Linux安装后常用设置(私有环境)
文章目录
本操作针对私有环境,非公网环境,仅用于局域网快速部署环境。
公网环境请注意系统和网络安全,建议开启防火墙等操作。
一、 安装后常用设置如下:
可以直接复制在命令行执行:
1. RedHat/CentOS 7.2+
echo "# User specific history" >> /etc/bashrc && source /etc/bashrc
echo "export HISTTIMEFORMAT='%F %T '" >> /etc/bashrc && source /etc/bashrc
sed -i "s/HISTSIZE=1000/HISTSIZE=50000/g" /etc/profile
echo "alias grep='grep --color'" >> /etc/bashrc && source /etc/bashrc
sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
sed -i "s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g" /etc/ssh/sshd_config
systemctl restart sshd >>/dev/null 2>&1
systemctl status sshd
systemctl stop firewalld >>/dev/null 2>&1
systemctl disable firewalld
echo "* - core unlimited" >> /etc/security/limits.conf
echo "* - nofile 102400" >> /etc/security/limits.conf
echo "* - nproc 256800" >> /etc/security/limits.conf
echo "session required /lib64/security/pam_limits.so" >> /etc/pam.d/login
sed -i "s/^*/#*/g" /etc/security/limits.d/*0-nproc.conf
echo "kernel.core_pattern = core.%e.%p.%t" >> /etc/sysctl.conf
echo "net.core.somaxconn = 4096" >> /etc/sysctl.conf
echo "kernel.sem=250 32000 100 1024" >> /etc/sysctl.conf
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sysctl -p
2. RedHat/CentOS 6.5+
echo "# User specific history" >> /etc/bashrc && source /etc/bashrc
echo "export HISTTIMEFORMAT='%F %T '" >> /etc/bashrc && source /etc/bashrc
sed -i "s/HISTSIZE=1000/HISTSIZE=50000/g" /etc/profile
echo "alias grep='grep --color'" >> /etc/bashrc && source /etc/bashrc
sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
sed -i "s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g" /etc/ssh/sshd_config
service sshd restart >>/dev/null 2>&1
service sshd status
service iptables stop >>/dev/null 2>&1
service iptables status
chkconfig iptables off >>/dev/null 2>&1
echo "* - core unlimited" >> /etc/security/limits.conf
echo "* - nofile 102400" >> /etc/security/limits.conf
echo "* - nproc 256800" >> /etc/security/limits.conf
echo "session required /lib64/security/pam_limits.so" >> /etc/pam.d/login
sed -i "s/^/#/g" /etc/security/limits.d/*0-nproc.conf
echo "kernel.core_pattern = core.%e.%p.%t" >> /etc/sysctl.conf
echo "net.core.somaxconn = 4096" >> /etc/sysctl.conf
echo "kernel.sem=250 32000 100 1024" >> /etc/sysctl.conf
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sysctl -p
二、 linux系统安装后常用设置说明:
1. 历史命令带日期时间,修改历史命令记录数量
临时生效命令:
export HISTTIMEFORMAT='%F %T '
更改历史命令记录显示格式,永久生效:
# User specific history
echo "export HISTTIMEFORMAT='%F %T '" >> ~/.bashrc && source ~/.bashrc
# global history
echo "export HISTTIMEFORMAT='%F %T '" >> /etc/bashrc && source /etc/bashrc
更改历史命令记录保留条数,永久生效:
# HISTSIZE
# User specific history
sed -i "s/HISTSIZE=1000/HISTSIZE=50000/g" ~/.bashrc && source ~/.bashrc
# global history
sed -i "s/HISTSIZE=1000/HISTSIZE=50000/g" /etc/profile && source /etc/profile
2. 设置grep带颜色,常用别名设置
临时生效命令:
alias grep='grep --color'
永久生效命令:
echo "alias grep='grep --color'" >> ~/.bashrc && source ~/.bashrc
echo "alias grep='grep --color'" >> /etc/bashrc && source /etc/bashrc
3. 登录时,输入用户名需要等待很久才能输入密码,禁用sshd里DNS的配置
sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
sed -i "s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g" /etc/ssh/sshd_config
service sshd restart
systemctl restart sshd
4. 关闭防火墙、禁用防火墙
# RedHat/CentOS 6.x系列
service iptables status
service iptables stop
service iptables start
chkconfig iptables off
# RedHat/CentOS 7.x系列
systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld
5. 修改系统限制,文件打开数限制等
echo "* - core unlimited" >> /etc/security/limits.conf
echo "* - nofile 102400" >> /etc/security/limits.conf
echo "* - nproc 256800" >> /etc/security/limits.conf
echo "session required /lib64/security/pam_limits.so" >> /etc/pam.d/login
sed -i "s/^/#/g" /etc/security/limits.d/*0-nproc.conf
6. 修改内存转存储设置,修改信号量设置
# 保存core日志文件
echo "kernel.core_pattern = core.%e.%p.%t" >> /etc/sysctl.conf
echo "net.core.somaxconn = 4096" >> /etc/sysctl.conf
# 修改信号量
echo "kernel.sem=250 32000 100 1024" >> /etc/sysctl.conf
# 修改虚拟内存大小,elasticsearch要求至少262144
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
# 使修改生效,命令:
sysctl -p
7. 常用软件安装yum安装
yum install -y vim telnet lrzsz net-tools unzip
yum install -y nmap psmisc mlocate dstat
说明:
telnet tcp端口测试命令 telnet ip port
lrzsz 文件上传下载命令
net-tools 7.X上netstat命令工具
unzip 常用zip压缩包解压工具
nmap ncat工具,udp端口测试命令 nc -vuz ip port
psmisc 包含三个帮助管理/proc目录的程序
fuser 显示使用指定文件或者文件系统的进程的PID。
killall 杀死某个名字的进程,它向运行指定命令的所有进程发出信号。
pstree 树型显示当前运行的进程。
mlocate locate 普通文件快速定位
updatedb 建立索引库,默认每天一次
dstat 系统资源统计命令CPU磁盘网络等查看工具