75 lines
2.1 KiB
Bash
75 lines
2.1 KiB
Bash
#!/bin/bash
|
|
|
|
# Checking
|
|
echo "Checking..."
|
|
if [ -n "`grep 'Aliyun Linux release' /etc/issue`" -o -e /etc/redhat-release ];then
|
|
OS=CentOS
|
|
[ -n "`grep ' 7\.' /etc/redhat-release`" ] && CentOS_RHEL_version=7
|
|
fi
|
|
|
|
if [ "$OS" != 'CentOS' ] || [ "$CentOS_RHEL_version" != '7' ];then
|
|
echo "${CFAILURE}Error: This script only support CentOS 7${CEND}";
|
|
kill -9 $$
|
|
fi
|
|
|
|
# Close SELINUX
|
|
setenforce 0
|
|
sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config
|
|
|
|
# /etc/security/limits.conf
|
|
[ -e /etc/security/limits.d/*nproc.conf ] && rename nproc.conf nproc.conf_bk /etc/security/limits.d/*nproc.conf
|
|
sed -i '/^# End of file/,$d' /etc/security/limits.conf
|
|
cat >> /etc/security/limits.conf <<EOF
|
|
# End of file
|
|
* soft nproc 65535
|
|
* hard nproc 65535
|
|
* soft nofile 65535
|
|
* hard nofile 65535
|
|
EOF
|
|
|
|
# Set timezone
|
|
rm -rf /etc/localtime
|
|
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
|
|
|
|
# /etc/sysctl.conf
|
|
sed -i 's/net.ipv4.tcp_syncookies.*$/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf
|
|
[ -z "`grep 'fs.file-max' /etc/sysctl.conf`" ] && cat >> /etc/sysctl.conf << EOF
|
|
fs.file-max = 65535
|
|
net.ipv4.tcp_fin_timeout = 30
|
|
net.ipv4.tcp_tw_reuse = 1
|
|
net.ipv4.tcp_tw_recycle = 0
|
|
net.ipv4.ip_local_port_range = 1024 65000
|
|
net.ipv4.tcp_max_syn_backlog = 65536
|
|
net.ipv4.tcp_max_tw_buckets = 20000
|
|
net.ipv4.route.gc_timeout = 100
|
|
net.ipv4.tcp_syn_retries = 1
|
|
net.ipv4.tcp_synack_retries = 1
|
|
net.ipv4.tcp_syncookies = 1
|
|
net.core.somaxconn = 65535
|
|
net.core.netdev_max_backlog = 262144
|
|
net.ipv4.tcp_timestamps = 0
|
|
net.ipv4.tcp_max_orphans = 262144
|
|
|
|
net.core.rmem_max = 67108864
|
|
net.core.wmem_max = 67108864
|
|
net.core.rmem_default = 65536
|
|
net.core.wmem_default = 65536
|
|
net.ipv4.tcp_rmem = 4096 87380 67108864
|
|
net.ipv4.tcp_wmem = 4096 65536 67108864
|
|
net.ipv4.tcp_mtu_probing = 1
|
|
#net.ipv4.tcp_congestion_control = hybla
|
|
net.ipv4.tcp_fastopen = 3
|
|
EOF
|
|
sysctl -p /etc/sysctl.conf
|
|
|
|
echo "Configuring Firewall..."
|
|
sudo systemctl stop firewalld
|
|
sudo systemctl mask firewalld
|
|
sudo yum install iptables iptables-services -y
|
|
|
|
sudo /sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT
|
|
sudo /sbin/service iptables save
|
|
|
|
sudo systemctl restart iptables
|
|
sudo systemctl enable iptables.service
|