Linux必备优化
1.关闭selinux
kylin系统#临时关闭
setenforce 0 #永久关闭
[root@web04 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config#检查 显示 Disabled 就是关闭的
[root@web04 ~]# grep disabled /etc/selinux/config
SELINUX=disabled
[root@web04 ~]# getenforce
Disabled
Ubuntu系统#在Ubuntu系统中,SELinux(Security-Enhanced Linux)实际上是默认不启用的,Ubuntu使用的是AppArmor,这是另一种Linux内核安全模块,它提供了类似于SELinux的强制访问控制(MAC)#使用下面命令检查一下就可以了
root@ceph143:~# getenforce
Disabled
2.关闭防火墙
kylin系统#关闭防火墙
[root@web04 ~]# systemctl stop firewalld #关闭防火墙的开机自启动
[root@web04 ~]# systemctl disable firewalld#检查是否关闭
[root@web04 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: inactive (dead)Docs: man:firewalld(1)
[root@web04 ~]#
Ubuntu系统#关闭防火墙
root@ceph143:~# systemctl stop ufw#关闭防火墙的开机自启动
root@ceph143:~# systemctl disable ufw
Synchronizing state of ufw.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ufw#检查是否关闭
root@ceph143:~# systemctl status ufw
○ ufw.service - Uncomplicated firewallLoaded: loaded (/lib/systemd/system/ufw.service; disabled; vendor preset: enabled)Active: inactive (dead)Docs: man:ufw(8)
3.(yum/apt)源修改与安装常用工具
kylin系统#增加epel源 将阿里云的 EPEL仓库配置文件下载到你的系统中,EPEL 仓库提供了许多额外的软件包
curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo#安装麒麟常用软件
yum install -y vim tree wget bash-completion lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs expect ntpdate
Ubuntu系统#复制并注释原有的源文件
cp /etc/apt/sources.list{,.bak}#配置 aliyun 源
cat >/etc/apt/sources.list<<EOFdeb https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiversedeb https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiversedeb https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse# deb https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiversedeb https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
EOF#重新加载
apt update#安装工具
apt install -y tree vim telnet lrzsz nmap ncat ntpdate
CentOS系统#配置base源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
#增加epel源
curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
#安装常用工具
yum install -y vim tree wget bash-completion bash-completion-extras lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs expect ntpdate
yum install -y sl cowsay
4.ssh远程连接加速
关闭ssh远程连接反向解析功能,加速ssh远程连接
修改ssh服务端配置文件
#1.注释掉已有的配置
sed -i '/^GSSAPIAuthentication/s@^@#@g' /etc/ssh/sshd_config
#2.关闭对应功能
cat >>/etc/ssh/sshd_config<<EOF
UseDNS no
GSSAPIAuthentication no
EOF
#3.重启sshd
systemctl restart sshd
#4.检查
egrep '^(PermitRootLogin|GSSAPIAuthentication|UseDNS)' /etc/ssh/sshd_config结果有2个no即可.
Ubuntu配置(默认是普通用户oldboy登陆,配置允许root远程登陆)PermitRootLogin yes修改ssh服务端配置文件
#1.注释掉已有的配置
sed -i '/^GSSAPIAuthentication/s@^@#@g' /etc/ssh/sshd_config
#2.关闭对应功能
cat >>/etc/ssh/sshd_config<<EOF
UseDNS no
GSSAPIAuthentication no
PermitRootLogin yes
EOF
#3.重启sshd
systemctl restart sshd
#4.检查
root@ceph143:~# egrep '^(PermitRootLogin|GSSAPIAuthentication|UseDNS)' /etc/ssh/sshd_config
UseDNS no
GSSAPIAuthentication no
PermitRootLogin yes
5.时间同步与修改时区
#在 root 用户的 crontab 文件中添加定时任务,每3分钟同步一次时间,使用阿里云的 NTP 服务器 ntp.aliyun.com
cat >/var/spool/cron/root<<EOF
#1. sync time by xueboli at 20230101
*/3 * * * * /sbin/ntpdate ntp.aliyun.com >/dev/null 2>&1
EOF#使用命令修改
timedatectl set-timezone Asia/Shanghai
或
#修改软链接
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime#查看
date -R 或 ll /etc/localtime[root@master231 ~]# date -R
Mon, 09 Sep 2024 14:58:34 +0800
[root@master231 ~]#
[root@master231 ~]# ll /etc/localtime
lrwxrwxrwx 1 root root 33 Aug 30 15:27 /etc/localtime -> /usr/share/zoneinfo/Asia/Shanghai
[root@master231 ~]#
6.修改主机名和IP的脚本
vim /server/scripts/change.sh#!/bin/bash
#author: xueboli
#desc: change ip and hostname
#version: v7.0 final
eth0_name=ens33
eth1_name=ens34
eth0=/etc/sysconfig/network-scripts/ifcfg-$eth0_name
eth1=/etc/sysconfig/network-scripts/ifcfg-$eth1_name#1.脚本参数个数
if [ $# -ne 2 ] ;thenecho "请输入2个参数"exit 1
fi#2.模板机ip地址(最后1位)
ip=`hostname -I |awk '{print $1}'|sed 's#.*\.##g'`
#3.新的ip
ip_new=`echo $2 |sed 's#^.*\.##g'`
#4.新的主机名
hostname=$1#5.修改ip
if [ -f $eth0 ];thensed -i "s#10.0.0.$ip#10.0.0.$ip_new#g" $eth0
elseecho "eth0网卡不存在,修改失败"
fiif [ -f $eth1 ];thensed -i "s#172.16.1.$ip#172.16.1.$ip_new#g" $eth1
elseecho "eth1网卡不存在,修改失败"
fi
#重启网卡
ifdown $eth0_name && ifup $eth0_name
ifdown $eth1_name && ifup $eth1_name#6.修改主机名
hostnamectl set-hostname $hostname
思路
sh /server/scripts/change.sh 主机名 ip地址
sh /server/scripts/change.sh web01 10.0.0.7 #1.修改主机名
hostnamectl set-hostname $1
主机名修改为web01#2.修改ip地址
1)取出目标ip的最后1位
2)替换 eth0 eth1网卡配置文件内容 210-->最后1位(7)
10.0.0.210 --> 10.0.0.7
172.16.1.210 --> 172.16.1.7
3)重启网卡ip地址eth0: 10.0.0.7
ip地址eth1: 172.16.1.7
Ubuntu 手动修改sudo su - root用户
cat /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:ethernets:ens33:addresses:- 10.0.0.211/24 #IP地址 ens33nameservers:addresses:- 223.5.5.5- 223.6.6.6search: []routes:- to: defaultvia: 10.0.0.2ens34:addresses:- 172.16.1.211/24 #IP地址 ens34nameservers:addresses: []search: []version: 2netplan apply #配置文件生效.
7.配置命令行颜色
PS1
编辑/etc/profile 或 ~/.bashrc ,写入到文件末尾export PS1='[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\]\[\e[31;1m\] \w\[\e[0m\]]\$ '
8.配置别名
#过滤的内容会有颜色
cat >>/etc/profile<<EOF
alias grep='grep --color=auto'
alias egrep='egrep --color=auto'
EOF# rm别名
#1.写入别名到/etc/profile中
alias rm='echo 请谨慎使用 rm 命令'
9.debian ubantu默认编辑器不是vim
vim /etc/sudoers
在env_reset这行上面写上,
Defaults editor=/usr/bin/vim
Defaults env_reset
visudo的时候默认使用的是nano编辑器