/MAILTO=""/' /etc/crontab
# 设置最大打开文件数
LIMITS_CONF="/etc/security/limits.conf"
if ! grep -q "* soft nofile 65535" "$LIMITS_CONF"; then
echo -e "* soft nofile 65535
* hard nofile 65535" >> "$LIMITS_CONF"
fi
# 系统内核优化
SYSCTL_CONF="/etc/sysctl.conf"
echo -e "net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_tw_buckets = 20480
net.ipv4.tcp_max_syn_backlog = 20480
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_fin_timeout = 20" >> "$SYSCTL_CONF"
# 减少SWAP使用
echo "0" > /proc/sys/vm/swappiness
# 安装系统性能分析工具及其他
yum install -y gcc make autoconf vim sysstat net-tools iostat if