Linux系统优化

系统版本：Redhat 6.4

1. 配置DNS，修改/etc/resolv.conf

nameserver 202.106.196.115
nameserver 223.5.5.5

2. 修改文件打开数：/etc/security/limits.conf

* - nofile 65536

3. 调整内核参数：/etc/sysctl.conf

net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024  65000
net.ipv4.tcp_max_syn_backlog = 200000
net.ipv4.tcp_max_tw_buckets = 20000

net.core.somaxconn = 65535
net.core.netdev_max_backlog = 30000

fs.file-max = 6815744

4. 调整分区的挂载方式：/etc/fstab

# 查看UUID
blkid
mount -o noatime,nodiratime /dev/sda1 /www
UUID=...    /www    ext4    defaults,noatime,nodiratime

5. 修改hostname后，要更新/etc/hosts

6. 禁止对服务器发起UDP连接

iptables -A INPUT -p udp -j DROP

7. 限制root登录IP : /etc/ssh/sshd_config

AllowUsers root@192.168.1.0/24

8. 挂载 shm 目录

mount --bind /dev/shm/proxy_cache /www/proxy_cache

9. 自动优化

# SSH
echo '
Port 2222
ListenAddress 0.0.0.0
UseDNS no
ClientAliveInterval 10
ClientAliveCountMax 3
' >> /etc/ssh/sshd_config
service sshd restart

# Limit
echo '
* - nofile 65536' >> /etc/security/limits.conf

# Sysctl
echo '
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024  65000
net.ipv4.tcp_max_syn_backlog = 200000
net.ipv4.tcp_max_tw_buckets = 20000
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 30000
net.netfilter.nf_conntrack_max = 655360
fs.file-max = 6815744' >> /etc/sysctl.conf

sysctl -p

# SELinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0

#End