c81-system-optimize.sh
#!/bin/bash
write_to_limits(){
if [ $# -eq 3 ]; then
atype=$1
item=$2
value=$3
file=/etc/security/limits.conf
else
return
fi
ok=$(grep "^* $atype $item" $file | wc -l)
if [ $ok -eq 0 ]; then
echo "* $atype $item $value" >>$file
else
sed -i "s/^* $atype $item.*/* $atype $item $value/g" $file
fi
}
write_to_sysctl() {
if [ $# -eq 2 ]; then
name=$1
value=$2
file=/etc/sysctl.conf
else
return
fi
ok=$(grep "^$name" $file | wc -l)
if [ $ok -eq 0 ]; then
echo "$name = $value" >>$file
else
sed -i "s/^$name =.*/$name = $value/g" $file
fi
}
### disable selinux
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
setenforce 0 2>/dev/null
### don't show cockpit message when login
> /usr/share/cockpit/motd/inactive.motd
### show banner when login
echo "Authorized uses only. All activity may be monitored and reported." > /etc/motd
### set history size
sed -i 's/^HISTSIZE=.*/HISTSIZE=100/' /etc/profile
### set systemd timeout of start and stop services
sed -i -e '/DefaultTimeoutStartSec/{s/#//;s/=.*/=15s/}' -e '/DefaultTimeoutStopSec/{s/#//;s/=.*/=15s/}' /etc/systemd/system.conf
### set firewall default zone
firewall-cmd --set-default-zone=trusted 1>/dev/null 2>&1 || sed -i 's/^DefaultZone=.*/DefaultZone=trusted/' /etc/firewalld/firewalld.conf
### enable rc.local ####
sed -i -e 's/^After=.*/After=network.target network-online.target rsyslog.service/' -e '/^KillMode=/d' -e '/^GuessMainPID/a\KillMode=mixed' /usr/lib/systemd/system/rc-local.service
chmod +x /etc/rc.d/rc.local
### set systemctl config
systemctl disable kdump.service 2>/dev/null
systemctl enable firewalld.service 2>/dev/null
systemctl daemon-reload
### kernel optimize
write_to_limits soft core 0
write_to_limits hard core 0
write_to_limits soft nofile 65535
write_to_limits hard nofile 65535
write_to_sysctl net.ipv4.ip_forward 1
write_to_sysctl net.ipv4.tcp_tw_reuse 1
write_to_sysctl net.ipv4.tcp_fin_timeout 30
write_to_sysctl net.ipv4.tcp_max_syn_backlog 1024
write_to_sysctl net.ipv4.ip_local_port_range "15000 64000"
write_to_sysctl net.ipv6.conf.all.disable_ipv6 1
write_to_sysctl net.core.somaxconn 1024
write_to_sysctl net.nf_conntrack_max 2000000
扫一扫
3405
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
