1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
| #!/usr/bin/env bash
. /etc/rc.d/init.d/functions
export LANG=zh_CN.UTF-8
if [ "$(uname -i)" != "x86_64" ]; then
echo "this script is only for 64bit Operating System !"
exit 1
fi
echo "the platform is ok"
set -ex
#一级菜单
menu1() {
clear
cat <<EOF
----------------------------------------
|**** 欢迎使用centos7.9优化脚本 ****|
----------------------------------------
1. 一键优化
2. 自定义优化
3. 退出
EOF
read -r -p "Please enter your choice[1-3]: " num1
}
#二级菜单
menu2() {
clear
cat <<EOF
--------------------------------------------
|**** Please enter your choice: [1-13] ****|
--------------------------------------------
1. 修改字符集
2. 关闭selinux
3. 关闭firewalld
4. 精简开机启动
5. 修改文件描述符
6. 安装常用工具
7. 优化系统内核
8. 加快ssh登录速度
9. 禁用ctrl+alt+del重启
10.设置时间同步
11.history优化
12.返回上级菜单
13.退出
EOF
read -r -p "Please enter your choice[1-13]: " num2
}
#1.修改字符集
locale_set() {
echo "========================修改字符集=========================="
cat >/etc/locale.conf <<EOF
LANG="zh_CN.UTF-8"
#LANG="en_US.UTF-8"
SYSFONT="latarcyrheb-sun16"
EOF
. /etc/locale.conf
cat /etc/locale.conf
echo 'stty erase ^H' >>/etc/profile
echo "syntax on" >>/root/.vimrc
echo "==========================================================="
sleep 2
}
#2.关闭selinux
selinux_set() {
echo "========================禁用SELINUX========================"
if [ "$(grep -c "SELINUX=disabled" /etc/sysconfig/selinux)" -eq 0 ]; then
sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/sysconfig/selinux
setenforce 0
grep SELINUX=disabled /etc/sysconfig/selinux
getenforce
else
echo 'SELINUX已处于关闭状态'
grep SELINUX=disabled /etc/sysconfig/selinux
getenforce
fi
echo "==========================================================="
sleep 2
}
#3.关闭firewalld
firewalld_set() {
echo "=======================禁用firewalld========================"
# 关闭IPv6
cat >/etc/modprobe.d/ipv6.conf <<EOF
alias net-pf-10 off
options ipv6 disable=1
EOF
echo "NETWORKING_IPV6=off" >>/etc/sysconfig/network
iptables -F
iptables -X
iptables -Z
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl list-unit-files | grep firewalld
firewall-cmd --state
echo "==========================================================="
sleep 5
}
#4.精简开机启动
chk_set() {
echo "========================精简开机启动========================="
systemctl disable auditd.service
systemctl disable postfix.service
systemctl list-unit-files | grep -E "auditd|postfix"
echo "==========================================================="
sleep 2
}
#5.修改文件描述符
limit_set() {
echo "=======================修改文件描述符========================"
ulimit -SHn 65535
cat /etc/security/limits.conf
ulimit -Sn
ulimit -Hn
echo "==========================================================="
sleep 2
}
#6.安装常用工具
yum_set() {
echo "======================安装常用工具及========================="
yum install -y net-tools vim tree htop iftop lsof tcpdump nethogs nfs-utils httpd-tools sysstat \
iotop lrzsz sl wget unzip telnet nmap nc psmisc rsync bash-completion vim-enhanced \
dos2unix bash-completion bash-completion-extra
echo "==========================================================="
sleep 2
}
#7. 优化系统内核
kernel_set() {
echo "=======================优化系统内核=========================="
if [ "$(grep -c conntrack /etc/sysctl.conf)" -eq 0 ]; then
cat >>/etc/sysctl.conf <<EOF
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_fin_timeout = 2
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.core.somaxconn = 16384
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.rmem_default = 8388608
net.core.wmem_default = 8388608
net.core.netdev_max_backlog = 262144
#net.netfilter.nf_conntrack_max = 25000000
#net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
#net.netfilter.nf_conntrack_tcp_timeout_established = 180
EOF
sysctl -p
else
echo "优化项已存在。"
fi
echo "==========================================================="
sleep 2
}
#8.加快ssh登录速度
ssh_set() {
echo "=======================加快ssh登录速度======================="
sed -i 's#^GSSAPIAuthentication yes$#GSSAPIAuthentication no#g' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
systemctl restart sshd.service
grep GSSAPIAuthentication /etc/ssh/sshd_config
grep UseDNS /etc/ssh/sshd_config
echo "==========================================================="
sleep 2
}
#9. 禁用ctrl+alt+del重启
restart_set() {
echo "====================禁用ctrl+alt+del重启===================="
rm -rf /usr/lib/systemd/system/ctrl-alt-del.target
echo "==========================================================="
sleep 2
}
#10. 设置时间同步
date_set() {
echo "========================设置时间同步========================="
yum install -y chrony
systemctl enable chronyd.service
sed -i "s!#local stratum 10!local stratum 10!g" /etc/chrony.conf
timedatectl set-timezone Asia/Shanghai
chronyc -a makestep
echo "==========================================================="
sleep 2
}
#11. history优化
history_set() {
echo "========================history优化========================"
if [ "$(grep -c HISTTIMEFORMAT /etc/profile)" -eq 0 ]; then
cat >>/etc/profile <<EOF
#设置history格式
export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] [$(whoami)] [$(who am i | awk '{print $NF}' | sed -r 's#[()]##g')]: "
#记录shell执行的每一条命令
export PROMPT_COMMAND='\
if [ -z "$OLD_PWD" ];then
export OLD_PWD=$PWD;
fi;
if [ ! -z "$LAST_CMD" ] && [ "$(history 1)" != "$LAST_CMD" ]; then
logger -t $(whoami)_shell_dir "[$OLD_PWD]$(history 1)";
fi;
export LAST_CMD="$(history 1)";
export OLD_PWD=$PWD;'
EOF
source /etc/profile
else
echo "优化项已存在。"
fi
echo "==========================================================="
sleep 2
}
#控制函数
main() {
menu1
case $num1 in
1)
locale_set
selinux_set
firewalld_set
chk_set
limit_set
yum_set
kernel_set
ssh_set
restart_set
date_set
history_set
;;
2)
menu2
case $num2 in
1)
locale_set
;;
2)
selinux_set
;;
3)
firewalld_set
;;
4)
chk_set
;;
5)
limit_set
;;
6)
yum_set
;;
7)
kernel_set
;;
8)
ssh_set
;;
9)
restart_set
;;
10)
date_set
;;
11)
history_set
;;
12)
main
;;
13)
exit
;;
*)
echo 'Please select a number from [1-13].'
;;
esac
;;
3)
exit
;;
*)
echo 'Err:Please select a number from [1-3].'
sleep 3
main
;;
esac
}
main $*
|