1. 更新内核
- yum update kernel
- yum update kernel-devel
- yum update kernel-firmware
- yum update kernel-headers
2. 历史记录数
- vim /etc/profile
- TMOUT=300
- HISTTIMEFORMAT="%F %T whoami"
- HISTSIZE=4000
- HISTFILESIZE=4000
- source /etc/profile
3. 配置 ip 地址
- vim /etc/sysconfig/network-scripts/ifcfg-eth0
- DEVICE=eth0 #网卡名字
- BOOTPROTO=static #静态 IP 地址获取状态 如: DHCP 表示自动获取 IP 地址
- IPADDR=192.168.1.113 #IP 地址
- NETMASK=255.255.255.0 #子网掩码
- ONBOOT=yes #引导时是否激活
4. 配置主机名与网关
- vim /etc/sysconfig/network
- HOSTNAME=web #修改主机名, 重启生效
- GATEWAY=192.168.1.1 #修改默认网关, 如果上面 eth0 里面不配置网关的话, 默认就使用这里的网关了.
5. 修改 DNS 信息
- vim /etc/resolv.conf
- nameserver 114.114.114.114
- nameserver 8.8.8.8
- service network restart
6. 关闭防火墙
service iptables stop
7. 关闭 SELinux
- vim /etc/selinux/config
- SELINUX=disabled
- setenforce 0
- getenforce
8. 更换 yum 源
- mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
- wget http://mirrors.163.com/.help/CentOS6-Base-163.repo
- wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
- wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
- yum update -y
9. 安装 rz,sz
- yum install lrzsz -y
- rz
sz 文件
10. 添加普通用户
- useradd king
- passwd king
11. 使用 sudo
- visudo
- king ALL=(ALL) NOPASSWD: ALL
- sudo ls /root/
12. 关闭不必须要服务
- chkconfig --list|grep 3:on|grep -vE "crond|sshd|network|rsyslong|sysstat"|awk '{print"chkconfig "$1" off"}'|bash
- chkonfig --list|grep 3:on
13. 修改 ssh 服务配置文件
- vim /etc/ssh/sshd_config
- Port 8877
- PermitRootLogin no
- PermitEmptyPasswords no
- GSSAPIAuthentication no
- UseDNS no
- ListenAddress 192.168.8.10:8888(内网使用)
- /etc/init.d/sshd reload
- iptables -I INPUT -p tcp --dport 8888 -s 192.168.8.0/24 -j ACCEPT
14. 时间同步
/usr/sbin/ntpdate ntp.sjtu.edu.cn
15. 调整描述符数据
- vim /etc/security/limits.conf
- nofile 65535
16. 服务器内核参数优化 (阿里云)
- vim /etc/sysctl.conf
- vm.swappiness = 0
- net.ipv4.neigh.default.gc_stale_time=120
- https://help.aliyun.com/knowledge_detail/39428.html
- net.ipv4.conf.all.rp_filter=0
- net.ipv4.conf.default.rp_filter=0
- net.ipv4.conf.default.arp_announce = 2
- net.ipv4.conf.lo.arp_announce=2
- net.ipv4.conf.all.arp_announce=2
- https://help.aliyun.com/knowledge_detail/41334.html
- net.ipv4.tcp_max_tw_buckets = 5000
- net.ipv4.tcp_syncookies = 1
- net.ipv4.tcp_max_syn_backlog = 1024
- net.ipv4.tcp_synack_retries = 2
- net.ipv6.conf.all.disable_ipv6 = 1
- net.ipv6.conf.default.disable_ipv6 = 1
- net.ipv6.conf.lo.disable_ipv6 = 1
- sysctl -p
17. 隐藏版本信息
- #> /etc/issue
- #> /etc/issue.net
18. 锁定关键系统文件, 防止被提权篡改
- chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab
- mv /usr/bin/chattr /usr/bin/kin
19. 清除多余的系统虚拟账户
20. 禁止被 ping
- vim /etc/sysctl.conf
- net.ipv4.icmp_echo_ignore_all=1
- sysctl -p
21. 升级软件版本
- rpm -qa openssl openssh bash
- yum install openssl openssh bash -y
来源: http://www.bubuko.com/infodetail-2623445.html