根據這篇博文的優化介紹：http://lizhenliang.blog.51cto.com/7876557/1349879

簡單寫了一鍵執行腳本，對批量部署很有幫助，腳本內容執行順序如下：

1、關閉Selinux

2、清空防火墻并設置基本規則

3、添加user用戶并進行Sudo授權管理（根據需求添加自己的用戶）

4、禁用Root遠程登錄

5、禁用不使用的自啟動服務

6、刪除不使用的系統用戶

7、關閉重啟組合鍵（ctl-alt-delete）

8、調整文件描述符大小

9、修改系統顯示信息

10、修改歷史記錄

11、同步系統時間

12、內核參數優化

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108

[root@localhost?~]#?vi?optimizing.sh #!/bin/bash cat?<<?EOF +---------------------------------------+ |??????Start?Optimize?......????????????| +---------------------------------------+ EOF ##########?Shut?selinux?########## sed?-i?"s/SELINUX=enforcing/SELINUX=disabled/g"?/etc/selinux/config echo?"Shut?selinux.????????????????????????????[?OK?]" ##########?Set?firewall?########## /sbin/iptables?-F /sbin/iptables?-I?INPUT?-m?state?--state?RELATED,ESTABLISHED?-j?ACCEPT /sbin/iptables?-A?INPUT?-p?tcp?--dport?80?-j?ACCEPT /sbin/iptables?-A?INPUT?-p?tcp?--dport?22?-j?ACCEPT /sbin/iptables?-A?INPUT?-p?tcp?--dport?53?-j?ACCEPT /sbin/iptables?-A?INPUT?-p?udp?--dport?53?-j?ACCEPT /sbin/iptables?-A?INPUT?-p?udp?--dport?123?-j?ACCEPT /sbin/iptables?-A?INPUT?-p?icmp?-j?ACCEPT /sbin/iptables?-P?INPUT?DROP /etc/init.d/iptables?save?>?/dev/null?2>&1 echo?"Set?firewall.????????????????????????????[?OK?]" ##########?Auth?and?add?user?########## /usr/sbin/useradd?user?>?/dev/null?2>&1?#添加user用戶并設置密碼123.com if?[[?$??-eq?0?]];then echo?"123.com"?|?passwd?--stdin?user?>?/dev/null?2>&1 sed?-i?"99?s/^/user????ALL=(ALL)???????ALL/"?/etc/sudoers echo?"Auth?and?add?user.???????????????????????[?OK?]" else echo?"User?already?exist!????????????????[Fail]" fi ##########?Shut?root?login?########## sed?-i?"s/#PermitRootLogin?yes/PermitRootLogin?no/g"?/etc/ssh/sshd_config sed?-i?"s/#PermitEmptyPasswords?no/PermitEmptyPasswords?no/g"?/etc/ssh/sshd_config sed?-i?"s/#UseDNS?yes/UseDNS?no/g"?/etc/ssh/sshd_config echo?"Shut?root?login.?????????????????????????[?OK?]" ##########?Forbidden?not?use?service?########## /sbin/chkconfig?auditd?off /sbin/chkconfig?blk-availability?off /sbin/chkconfig?ip6tables?off /sbin/chkconfig?lvm2-monitor?off /sbin/chkconfig?netfs?off /sbin/chkconfig?udev-post?off echo?"Forbidden?not?use?service.???????????????[?OK?]" ##########?Delete?not?use?user?########## /usr/sbin/userdel?adm?>?/dev/null?2>&1 /usr/sbin/userdel?lp?>?/dev/null?2>&1 /usr/sbin/userdel?shutdown?>?/dev/null?2>&1 /usr/sbin/userdel?halt?>?/dev/null?2>&1 /usr/sbin/userdel?uucp?>?/dev/null?2>&1 /usr/sbin/userdel?operator?>?/dev/null?2>&1 /usr/sbin/userdel?games?>?/dev/null?2>&1 /usr/sbin/userdel?gopher?>?/dev/null?2>&1 if?[[?$??-eq?0?]];then echo?"Delete?not?use?service.??????????????????[?OK?]" else echo?"Not?use?user?already?deleted!??????????[Fail]" fi ##########?Shut?reboot?combination?key?########## sed?-i?'s#exec?/sbin/shutdown?-r?now#\#exec?/sbin/shutdown?-r?now#'?/etc/init/control-alt-delete.conf echo?"Shut?reboot?combination?key.???????????????[?OK?]" ##########?Modify?file?descriptor?size?########## echo?"*????????????????soft????nofile?????????102400"?>>?/etc/security/limits.conf echo?"*????????????????hard????nofile?????????102400"?>>?/etc/security/limits.conf echo?"Modify?file?descriptor?size.?????????????[?OK?]" ##########?Modify?system?show?message?########## echo?"Welcome?to?Server."?>/etc/issue echo?"Welcome?to?Server."?>/etc/redhat-release echo?"Modify?system?show?message.??????????????[?OK?]" ##########?Modify?history?########## sed?-i?"s/HISTSIZE=1000/HISTSIZE=10/g"?/etc/profile source?/etc/profile echo?"Modify?history.??????????????????????????[?OK?]" ##########?Sync?timezone?########## yum?install?ntp?-y?>?/dev/null?2>&1 cp?-rf?/usr/share/zoneinfo/Asia/Shanghai?/etc/localtime /usr/sbin/ntpdate?cn.pool.ntp.org?>?/dev/null?2>&1 /sbin/hwclock?-w echo?"0?*?*?*?*?/usr/sbin/ntpdate?cn.pool.ntp.org?;?hwclock?-w"?>>?/etc/crontab echo?"Sync?timezone.?????????????????????[?OK?]" ##########?Kernel?optimize?########## cat?>>?/etc/sysctl.conf?<<?EOF net.ipv4.tcp_fin_timeout?=?2?????? net.ipv4.tcp_syncookies?=?1??????? net.ipv4.tcp_tw_reuse?=?1??????? net.ipv4.tcp_tw_recycle?=?1??????? net.ipv4.ip_local_port_range?=?4096?65000 net.ipv4.tcp_max_tw_buckets?=?5000 net.ipv4.tcp_max_syn_backlog?=?4096 net.core.netdev_max_backlog?=??10240 net.core.somaxconn?=?2048????????? net.core.wmem_default?=?4096000??? net.core.rmem_default?=?4096000??? net.core.rmem_max?=?4096000??????? net.core.wmem_max?=?4096000??????? net.ipv4.tcp_synack_retries?=?2??? net.ipv4.tcp_syn_retries?=?2?????? net.ipv4.tcp_tw_recycle?=?1??????? net.ipv4.tcp_max_orphans?=?3276800 net.ipv4.tcp_mem?=?94500000?915000000?927000000 EOF echo?"Kernel?optimize.?????????????????????????[?OK?]" cat?<<?EOF +---------------------------------------+ |??????Optimize?the?end?......??????????| |??????Please?reboot?your?system?!??????| +---------------------------------------+ EOF

本文轉自 李振良OK 51CTO博客，原文鏈接：http://blog.51cto.com/lizhenliang/1349879，如需轉載請自行聯系原作者

《新程序員》：云原生和全面數字化實踐50位技術專家共同創作，文字、視頻、音頻交互閱讀

總結

以上是生活随笔為你收集整理的CenOS6.5安全加固及性能优化（脚本）的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。