Centos7.2安装后的简单调整

34yhtee

  Centos7安装完成后做简单调整

1.安装必备的组件
yum install wget perl perl-devel net-tools kernel-devel （telnet可选性，我决定在其中一台安装就可以，我平时主要用于调试交换机）

2.安装开发工具
yum groupinstall 'Development tools' -y

3.安装epel和remi第三方软件源
yum install epel-release.noarch
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm 也可以选择阿里http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm

3.1启用remi安装源，编辑remi.repo文件
vim /etc/yum.repos.d/remi.repo
[remi]
enabled=0 第段0修改成1

4.关闭firewall防火墙
systemctl stop firewalld.service    关闭防火墙
systemctl disable firewall.service    禁用开机自启动
systemctl mask firewall.service    屏蔽这个服务

5.1检查是否安装iptables
service iptables status
5.2安装iptables
yum install -y iptables
5.3升级iptables
yum update iptables
5.4安装iptables-service |systemctl start iptables.service|systemctl enable iptables.service
yum install iptables-service
5.5为了防止表中有拒绝的链先允许所有，避免不必要的悲剧。
iptables -P INPUT ACCEPT
5.6清楚默认规则
iptables -F
5.7清楚所有自定义规则
iptables -X
5.8所有计数归0
iptables -Z

6.关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0

7.设置主机名和网络配置（环境是双网卡内外网）
hostnamectl --static set-hostname centos7
[iyunv@localhost ~]# more /etc/sysconfig/network-scripts/ifcfg-em1
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=em1
UUID=fe86080f-5f70-4c56-bd75-8604bc323958
DEVICE=em1
ONBOOT=no
以上是centos7安装完成后的默认配置但是很多用不到精简一下

DEVICE=eth1
ONBOOT=yes
PEERDNS=yes
BOOTPROTO=static
IPADDR=139.196.235.201
NETMASK=255.255.252.0
GATEWAY=139.196.235.1
DNS1=223.5.5.5
DNS2=223.6.6.6

7.1修改主机名
more /etc/sysconfig/network 默认是空

PEERNTP=no
NETWORKING_IPV6=no
#GATEWAY=139.196.235.1 这里我把网关写到了网卡配置文件
HOSTNAME=centos7

7.2使用7中设置主机名默认是添加到/etc/hostname内存中没有写入磁盘需要手动添加/etc/hosts中
127.0.0.1   centos7  localhost
172.16.20.10 centos7 #这是内网ip如同上述步骤

8.优化sysctl.conf禁用ipv6
[iyunv@localhost ~]# cat >>/etc/sysctl.conf <<EOP
> vm.swappiness = 0
> net.ipv4.neigh.default.gc_stale_time=120
> net.ipv4.conf.all.rp_filter=0
> net.ipv4.conf.default.rp_filter=0
> net.ipv4.conf.default.arp_announce = 2
> net.ipv4.conf.all.arp_announce=2
> net.ipv4.tcp_max_tw_buckets = 5000
> net.ipv4.tcp_syncookies = 1
> net.ipv4.tcp_max_syn_backlog = 1024
> net.ipv4.tcp_synack_retries = 2
> net.ipv6.conf.all.disable_ipv6 = 1
> net.ipv6.conf.default.disable_ipv6 = 1
> net.ipv6.conf.lo.disable_ipv6 = 1
> net.ipv4.conf.lo.arp_announce=2
> fs.file-max=65535
> fs.inotify.max_user_instances = 8192
> net.ipv4.tcp_fin_timeout = 30
> net.ipv4.tcp_tw_reuse = 1
> net.ipv4.tcp_tw_recycle = 1
> net.ipv4.ip_local_port_range = 1024 65000
> net.ipv4.tcp_max_syn_backlog = 65536
> net.ipv4.tcp_max_tw_buckets = 6000
> net.ipv4.route.gc_timeout = 100
> net.ipv4.tcp_syn_retries = 1
> net.ipv4.tcp_synack_retries = 1
> net.core.somaxconn = 65535
> net.core.netdev_max_backlog = 262144
> net.ipv4.tcp_timestamps = 0
> net.ipv4.tcp_max_orphans = 262144
> net.netfilter.nf_conntrack_max = 1048576
> net.netfilter.nf_conntrack_tcp_timeout_established = 1200
> EOP

9.修改limit限制
cat >> /etc/security/limits.conf <<EOF
# End of file
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF

sed -i 's/4096/unlimited/g' /etc/security/limits.d/20-nproc.conf 这个地方可以修改成unlimited也可以修改成数字，还可以直接删除这个文件保险起见还是修改吧

注意：在修改配置文件时候一定要先备份，养成良好的习惯