(如果IE复制的命令提示报错,需要用谷歌浏览器打开复制即可)
第一章虚拟化NAT网络设置
使用DHCP自动获取IP地址
第二章创建虚拟机
第三章安装CentOS-6.8-x86_64-bin-DVD1操作系统
用root登录,ifup eth0先启动第一个网卡,然后ifconfig获取第一块网卡IP地址
第四章模板机优化
开机后使用命令ifup eth0获取到IP地址后。用SecureCRT连接。
4.1SecureCRT设置
4.2安装linux系统后调优及安全设置
设置开机网卡自动启动
1
|
[root@mobanji ~]
# sed -i 's#ONBOOT=no#ONBOOT=yes#g' /etc/sysconfig/network-scripts/ifcfg-eth0
|
关闭selinux
1
2
3
4
5
6
|
[root@mobanji ~]
# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
[root@mobanji ~]
# getenforce
Enforcing
[root@mobanji ~]
# setenforce Permissive
[root@mobanji ~]
# getenforce
Permissive
|
关闭防火墙
1
2
|
[root@mobanji ~]
# /etc/init.d/iptables stop ##临时关闭
[root@mobanji ~]
# chkconfig iptables off ##永久关闭开机启动
|
可选择的:支持中文显示,防止中文出现乱码(CRT外观-字符编码也要设置UTF-8)此处一般不要设置成中文的。linux一切都是英文的比较好,如果想看中文的再开启即可。
1
2
3
4
5
6
|
[root@mobanji ~]
# echo $LANG
en_US.UTF-8
[root@mobanji ~]
# sed -i 's#en_US#zh_CN#g' /etc/sysconfig/i18n
[root@mobanji ~]
# . /etc/sysconfig/i18n ##.或者source都可以
[root@mobanji ~]
# echo $LANG
zh_CN.UTF-8
|
调整文件描述符
调整方法1:
修改/etc/security/limits.conf配置
1
2
3
|
[root@muban ~]
# echo '* - nofile 65535'>>/etc/security/limits.conf
[root@muban ~]
# tail -1 /etc/security/limits.conf
* - nofile 65535
|
配置完成后,重新登录才会生效。
1
2
|
[root@muban ~]
# ulimit -n
65535
|
提取oldboy普通账户可以sudo
1
2
3
4
5
|
useradd
oldboy
cp
/etc/sudoers
{,.ori}
echo
"oldboy ALL=(ALL) NOPASSWD: ALL"
>>
/etc/sudoers
tail
-1
/etc/sudoers
visudo -c
|
Base源更改为阿里云,并打补丁到最新
1
2
3
4
5
6
7
8
9
10
|
CentOS
1、备份
mv
/etc/yum
.repos.d
/CentOS-Base
.repo
/etc/yum
.repos.d
/CentOS-Base
.repo.backup
2、下载新的CentOS-Base.repo 到
/etc/yum
.repos.d/
CentOS 6
yum
install
wget
wget -O
/etc/yum
.repos.d
/CentOS-Base
.repo http:
//mirrors
.aliyun.com
/repo/Centos-6
.repo
或者
curl -o
/etc/yum
.repos.d
/CentOS-Base
.repo http:
//mirrors
.aliyun.com
/repo/Centos-6
.repo
3、之后运行yum makecache生成缓存
|
Epel源改为阿里云Epel源
1
2
3
4
5
6
|
1、备份(如有配置其他epel源)
mv
/etc/yum
.repos.d
/epel
.repo
/etc/yum
.repos.d
/epel
.repo.backup
mv
/etc/yum
.repos.d
/epel-testing
.repo
/etc/yum
.repos.d
/epel-testing
.repo.backup
2、下载新repo 到
/etc/yum
.repos.d/
epel(RHEL 6)
wget -O
/etc/yum
.repos.d
/epel
.repo http:
//mirrors
.aliyun.com
/repo/epel-6
.repo
|
此处不建议更新系统(如果只想用centos 6.8就不要升级):
1
2
|
rpm --
import
/etc/pki/rpm-gpg/RPM-GPG-KEY
*
yum update -y
#执行此命令升级后centos6.8就自动升级成了6.9了,再重启如下图所示:
|
额外安装一些有用的软件包
1
|
[root@mobanji ~]
# yum install tree telnet dos2unix sysstat lrzsz nc nmap -y
|
精简开机系统自启动只保留5个服务。
1
2
3
4
5
6
7
|
[root@mobanji ~]
# chkconfig --list|grep 3:on|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash
[root@mobanji ~]
# chkconfig --list|grep 3:on
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off
|
设置linux服务器时间同步
1
2
3
4
5
6
7
|
[root@mobanji ~]
# /usr/sbin/ntpdate time.nist.gov
4 Oct 12:23:24 ntpdate[24685]: no server suitable
for
synchronization found
[root@mobanji ~]
# echo '#time sync by oldboy at 2017-10-04'>>/var/spool/cron/root
[root@mobanji ~]
# echo '*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1'>>/var/spool/cron/root
[root@mobanji ~]
# crontab -l
#time sync by oldboy at 2017-10-04
*
/5
* * * *
/usr/sbin/ntpdate
time
.nist.gov >
/dev/null
2>&1
|
历史记录数及登录超时环境变量设置(测试环境不需要)
1
2
3
4
|
echo
'export TMOUT=300'
>>
/etc/profile
#连接的超时时间控制时间为300秒
echo
'export HISTSIZE=5'
>>
/etc/profile
#命令行的历史记录数为5
echo
'export HISTFILESIZE=5'
>>
/etc/profile
#历史记录文件的命令数量
tail
-3
/etc/profile
|
内核优化(本优化适合apache,nginx,squid等多种web应用,特殊的业务有可能需要略做调整)
将下面的内核参数值加入vim /etc/sysctl.conf最后一行文件中
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
#以下参数是对iptables防火墙的优化,防火墙不开会提示,可以忽略不理
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait =120
|
然后执行如下命令sysctl -p使之生效
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
[root@oldboy ~]
# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
error:
"net.nf_conntrack_max"
is an unknown key
error:
"net.netfilter.nf_conntrack_max"
is an unknown key
error:
"net.netfilter.nf_conntrack_tcp_timeout_established"
is an unknown key
error:
"net.netfilter.nf_conntrack_tcp_timeout_time_wait"
is an unknown key
error:
"net.netfilter.nf_conntrack_tcp_timeout_close_wait"
is an unknown key
error:
"net.netfilter.nf_conntrack_tcp_timeout_fin_wait"
is an unknown key
|
4.3配置双网卡固定ip
设置完后如下配置后重启linux系统
如果环境属于移动办公建议,从DNS设置成阿里云公共dns地址
移动办公:主从dns都根据http://www.alidns.com/setup/#linux设置成
nameserver 223.5.5.5 主dns
nameserver 223.6.6.6 从dns 即可
设置完成后重启,然后直接用SecureCRT连接即可
eth0网卡:删除mac地址和uuid
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@oldboy ~]
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0c:29:59:47:0f
TYPE=Ethernet
UUID=ee7d8a04-694b-4595-9e37-b759535e7c99
ONBOOT=
yes
NM_CONTROLLED=
yes
BOOTPROTO=none
IPADDR=10.0.0.100
NETMASK=255.255.255.0
DNS2=202.96.128.86
GATEWAY=10.0.0.2
DNS1=10.0.0.2
USERCTL=no
PEERDNS=
yes
IPV6INIT=no
|
1
2
3
4
|
[root@oldboy ~]
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
删除如下两行即可(MAC地址和UUID)
HWADDR=00:0c:29:59:47:0f
UUID=ee7d8a04-694b-4595-9e37-b759535e7c99
|
eth1网卡:删除mac地址和uuid
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@oldboy ~]
# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
HWADDR=00:0c:29:59:47:19
TYPE=Ethernet
UUID=e082a412-3fee-42e6-96e5-ac05b4d38d5f
ONBOOT=
yes
NM_CONTROLLED=
yes
BOOTPROTO=none
IPADDR=172.16.1.100
NETMASK=255.255.255.0
USERCTL=no
PEERDNS=
yes
IPV6INIT=no
[root@oldboy ~]
# vi /etc/sysconfig/network-scripts/ifcfg-eth1
删除如下两行即可(MAC地址和UUID)
HWADDR=00:0c:29:59:47:19
UUID=e082a412-3fee-42e6-96e5-ac05b4d38d5f
|
清空70-persistent-net.rules
1
2
3
4
5
6
7
8
9
10
|
[root@oldboy ~]
# >/etc/udev/rules.d/70-persistent-net.rules
[root@oldboy ~]
# echo ">/etc/udev/rules.d/70-persistent-net.rules" >>/etc/rc.local
[root@oldboy ~]
# cat /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch
/var/lock/subsys/local
>
/etc/udev/rules
.d
/70-persistent-net
.rules
|
设置完后,关机。然后把这个模板机,做个快照,快照名为模板机CentOS 6.8 模板机即可。
后期需要克隆虚拟机直接用链接克隆即可
本文转自sandshell博客51CTO博客,原文链接http://blog.51cto.com/sandshell/1970344如需转载请自行联系原作者
sandshell