Linux系统优化
系统版本:Redhat 6.4
1. 配置DNS,修改/etc/resolv.conf
nameserver 202.106.196.115
nameserver 223.5.5.5
2. 修改文件打开数:/etc/security/limits.conf
* - nofile 65536
3. 调整内核参数:/etc/sysctl.conf
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 200000
net.ipv4.tcp_max_tw_buckets = 20000
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 30000
fs.file-max = 6815744
4. 调整分区的挂载方式:/etc/fstab
# 查看UUID
blkid
mount -o noatime,nodiratime /dev/sda1 /www
UUID=... /www ext4 defaults,noatime,nodiratime
5. 修改hostname后,要更新/etc/hosts
6. 禁止对服务器发起UDP连接
iptables -A INPUT -p udp -j DROP
7. 限制root登录IP : /etc/ssh/sshd_config
AllowUsers root@192.168.1.0/24
8. 挂载 shm 目录
mount --bind /dev/shm/proxy_cache /www/proxy_cache
9. 自动优化
# SSH
echo '
Port 2222
ListenAddress 0.0.0.0
UseDNS no
ClientAliveInterval 10
ClientAliveCountMax 3
' >> /etc/ssh/sshd_config
service sshd restart
# Limit
echo '
* - nofile 65536' >> /etc/security/limits.conf
# Sysctl
echo '
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 200000
net.ipv4.tcp_max_tw_buckets = 20000
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 30000
net.netfilter.nf_conntrack_max = 655360
fs.file-max = 6815744' >> /etc/sysctl.conf
sysctl -p
# SELinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
#End