摘要:
1.初始化网络配置1.1.创建工作目录。在生产环境中,必须有一个固定的目录来存储一些安装软件和调试工具。否则,每个管理员都可以随意存储软件工具。服务器环境可以想象为mkdir-p/opt/{tools,scripts}mkdir-p/data/backupcd/opt/tools/install通用软件工具apt-geupdateapt-geinstalllrzszviimwgetcurlsoftelnet-t
1.初始化网络配置
1.1.创建工作目录
- 生产环境下必须有个固定的目录存放一些安装软件和调试工具,
- 否则每个管理员都随意存放软件工具,服务器的环境可以想而知
mkdir -p /opt/{tools,scripts}
mkdir -p /data/backup
cd /opt/tools/
- 安装常用软件工具
apt-get update
apt-get install lrzsz vim wget curl lsof telnet net-tools ntpdate tree screen iotop iftop
1.2.设置主机名和hosts解析
- 修改服务器主机名
hostname demosrv-01
vi /etc/hostname
--------------------------------
demosrv-01
-------------------------------
- 设置hosts域名解析
vi /etc/hosts
--------------------------------
192.168.1.200 demosrv-01
--------------------------------
1.3.设置固定IP地址和DNS域名解析
1.3.1.修改主机IP
- 1)为网卡配置静态IP地址
sudo vim /etc/network/interfaces
--------------------------------------------
auto eth0
iface eth0 inet static
address 192.168.1.200
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 223.5.5.5
dns-nameservers 8.8.8.8
--------------------------------------------
# 重启网卡
sudo /etc/init.d/networking restart
- 2)设定第二个IP地址(虚拟IP地址)
sudo vim /etc/network/interfaces
--------------------------------------------
auto eth0:1
iface eth0:1 inet static
address 192.168.1.201
netmask 255.255.255.0
gateway x.x.x.x
network x.x.x.x
broadcast x.x.x.x
--------------------------------------------
# 重启网卡:
sudo /etc/init.d/networking restart
1.3.2.设置DNS解析
vi /etc/resolv.conf
--------------------------------
nameserver 202.106.0.20
nameserver 8.8.8.8
--------------------------------
ip add
ping www.baidu.com
1.4.配置 apt 源(阿里云)
1.4.1.备份原始 apt 源配置文件
cp /etc/apt/sources.list /etc/apt/sources.list.ori
1.4.2.修改 apt 源配置文件(更换 apt 源)
vim /etc/apt/sources.list
----------------------------------
# aliyun
deb http://mirrors.aliyun.com/ubuntu/ xenial main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe
----------------------------------
1.4.3.更新源和软件版本
apt-get update
apt-get upgrade
1.4.4.复损坏的软件包
# 尝试卸载出错的包,重新安装正确版本的
sudo apt-get -f install
2.配置系统环境变量
2.1.修改记录的历史命令数量
echo "HISTSIZE=10000" >> /etc/profile
tail -1 /etc/profile
2.2.设置超时自动注销登陆
# 8h=28800s
echo " " >> /etc/profile
echo "# Auto-Logout for 4 hours by zhaoshuai on $(date +%F)." >> /etc/profile
echo "export TMOUT=28800" >> /etc/profile
tail -3 /etc/profile
source /etc/profile
echo $TMOUT
3.配置系统安全选项
3.1.修改 ssh 服务配置
只监听IPv4端口,关闭GSSAPI秘钥认证,关闭DNS解析加速ssh连接
手动修改配置文件
vim /etc/ssh/sshd_config
-----------------------------
ListenAddress 0.0.0.0
PasswordAuthentication no
GSSAPIAuthentication no
UseDNS no
-----------------------------
- 命令行修改
echo "ListenAddress 0.0.0.0" >> /etc/ssh/sshd_config
echo "GSSAPIAuthentication no" >> /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
grep ListenAddress /etc/ssh/sshd_config
grep GSSAPIAuthentication /etc/ssh/sshd_config
grep UseDNS /etc/ssh/sshd_config
- 重启sshd服务
/bin/systemctl restart sshd.service
/bin/systemctl status sshd.service
3.2.关闭 selinux
- 不需要
3.3.关闭防火墙
- 内网一般不需要使用防火墙
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
3.4.关闭其他不用的服务
- 邮箱服务,CentOS7默认安装postfix,而不是sendmail
systemctl stop postfix
systemctl disable postfix
systemctl status postfix
netstat -anptl
4.修改内核参数
4.1.修改文件句柄数
vim /etc/security/limits.conf
-----------------------------------
# 系统最大连接数
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
-----------------------------------
4.2.配置 TIME_WAIT 参数
- 清理 TIME_WAIT 状态的连接
netstat -anptl|grep TIME_WAIT|wc -l
echo " " >> /etc/sysctl.conf
echo "# made by zhaoshuai for kill time_wait on $(date +%F)." >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_orphan_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf
tail -8 /etc/sysctl.conf
sysctl -p
netstat -anptl|grep TIME_WAIT|wc -l
4.3.让系统自动回收缓存 cache
echo " ">>/etc/sysctl.conf
echo "# Automatic recovery memory on $(date +%F)">>/etc/sysctl.conf
echo "vm.extra_free_kbytes=209196">>/etc/sysctl.conf
sysctl -p
5.配置时间同步
- 安装ntp服务并配置开机自启动
yum -y install ntp
systemctl enable ntpd
systemctl start ntpd
systemctl status ntpd
- 手动进行时间同步
date
/usr/sbin/ntpdate ntp1.aliyun.com
- 配置自动同步时间
echo "# made by zhaoshuai for sync time on $(date +%F)" >> /var/spool/cron/crontabs/root
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1' >> /var/spool/cron/crontabs/root
crontab -l
- 注意:
时区应该为CST为中部时区,如果是EST则为东部时区
安装CentOS系统时要去掉夏令时的选项,否则在夏令时的那一天会有时间的自动变换,
如果某个服务在时间上有要求就会导致该服务承载的业务出现问题,所以要关闭夏令时