#!/bin/bash
#服务器一键优化工具
function define_check_network() {
echo 主机名为`hostname -f`
ping www.baidu.com -c 6
}
function define_yum () {
#关闭selinux
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
#常用软件安装
yum clean all
yum -y install bash vim wget curl sysstat gcc gcc-c++ make lsof sudo unzip openssh-clients net-tools systemd rpm yum rsyslog logrotate crontabs python-libs centos-release p7zip file
yum -y update && yum -y upgrade
}
function define_tuning_services() {
#关闭多余服务
systemctl stop postfix firewalld chronyd cups
#停止开机自启动
systemctl disable postfix firewalld chronyd cups
echo "非关键系统服务已经关闭"
}
function define_tuning_kernel () {
#4.内核参数优化
echo "内核参数优化"
cp /etc/sysctl.conf /etc/sysctl.conf.bak
cat /dev/null > /etc/sysctl.conf
cat >> /etc/sysctl.conf << EOF
##内核默认参数
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
kernel.sem=500 64000 64 256
##打开文件数参数(20*1024*1024)
fs.file-max= 20971520
##WEB Server参数
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=1200
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_rmem=4096 87380 8388608
net.ipv4.tcp_wmem=4096 87380 8388608
net.ipv4.tcp_max_syn_backlog=8192
net.ipv4.tcp_max_tw_buckets = 5000
##TCP补充参数
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 65535
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
##禁用ipv6
net.ipv6.conf.all.disable_ipv6 =1
net.ipv6.conf.default.disable_ipv6 =1
##swap使用率优化
vm.swappiness=0
EOF
echo "系统参数设置OK"
}
function define_tuning_system () {
#加一个防呆判断
if [ ` cat /etc/fstab |grep noatime|wc -l` = 0 ]; then
echo "脚本首次执行"
else
echo "第二次执行脚本,请手动检查错误"
exit 1
fi
#磁盘IO优化
sed -i '/xfs/s/defaults/defaults,noatime/' /etc/fstab
##nproc设置仅适合centos6
#sed -i 's/1024/65535/' /etc/security/limits.d/90-nproc.conf
##nproc设置仅适合centos7
sed -i 's/4096/524288/' /etc/security/limits.d/20-nproc.conf
#管理open files数量
echo "* soft nofile 1024000" >> /etc/security/limits.conf
echo "* hard nofile 1024000" >> /etc/security/limits.conf
#管理最大进程数
echo "* soft nproc 1024000" >> /etc/security/limits.conf
echo "* hard nproc 1024000" >> /etc/security/limits.conf
echo "session required /lib64/security/pam_limits.so" >> /etc/pam.d/login
#全局变量设置优化
echo 'export TMOUT=600' >> /etc/profile
echo 'export TIME_STYLE="+%Y/%m/%d %H:%M:%S"' >> /etc/profile
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile
echo 'unset MAILCHECK' >> /etc/profile
sed -i '/HISTSIZE/s/1000/12000/' /etc/profile
source /etc/profile
#关闭日志无效输出
echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf
systemctl restart rsyslog
#权限优化
# echo 'umask 0022' >> /etc/profile
#禁止Ctrl+Alt+Del重启
rm -rf /usr/lib/systemd/system/ctrl-alt-del.target
#修改运行级别
systemctl set-default multi-user.target
#关闭hugepage
chmod +x /etc/rc.d/rc.local
echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled;" >> /etc/rc.d/rc.local
echo "echo never > /sys/kernel/mm/transparent_hugepage/defrag;" >> /etc/rc.d/rc.local
##启用日志压缩
sed -i 's/'#compress'/'compress'/' /etc/logrotate.conf
## ssh弱密码算法修复
echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" >> /etc/ssh/sshd_config
## 限制journal大小
echo "SystemMaxUse=2048M" >> /etc/systemd/journald.conf
echo "ForwardToSyslog=no" >> /etc/systemd/journald.conf
echo "MaxFileSec=14day" >> /etc/systemd/journald.conf
systemctl restart systemd-journald.service
#系统别名设置
cat >> /etc/bashrc << EOF
##系统别名设置
alias vi='vim'
alias ls='ls -trlh --color=auto'
alias grep='grep --color=auto'
EOF
source /etc/bashrc
echo '系统别名设置完成'
}
function define_ntpdate1 () {
#本地时间同步
yum -y install ntpdate
echo "/usr/sbin/ntpdate -us ntp1.aliyun.com;hwclock -w;" >> /etc/rc.d/rc.local
##时区校正
timedatectl set-timezone Asia/Shanghai
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && hwclock -w
##时间同步
/usr/sbin/ntpdate -us ntp1.aliyun.com;hwclock -w;
cat >> /var/spool/cron/root << EOF
##时间同步
0-59/20 * * * * /usr/sbin/ntpdate -us ntp1.aliyun.com;hwclock -w;
EOF
}
function define_update () {
## yum update
cat >> /var/spool/cron/root << EOF
#yum update software
45 00 * * * /usr/bin/yum -y install bash sudo ntpdate openssh openssl vim systemd rpm yum rsyslog logrotate crontabs curl; > /dev/null 2>&1;
EOF
}
}
function denfine_swap () {
cat >> /var/spool/cron/root << EOF
## swap enable/disable
15 * * * * /usr/sbin/swapoff -a && /usr/sbin/swapon -a;
EOF
}
function define_localhost () {
define_yum
define_tuning_services
define_tuning_kernel
define_tuning_system
define_ntpdate1
define_update
denfine_swap
}
function define_exit () {
echo '' > /tmp/one_key.sh
exit
}
while :
do
echo ""
echo "服务器一键优化脚本"
echo ""
echo ""
echo " 0) 检查服务器网络 1) 本地环境专用"
echo " 2) 退出脚本"
echo
read -p "请输入一个选项: " opmode
echo
case ${opmode} in
0) define_check_network;;
1) define_localhost;;
2) define_exit;;
*) echo "无效输入" ;;
esac
done
标签:脚本,systemd,contains,echo,Centos7,etc,conf,rc,优化
From: https://www.cnblogs.com/Dr-wei/p/16654162.html