centos6.5 web站點優化
發表於 : 2015-12-12, 22:12
#update os
yum update -y
#selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
setenforce 0
#welcome message
echo 'web server' >/etc/issue
echo 'web server' >/etc/redhat-release
#stop iptables
service iptables stop
chkconfig auditd off
chkconfig blk-availability off
chkconfig ip6tables off
chkconfig postfix off
chkconfig netfs off
#del user
userdel adm
userdel lp
userdel shutdown
userdel halt
userdel uucp
userdel operator
userdel games
userdel gopher
#create administrator useuucp
useradd user
echo "123456" | passwd --stdin user
echo 'user ALL=(ALL) ALL'>>/etc/sudoers
echo 'net.ipv4.tcp_syncookies = 1'>>/etc/sysctl.conf #1是開啟SYN Cookies,當出現SYN等待佇列溢出時,啟用Cookies來處,理,可防範少量SYN攻擊,默認是0關閉
echo 'net.ipv4.tcp_tw_reuse = 1'>>/etc/sysctl.conf #1是開啟重用,允許講TIME_AIT sockets重新用於新的TCP連接,默認是0關閉
echo 'net.ipv4.tcp_tw_recycle = 1'>>/etc/sysctl.conf #TCP失敗重傳次數,默認是15,減少次數可釋放內核資源
echo 'net.ipv4.ip_local_port_range = 4096 65000'>>/etc/sysctl.conf #應用程式可使用的埠範圍
echo 'net.ipv4.tcp_max_tw_buckets = 5000'>>/etc/sysctl.conf #系統同時保持TIME_WAIT通訊端的最大數量,如果超出這個數字,TIME_WATI通訊端將立刻被清除並列印警告資訊,預設180000
echo 'net.ipv4.tcp_max_syn_backlog = 4096'>>/etc/sysctl.conf #進入SYN寶的最大請求佇列,預設是1024
echo 'net.core.netdev_max_backlog = 10240'>>/etc/sysctl.conf #允許送到佇列的資料包最大設備佇列,預設300
echo 'net.core.somaxconn = 2048'>>/etc/sysctl.conf #listen掛起請求的最大數量,默認128
echo 'net.core.wmem_default = 8388608'>>/etc/sysctl.conf #發送緩存區大小的缺省值
echo 'net.core.rmem_default = 8388608'>>/etc/sysctl.conf #接受通訊端緩衝區大小的缺省值(以位元組為單位)
echo 'net.core.rmem_max = 16777216'>>/etc/sysctl.conf #最大接收緩衝區大小的最大值
echo 'net.core.wmem_max = 16777216'>>/etc/sysctl.conf #發送緩衝區大小的最大值
echo 'net.ipv4.tcp_synack_retries = 2'>>/etc/sysctl.conf #SYN-ACK握手狀態重試次數,預設5
echo 'net.ipv4.tcp_syn_retries = 2'>>/etc/sysctl.conf #向外SYN握手重試次數,默認4
echo 'net.ipv4.tcp_tw_recycle = 1'>>/etc/sysctl.conf #開啟TCP連接中TIME_WAIT sockets的快速回收,默認是0關閉
echo 'net.ipv4.tcp_max_orphans = 3276800'>>/etc/sysctl.conf #系統中最多有多少個TCP通訊端不被關聯到任何一個用戶檔案控制代碼上,如果超出這個數字,孤兒連接將立即重定並列印警告資訊
echo 'net.ipv4.tcp_mem = 94500000 915000000 927000000'>>/etc/sysctl.conf
#install packages
yum -y install lrzsz gcc gcc-c++ make pcre-devel zlib-devel openssl-devel ntp ntpdate rsync wget
ntpdate cn.pool.ntp.org;clock -w
#crontab ntpdate
#10 * * * * /usr/sbin/ntpdate cn.pool.ntp.org;clock -w
echo '* soft nofile 65536'>>/etc/security/limits.conf
echo '* hard nofile 65536'>>/etc/security/limits.conf
echo 'session required /lib/security/pam_limits.so'>>/etc/pam.d/login
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
#iptables config
iptables -F #清楚防火牆規則
iptables -L #查看防火牆規則
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -P INPUT DROP
echo "alias vi='vim'">>/root/.bashrc
source /root/.bashrc
原文:http://www.cnblogs.com/zhongnan/p/4022682.html
yum update -y
#selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
setenforce 0
#welcome message
echo 'web server' >/etc/issue
echo 'web server' >/etc/redhat-release
#stop iptables
service iptables stop
chkconfig auditd off
chkconfig blk-availability off
chkconfig ip6tables off
chkconfig postfix off
chkconfig netfs off
#del user
userdel adm
userdel lp
userdel shutdown
userdel halt
userdel uucp
userdel operator
userdel games
userdel gopher
#create administrator useuucp
useradd user
echo "123456" | passwd --stdin user
echo 'user ALL=(ALL) ALL'>>/etc/sudoers
echo 'net.ipv4.tcp_syncookies = 1'>>/etc/sysctl.conf #1是開啟SYN Cookies,當出現SYN等待佇列溢出時,啟用Cookies來處,理,可防範少量SYN攻擊,默認是0關閉
echo 'net.ipv4.tcp_tw_reuse = 1'>>/etc/sysctl.conf #1是開啟重用,允許講TIME_AIT sockets重新用於新的TCP連接,默認是0關閉
echo 'net.ipv4.tcp_tw_recycle = 1'>>/etc/sysctl.conf #TCP失敗重傳次數,默認是15,減少次數可釋放內核資源
echo 'net.ipv4.ip_local_port_range = 4096 65000'>>/etc/sysctl.conf #應用程式可使用的埠範圍
echo 'net.ipv4.tcp_max_tw_buckets = 5000'>>/etc/sysctl.conf #系統同時保持TIME_WAIT通訊端的最大數量,如果超出這個數字,TIME_WATI通訊端將立刻被清除並列印警告資訊,預設180000
echo 'net.ipv4.tcp_max_syn_backlog = 4096'>>/etc/sysctl.conf #進入SYN寶的最大請求佇列,預設是1024
echo 'net.core.netdev_max_backlog = 10240'>>/etc/sysctl.conf #允許送到佇列的資料包最大設備佇列,預設300
echo 'net.core.somaxconn = 2048'>>/etc/sysctl.conf #listen掛起請求的最大數量,默認128
echo 'net.core.wmem_default = 8388608'>>/etc/sysctl.conf #發送緩存區大小的缺省值
echo 'net.core.rmem_default = 8388608'>>/etc/sysctl.conf #接受通訊端緩衝區大小的缺省值(以位元組為單位)
echo 'net.core.rmem_max = 16777216'>>/etc/sysctl.conf #最大接收緩衝區大小的最大值
echo 'net.core.wmem_max = 16777216'>>/etc/sysctl.conf #發送緩衝區大小的最大值
echo 'net.ipv4.tcp_synack_retries = 2'>>/etc/sysctl.conf #SYN-ACK握手狀態重試次數,預設5
echo 'net.ipv4.tcp_syn_retries = 2'>>/etc/sysctl.conf #向外SYN握手重試次數,默認4
echo 'net.ipv4.tcp_tw_recycle = 1'>>/etc/sysctl.conf #開啟TCP連接中TIME_WAIT sockets的快速回收,默認是0關閉
echo 'net.ipv4.tcp_max_orphans = 3276800'>>/etc/sysctl.conf #系統中最多有多少個TCP通訊端不被關聯到任何一個用戶檔案控制代碼上,如果超出這個數字,孤兒連接將立即重定並列印警告資訊
echo 'net.ipv4.tcp_mem = 94500000 915000000 927000000'>>/etc/sysctl.conf
#install packages
yum -y install lrzsz gcc gcc-c++ make pcre-devel zlib-devel openssl-devel ntp ntpdate rsync wget
ntpdate cn.pool.ntp.org;clock -w
#crontab ntpdate
#10 * * * * /usr/sbin/ntpdate cn.pool.ntp.org;clock -w
echo '* soft nofile 65536'>>/etc/security/limits.conf
echo '* hard nofile 65536'>>/etc/security/limits.conf
echo 'session required /lib/security/pam_limits.so'>>/etc/pam.d/login
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
#iptables config
iptables -F #清楚防火牆規則
iptables -L #查看防火牆規則
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -P INPUT DROP
echo "alias vi='vim'">>/root/.bashrc
source /root/.bashrc
原文:http://www.cnblogs.com/zhongnan/p/4022682.html