#!/bin/bash
#author zhengdazhi
#this script is only for CentOS 6
#check the OS
platform=`uname -i`
if [ $platform != "x86_64" ];then
echo "this script is only for 64bit Operating System !"
exit 1
fi
echo "the platform is ok"
version=`lsb_release -r |awk '{print substr($2,1,1)}'`
if [ $version != 6 ];then
echo "this script is only for CentOS 6 !"
exit 1
fi
cat << EOF
+—————————————+
| your system is CentOS 6 x86_64 |
| start optimizing……. |
+—————————————
EOF
chkconfig abrt-ccpp off
chkconfig abrt-oops off
chkconfig abrtd off
chkconfig acpid off
chkconfig atd off
chkconfig auditd off
chkconfig autofs off
chkconfig avahi-daemon off
chkconfig certmonger off
chkconfig cpuspeed off
chkconfig cups off
chkconfig haldaemon off
chkconfig ip6tables off
chkconfig kdump off
chkconfig mdmonitor off
chkconfig mcelogd off
chkconfig mdmonitor
chkconfig netfs off
chkconfig nfslock off
chkconfig portreserve off
chkconfig postfix off
chkconfig rpcbind off
chkconfig rpcgssd off
chkconfig rpcidmapd off
#make the 163.com as the default yum repo
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
mv /etc/yum.repos.d/CentOS-Debuginfo.repo /etc/yum.repos.d/CentOS-Debuginfo.repo.bak
mv /etc/yum.repos.d/CentOS-Vault.repo /etc/yum.repos.d/CentOS-Vault.repo.bak
cp /etc/yum.repos.d/CentOS-Media.repo /etc/yum.repos.d/CentOS-Media.repo.bak
#sed -i 's/baseurl=file\:\/\/\/media\/CentOS\//baseurl=http\:\/\/192.168.2.243\/iso\//' /etc/yum.repos.d/CentOS-Media.repo
sed -i 's#file:///media/CentOS#file:///mnt/cdrom/#' CentOS-Media.repo
sed -i '/file:\/\/\/media\/cdrom\//d' CentOS-Media.repo
sed -i '/file:\/\/\/media\/cdrecorder\//d' /etc/yum.repos.d/CentOS-Media.repo
sed -i 's/gpgcheck=1/gpgcheck=0/' /etc/yum.repos.d/CentOS-Media.repo
sed -i 's/enabled=0/enabled=1/' /etc/yum.repos.d/CentOS-Media.repo
yum clean all
mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom
#wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -O /etc/yum.repos.d/CentOS-Base.repo
#update the system and set the ntp
yum clean all
#yum -y update glibc\*
#yum -y update yum\* rpm\* python\*
#yum -y update
yum -y install lftp
yum -y install ntp
yum -y install lrzsz
#echo "* 4 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1" >> /var/spool/cron/root
echo "* 4 * * * /usr/sbin/ntpdate cn.pool.ntp.org > /dev/null 2>&1" >> /var/spool/cron/root
service crond restart
#set the file limit
echo "ulimit -SHn 102400" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 65535
* hard nofile 65535
EOF
#disable selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
#set ssh
#sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
#sed -i 's/^PasswordAuthentication yes$/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i 's/^#ClientAliveInterval 0/ClientAliveInterval 60/' /etc/ssh/sshd_config
sed -i 's/^#ClientAliveCountMax 3/ClientAliveCountMax 3/' /etc/ssh/sshd_config
service sshd restart
#mkdir /root/.ssh
#touch /root/.ssh/authorized_keys
#cat >> /root/.ssh/authorized_keys <
#ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAoUMbLLMEwfhJevd06QKQ//FEliufwRhhf0M2O3VK6VV3NWK/55x+NvynY9fXeEXrQO2uH3hWNQSW/Dkxc07NnvfB6N9TwmJP7owQYSLrixrOAZ2AjKX0mo3vpF757l1ECJ9KJo4BcOva42Zds7aST1pTVNY92ry48OnxdBf5FjU= rsa-key-20131017
#EOF
#service sshd restart
#tune kernel parametres
sed -i 's/net.bridge.bridge-nf-call-ip6tables = 0/#net.bridge.bridge-nf-call-ip6tables = 0/' /etc/sysctl.conf
sed -i 's/net.bridge.bridge-nf-call-iptables = 0/#net.bridge.bridge-nf-call-iptables = 0/' /etc/sysctl.conf
sed -i 's/net.bridge.bridge-nf-call-arptables = 0/#net.bridge.bridge-nf-call-arptables = 0/' /etc/sysctl.conf
#cat >> /etc/sysctl.conf << EOF
#net.ipv4.tcp_fin_timeout = 1
#表示如果套接字由本端要求关闭,这个参数决定了它保持在FIN-WAIT-2状态的时间
#net.ipv4.tcp_keepalive_time = 1200
#表示当keepalive起用的时候,TCP发送keepalive消息的频度。缺省是2小时,改为20分钟
#net.ipv4.tcp_mem = 94500000 915000000 927000000
#net.ipv4.tcp_mem[0]:低于此值,TCP没有内存压力.
#net.ipv4.tcp_mem[1]:在此值下,进入内存压力阶段.
#net.ipv4.tcp_mem[2]:高于此值,TCP拒绝分配socket.
#上述内存单位是页,而不是字节.可参考的优化值是:786432 1048576 1572864
#net.ipv4.tcp_tw_reuse = 1
#表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接,默认为0,表示关闭;
#net.ipv4.tcp_timestamps = 0
#时间戳可以避免序列号的卷绕。一个1Gbps的链路肯定会遇到以前用过的序列号。时间戳能够让内核接受这种"异常"的数据包。这里需要将其关掉
#net.ipv4.tcp_synack_retries = 1
#为了打开对端的连接,内核需要发送一个SYN并附带一个回应前面一个SYN的ACK.也就是所谓三次握手中的第二次#握手。这个设置决定了内核放弃连接之前发送SYN+ACK包的数量
#net.ipv4.tcp_syn_retries = 1
#在内核放弃建立连接之前发送SYN包的数量
#net.ipv4.tcp_tw_recycle = 1
#表示开启TCP连接中TIME-WAIT sockets的快速回收,默认为0,表示关闭
#net.core.rmem_max = 16777216
#最大socket读buffer,可参考的优化值:873200
#net.core.wmem_max = 16777216
#最大socket写buffer,可参考的优化值:873200
#net.core.netdev_max_backlog = 262144
#每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目
#net.core.somaxconn = 262144
#web应用中listen函数的backlog默认会给我们内核参数的net.core.somaxconn限制到128,而nginx定义的NGX_LISTEN_BACKLOG默认为511,所以有必要调整这个值。
#net.ipv4.tcp_max_orphans = 3276800
#系统中最多有多少个TCP套接字不被关联到任何一个用户文件句柄上。如果超过这个数字,连接将即刻被复位并打#印出警告信息。这个限制仅仅是为了防止简单的DoS攻击,不能过分依靠它或者人为地减小这个值,更应该增加这个值(如果增加了内存之后)。
#net.ipv4.tcp_max_syn_backlog = 262144
#记录的那些尚未收到客户端确认信息的连接请求的最大值。对于有128M内存的系统而言,缺省值是1024,小内存的系统则是128.
#net.core.wmem_default = 8388608
#表示发送套接字缓冲区大小的缺省值(以字节为单位)
#net.core.rmem_default = 8388608
#表示接收套接字缓冲区大小的缺省值(以字节为单位)
#EOF
/sbin/sysctl -p
#stop some crontab
mkdir /etc/cron.daily.bak
mv /etc/cron.daily/makewhatis.cron /etc/cron.daily.bak
mv /etc/cron.daily/mlocate.cron /etc/cron.daily.bak
#disable the ipv6
cat >> /etc/modprobe.d/dist.conf << EOF
alias net-pf-10 off
options ipv6 disable=1
EOF
echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network
#tty
sed -i 's/env ACTIVE_CONSOLES=\/dev\/tty\[1-6\]/env ACTIVE_CONSOLES=\/dev\/tty\[1-2\]/' /etc/init/start-ttys.conf
#
#cat >> /root/.bashrc << EOF
#if [ "$SSH_CONNECTION" != '' -a "$TERM" != 'linux' ]; then
#declare -a HOSTIP
#HOSTIP=`echo $SSH_CONNECTION |awk '{print $3}'`
#export PROMPT_COMMAND='echo -ne "\033]0;${USER}@$HOSTIP:[${HOSTNAME%%.*}]:${PWD/#$HOME/~} \007"'
#fi
#EOF
cat >> /root/.vimrc << EOF
set tabstop=4
set softtabstop=4
set shiftwidth=4
set cindent
set autoindent
EOF
cat << EOF
+————————————————-+
| optimizer is done |
| it's recommond to restart this server ! |
+————————————————-+
EOF