env configuration file
/.bash_profile: User executes each login /.bashrc: Executed every time you enter a new Bash environment /.bash_logout: executed every time the user logs out
Seymail Mail Configuration
yum install sendmail -y
cat >>/etc/mail.rc<<EOF
set from=xxx@tt.com
set smtp=smtp.exmail.qq.com
set smtp-auth-user=xxx@tt.com
set smtp-auth-password=123456
set smtp-auth=login
EOF
source /etc/mail.rc
- Send news
echo "test"| mail -s "Mail title" iher@foxmail.com
- Issue document
mail -s "Mail title" iher@foxmail.com < /etc/passwd
- Hair accessories
mail -s "Mail title" -a /var/log/messages iher@Foxmail.com < /etc/passwd
- Mail related catalogues
C6 postfix /var/spool/postfix/maildrop
C5 sedmail /var/spool/clientmqueue
Note: CentOS 6.5 does not automatically install sendmail, so there is no need to take this step to optimize
- Write scripts to clean mailboxes automatically
mkdir -p /server/scripts
cat /root/shell/spool_clean.sh
#!/bin/sh
find/var/spool/clientmqueue/-type f -mtime +30|xargs rm-f
echo '*/30 * * * * /bin/sh /server/scripts/spool_clean.sh >/dev/null 2>&1'>>/var/spool/cron/root
locale Character Set - Interview
- Check all locally supported character sets
# locale -a
- Look up the character set currently in use
locale #Called / etc/sysconfig/i18n
- System default character set:
export LANG='zh_CN.UTF-8'
Monitoring network card real-time traffic
- Monitoring Network Card Traffic History Flow
yum install sysstat
sar -n DEV 1 5 #1s Monitor1second,CO monitoring5second.
sar -n DEV (-n network)
watch more /proc/net/dev
find killed more than 10 days
- mtime 10 days and 10 days
find . -mtime +10 -exec rm -rf {} \;
find . -mtime +10|xargs rm -f
Testing udp Ports - Interview
$ nc -vuz 192.168.6.6 53
Connection to 192.168.6.6 53 port [udp/domain] succeeded!
In practice, we can only use the - u parameter, - u for udp protocol, - v for detailed mode, and - z for monitoring ports without sending data.
Using nc+tar to transfer files
- client sends console to server interactively
nc -l -u 8021 --server #You can configure tcpdump-i eth0 port 8021-nnv grab package
nc -u 192.168.6.52 8021 --client #Interactive messaging
- client sends files to console
server: nc -l -u 8021
client: nc -u 192.168.6.52 8021 < /etc/hosts
- tar+nc file transfer
server: tar -cf - /home/database | nc -l 5677 #Will / home/database file
client: nc 192.168.6.52 5677 | tar -xf - #Current directory passed to client
Generate a password:
openssl rand -hex 8
$mkpasswd -l 16 -s 2
3Hte^bd-pkylSbf7
echo "ansible"|passwd --stdin ansible #centos7 Change User Password
fstab mount
- fstab mounts hard disk
cat /etc/fstab Backup check of fs type parameters of mounting point for equipment to be mounted /dev/mapper/centos-data /data xfs defaults 0 0
- nfs mount (centos7 puts fstab)
192.168.8.68:/data/backup/no75/confluence/data /data/confluence/ nfs defaults 0 0
- nfs mount (centos6 in / etc/rc.local)
/usr/bin/mount -t nfs 192.168.8.68:/data/owncloud /data/owncloud-192.168.8.68
- nfs server settings:
/data/backup/no75/confluence/data 192.168.8.0/24(rw,sync,no_root_squash)
- (Disk Expansion) Does full tmpfs space affect service usage?
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 32G 1.3G 29G 5% /
tmpfs 16G 16G 0 100% /dev/shm
mount -o remount,size=18G /dev/shm
- Read-only mount
Mount the file system and make it writeable
mount -uw /
Make the filesystem read only again.
mount -ur /
Summary of date command
- Date of the previous day
date +%Y-%m-%d~%H-%M-%S -d "-1 day"
date "+%Y-%m-%d %H-%M-%S" -d "-1 day"
- Compressed band date
tar zcvf etc_$(date +%F -d "-1 day").tar.gz /etc/
System time optimization
- Time zone calibration
rm -rf /etc/localtime && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && ntpdate ntp1.aliyun.com
- Setting synchronization time
/user/sbin/ntpdate ntp1.aliyun.com
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2 >&1' >>/var/spool/cron/root
- Manual modification time
date -s "2016/06/11 22:50"
Filter card ip
ifconfig eth0|grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}"|sed -n '1p'
ifconfig|sed -n '2p'|sed -r 's#^.*addr:(.*) Bcast.*$#\1#g'
ifconfig|sed -n '2p'|awk -F':' '{print $2}'|awk '{print $1}'
Return Erase ^ H
echo "stty erase ^H" >>/root/.bash_profile
source /root/.bash_profile
centos7 installs nslookup ifconfig
How to install dig, host, and nslookup – bind-utils on CentOS:
yum install bind-utils -y [c6 Use nslookup]
yum install net-tools -y [c7 Use ifconfig]
selinux optimization
setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
getenforce
/etc/init.d/iptables stop
File descriptor optimization
ulimit -SHn 65535
echo '* - nofile 65536' >>/etc/security/limits.conf
echo "* soft nproc 65535" >>/etc/security/limits.conf
echo "* hard nproc 65535" >>/etc/security/limits.conf
echo "* soft nofile 65535" >>/etc/security/limits.conf
echo "* hard nofile 65535" >>/etc/security/limits.conf
Clear system version banner
> /etc/issuse
>/etc/redhat-release
Added ordinary users and sudo authorization management
$ useradd sunsky
$ echo "123456"|passwd --stdin sunsky&&history –c
$ visudo # 99gg
//At root ALL=(ALL) ALL #Under this line, add the following
sunsky ALL=(ALL) ALL
lanny ALL=(ALL) ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom #Only allow him to execute these orders
ssh slow optimization
\cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori
sed -i 's#\#UseDNS yes#UseDNS no#g' /etc/ssh/sshd_config
sed -i 's#GSSAPIAuthentication yes#GSSAPIAuthentication no#g' /etc/ssh/sshd_config
/etc/init.d/sshd restart
Port 22345
PermitRootLogin no
PermitEmptyPasswords no
UseDNS no
ListenAddress 192.168.138.24
GSSAPIAuthentication no
crt setting timeout
export TMOUT=10
echo "export TMOUT=10" >>/etc/profile
source /etc/profile
vim installation optimization
yum -y install vim-enhanced
cat >>/etc/vimrc<<a
set nu
set cursorline
set nobackup
set ruler
set autoindent
set vb t_vb=
set ts=4
set expandtab
a
. /etc/vimrc
rsync installation configuration
- rsync server configuration (rpm-qa | grep rsync):
cat /usr/local/rsync/rsync.conf
uid = root
gid = root
use chroot = no
max connections = 10
strict modes = yes
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
[web]
path = /code/pp100web/target/ROOT
comment = web file
ignore errors
read only = no
write only = no
hosts allow = 192.168.14.132
list = false
uid = root
gid = root
auth users = webuser
secrets file = /usr/local/rsync/rsync.passwd
- Restart rsync
kill -HUP `cat /var/run/rsyncd.pid`
/usr/bin/rsync --daemon --config=/usr/local/rsync/rsync.conf
ps -ef|grep rsync
- Configuring clients that allow synchronization
vim /usr/local/rsync/rsync.conf
hosts allow = 192.168.14.132,192.168.14.133
Note: The password file is unified 600, and the owner is who the ordinary user is.
java environment variables (with tomcat)
export JAVA_HOME=/usr/local/jdk
export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH
export CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar
export TOMCAT_HOME=/usr/local/tomcat
export CATALINA_BASE="/data/tomcat"
export PATH=/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/jdk1.7.0_45/bin:/root/bin:/usr/local/jdk1.7.0_45/bin:/root/bin
Source Change-Installation of Common Software
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum clean all
yum makecache
yum install lrzsz ntpdate sysstat dos2unix wget telnet tree -y
Add Timing Tasks
crontab -l
*/5 * * * * /usr/sbin/ntpdate times.windows.com >/dev/null 2>&1
Optimizing backspace key
stty erase "^H" #Added to / etc/profile
Optimize history:
export HISTTIMEFORMAT="%F %T `whoami` "
echo "export HISTTIMEFORMAT="%F %T `whoami` "" >> /etc/profile
Optimizing message: format
export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}'
Filter LOG
cat /etc/salt/master |grep -v "#" | sed '/^$/d'
grep -nir
-i Case insensitive
-n set number
-r find directory, grep -r 'xx' .
kill services
/usr/bin/killall -HUP syslogd
/bin/kill -USR1 $(cat /var/run/nginx.pid 2>/dev/null) 2>/dev/null || :
Prohibit ping
echo "net.ipv4.icmp_echo_ignore_all=1">>/etc/sysctl.conf
tail -1 /etc/sysctl.conf
sysctl -p
echo 1 > /proc/sys/net/ipv4/ip_forward #This benefits tab
sysctl -w net.ipv4.ip_forward=1 #It doesn't seem to be in / etc/sysctl.conf
sed adds a line before or after a line
sed -i 'N;4addpdf' a.txt
sed -i 'N;4ieepdf' a.txt
sed -i 'N;4a44444444444444444444444444testt' 1.logAdd a line after the fourth line
http://www.361way.com/sed-process-lines/2263.html
Close bell: [need reboot]
sed -i 's#^\#set bell-style none#set bell-style none#g' /etc/inputrc
echo "modprobe -r pcspkr" > /etc/modprobe.d/blacklist
Turn off ctrl+alt+delete
\cp /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf.bak
sed -i 's#exec /sbin/shutdown -r now "Control-Alt-Deletepressed"#\#exec /sbin/shutdown -r now "Control-Alt-Deletepressed"#g'
yum groupinstall base -y
yum groupinstall core -y
yum groupinstall development libs -y
yum groupinstall development tools -y
echo highlight
echo -e "\033[32m crontab has been added successfully \033[0m"
nfs installation configuration
- Server-Client
yum install nfs-utils rpcbind -y
- Server:
/etc/init.d/rpcbind start
ps -ef |grep rpc
/etc/init.d/rpcbind status
rpcinfo -p localhost
- Server Configuration Shared Directory
echo "/data 10.0.0.0/24(rw,sync,no_root_squash)" >> /etc/exports
chkconfig rpcbind on
chkconfig nfs on
- Client mount
/etc/init.d/rpcbind start
chkconfig rpcbind on
showmount -e 10.1.1.10
mount -t nfs 10.1.1.10:data /mnt
//Write / etc/rc.localin
nginx compilation and installation
- 1. Installation Dependence
yum install pcre pcre-devel openssl openssl-devel –y
- 2. Add nginx users
useradd -s /sbin/nologin -M nginx
- 3. Compile and Install
./configure --user=nginx --group=nginx --prefix=/usr/local/nginx-1.6.2 --with-http_stub_status_module --with-http_ssl_module
make && make install
echo $?
ln -s /usr/local/nginx-1.6.2 /usr/local/nginx
- 4. Check nginx.conf grammar
/usr/local/sbin/nginx # - t Check configuration file syntax
/usr/local/nginx/sbin/nginx # start-up
- 5. Add nginx service to PATH
echo PATH=/application/nginx/sbin/:$PATH >> /etc/profile
source /etc/profile
netstat -ntulp |grep nginx
lsof -i:80
curl 192.168.14.151
nginx -s stop
nginx -s reload
- 7.nginx anti-configuration nignx.conf
worker_processes auto;
events {
multi_accept on;
use epoll;
worker_connections 51200;
}
error_log stderr notice;
worker_rlimit_nofile 65535;
http {
include mime.types;
default_type application/octet-stream;
server_info off;
server_tag off;
server_tokens off;
server_name_in_redirect off;
client_max_body_size 20m;
client_header_buffer_size 16k;
large_client_header_buffers 4 16k;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_tokens on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_proxied any;
gzip_http_version 1.1;
gzip_comp_level 3;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
upstream owncloud {
server 127.0.0.1:8000;
}
upstream confluence {
server 127.0.0.1:8090;
}
server {
listen 80;
server_name owncloud.maotai.org;
location / {
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;
proxy_pass http://owncloud;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name confluence.maotai.org;
location / {
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;
proxy_pass http://confluence;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name status-no189.maotai.org;
location /nginx_status {
stub_status on;
access_log off;
}
}
}
logrotate nginx log cutting
cat > /etc/logrotate.d/nginx
/usr/local/nginx/logs/*.log {
daily
missingok
rotate 7
dateext
compress
delaycompress
notifempty
sharedscripts
postrotate
if [ -f /usr/local/nginx/logs/nginx.pid ]; then
kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`
fi
endscript
}
Network card configuration
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.6.28
NETMASK=255.255.255.0
GATEWAY=192.168.6.1
Modify the console prompt
- Ubuntu promote
export PS1="\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\$"
- centos promotion
export PS1="[\u@\h \W]\$"
yum installation lamp
- yum installs lamp:
yum install -y httpd php php-cli php-common php-pdo php-gd
yum install -y httpd php php-cli php-common php-pdo php-gd mysql mysql-server php-mysql
yum install -y httpd php php-ldap php-gd
- php configuration:
vim /etc/php.ini
729 post_max_size = 16M
946 date.timezone = PRC #(People's Republic of China)
Create user scripts in batches
cat adduser.sh
#!/bin/bash
# Add system user
for ldap in {1..5};do
if id user${ldap} &> /dev/null;then
echo "System account already exists"
else
adduser user${ldap}
echo user${ldap} | passwd --stdin user${ldap} &> /dev/null
echo "user${ldap} system add finish"
fi
done
# chmod +x adduser.sh
# ./adduser.sh
# id user1
uid=502(user1) gid=502(user1) groups=502(user1)
useradd test -u 6000 -g 6000 -s /sbin/nologin -M -d /dev/null
The difference between [shell] and @
- There is no difference between and @ alone.
- The difference between "and @" is as follows.
[root@node1 ~]# cat test.sh
#!/bin/sh
for i in "$*";do
echo $i
done
[root@node1 ~]# sh test.sh 1 2 3 4
1 2 3 4
[root@node1 ~]# cat test.sh
#!/bin/sh
for i in "$@";do
echo $i
done
[root@node1 ~]# sh test.sh 1 2 3 4 5
1
2
3
4
5
[shell] linux exec and redirection
[shell] Variables of shell learning
[shell] definition list
Use parentheses to assign values to arrays
a= (123) Note: Default spaces are separatedAssignment for array b - Method 1
$ b=(bbs www http ftp)
$ echo ${b[*]}
bbs www http ftp
- Print out the first and third data items
$ echo ${b[0]};echo '*******';echo ${b[2]}
bbs
*******
http
Note: Remember that parentheses, not braces
- Assignment for array b - Method 2
name=(
alice
bob
cristin
danny
)
for i in "${!name[@]}";do
echo ${name[$i]}
done
- Get the number of array elements - Method 1
length=${#array_name[@]}
- Getting the Number of Array Elements - Method 2
length=${#array_name[*]}
- Gets the length of a single element in an array
lengthn=${#array_name[n]}
Summary of optimization:
Clean Up: Clean up logs regularly / var / spool / client squeue
1. Streamlining boot-up service
Increase: Increase file descriptors
Two advantages: linux kernel parameter optimization and yum source optimization
Four settings: setting the character set of the system, setting the ssh login restriction, setting the boot prompt information and the kernel information, setting the size of the block
Seven others: file system optimization, sync data synchronization writing to disk, not updating timestamps, locking system key files, time synchronization, sudo centralized management, shutting down firewalls and selinux
centos one-click optimization script:
- Details:
- Optimization measures of linux production server about network state
- linux Timing Task Crond Timing Task Optimization System Case 15
- One-click script:
- Relatively simple:
- More sound:
There are 18 optimizations for centos 6.5 in this paper:
- 1. centos6.5 Minimize the Start-up of Network Card after Installation
- 2. ifconfig queries IP for SSH links
- 3. Update System Source and Upgrade System
- 4. System Time Update and Timing
- 5. Modify ip address, gateway, host name, DNS
- 6. Close selinux and empty iptables
- 7. Create common users and manage sudo authorization
- 8. Modify SSH port number and shield root account remote login
- 9. Lock key file systems (prohibit unauthorized users from gaining privileges)
- 10. Streamlining boot-up self-startup service
- 11. Adjust the size of system file descriptors
- 12. Setting up System Character Set
- 13. System and Kernel Version Displayed when Cleaning up Logon
- 14. Kernel parameter optimization
- 15. Regular Cleaning/var/spool/client mqueue
- 16. Delete unnecessary system users and groups
- 17. Turn off the restart ctl-alt-delete key combination
- 18. Setting some global variables
Optimize the kernel:
\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
sysctl -p
Note: The following parameters are the optimization of the iptables firewall of CentOS 6.x. If the firewall does not have prompts, it can be ignored.
If centos5.X requires, replace netfilter.nf_conntrack with ipv4.netfilter.ip
centos5.X is net.ipv4.ip_conntrack_max = 25000000
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120