制作CentOS7.6的镜像光盘或U盘(略过)
将光盘或U盘放入到服务器中,修改BIOS启动选项,将其修改为光盘或U盘启动,启动服务器
如果是物理机的话,启动服务器后,进入远控卡,设置远控卡相关选项(远控卡IP地址,用户名,密码等),进入到raid选项中,设置硬盘的raid级别等,然后进入CentOS7.6镜像启动开始安装系统
如果是虚拟机的话,直接进入CentOS7.6镜像启动开始安装系统
当进入到启动页面的时候,光标选择Install CentOS 7,按Tab键,并输入net.ifnames=0 biosdevname=0,回车;这样在安装CentOS 7时候,将网卡名称修改为eth*命名方式;如下图:
选择语言及键盘布局:都选English |选择网络:手动设置IP地址、网关、DNS等 |选择时间:设置时区 |选择最小化安装
选择分区:使用lvm分区方式,将硬盘分为如下图:
选择Begin Installation
设置root密码
完成安装,重启
# 针对CentOS7的优化
# 创建普通用户
useradd hooper && echo 'www.kfx.com' |passwd --stdin hooper
更改用户 hooper 的密码 。
passwd:所有的身份验证令牌已经成功更新。
# 优化历史记录
cp -rp /etc/profile{,.`date +"%F_%H-%M-%S"`}
sed -i "s/HISTSIZE=1000/HISTSIZE=999999999/" /etc/profile
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile
source /etc/profile
# yum安装基础软件包并升级内核
yum clean all
yum makecache
yum install -y wget gcc gcc-c++ lrzsz ntsysv vim ntpdate rsync sysstat screen openssh-clients openssl-devel iftop curl cron glibc zlib chkconfig make net-snmp ncurses-devel atop openldap openssl dos2unix dstat net-tools bash-completion bind-utils
yum install -y wget yum-utils device-mapper-persistent-data lvm2 nmap-ncat tree
yum install -y epel-release
yum install -y iftop
yum -y update kernel
# 设置时间同步
date
ntpdate ch.pool.ntp.org
echo $?
hwclock -w
echo '0 */5 * * * /usr/sbin/ntpdate ch.pool.ntp.org >/dev/null 2>&1' >>/var/spool/cron/root
crontab -l
# 设置别名及vim配置文件
cp /root/.bashrc /root/.bashrc.`date +"%F_%H-%M-%S"`
sed -i "8 s/^/alias vi='vim'/" /root/.bashrc
sed -i "8a alias grep='grep --color'" /root/.bashrc
sed -i '/color/G' /root/.bashrc
echo "alias datebak='date +"%F_%H-%M-%S"'" >> /root/.bashrc
echo "alias ll='ls -lhrt'" >> /root/.bashrc
cp /etc/vimrc /etc/vimrc.`date +"%F_%H-%M-%S"`
sed -i "s/^set history=50/set history=1000/" /etc/vimrc
echo 'syntax on' >> /etc/vimrc
echo 'set paste' >> /etc/vimrc
echo 'set backspace=2' >> /etc/vimrc
# 关闭防火墙
grep "SELINUX" /etc/selinux/config
cp /etc/selinux/config /etc/selinux/config.`date +"%F_%H-%M-%S"`
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
setenforce 0
systemctl disable firewalld
systemctl stop firewalld
# 优化limits
cp /etc/security/limits.conf /etc/security/limits.conf.`date +"%F_%H-%M-%S"`
ulimit -n
echo -ne "* soft nofile 127093\n* hard nofile 127093\n* soft nproc 127093\n* hard nproc 127093\n" >>/etc/security/limits.conf
cp /etc/security/limits.d/20-nproc.conf /etc/security/limits.d/20-nproc.conf.`date +"%F_%H-%M-%S"`
echo "* soft nproc 127098" >>/etc/security/limits.d/20-nproc.conf
echo "* hard nproc 204800" >>/etc/security/limits.d/20-nproc.conf
ulimit -n
# 优化sshd
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak.`date +"%F_%H-%M-%S"`
sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g' /etc/ssh/sshd_config
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config
sed -i "s/#Port 22/Port 10022/" /etc/ssh/sshd_config
sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config
sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/" /etc/ssh/sshd_config
systemctl restart sshd.service
egrep -v "^$|^#" /etc/ssh/sshd_config |egrep "PermitRootLogin|Port|UseDNS|PubkeyAuthentication"
# 优化sysctl
mv /etc/sysctl.conf /etc/sysctl.conf.`date +"%F_%H-%M-%S"`
cat << EOF > /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 0
net.core.wmem_max = 327679
net.core.rmem_max = 327679
net.core.wmem_default = 327679
net.core.rmem_default = 327679
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 65536
net.core.somaxconn = 32768
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
#vm.overcommit_memory = 1 for redis
vm.swappiness = 0
EOF
sysctl -p
# 关闭ipv6
echo "NETWORKING_IPV6=no" >> /etc/sysconfig/network
sed -i "s/IPV6INIT=yes/IPV6INIT=no/" /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i "s/IPV6INIT=yes/IPV6INIT=no/" /etc/sysconfig/network-scripts/ifcfg-eth1
systemctl disable ip6tables
echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf
sysctl -p
# 优化完成,重启服务器
reboot
超级管理员root登录后,查看历史记录内容
普通用户hooper登录后,查看历史记录内容
