• 日期: 2028-06-07 07:38:03
  • 标签: 军事

  1. 安裝必要的套件和更新系統:

    yum -y update
yum -y install epel-release
yum -y install wget vim net-tools tree git

  2. 設定開機啟動項目:

    systemctl enable firewalld
systemctl enable NetworkManager
systemctl enable sshd

  3. 設定防火牆:

    systemctl start firewalld
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

  4. 設定 SELinux:

    setenforce 0
sed -i 's/enforcing/disabled/g' /etc/selinux/config

  5. 設定 SSH:

    sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#Port 22/Port 22/g' /etc/ssh/sshd_config
systemctl restart sshd

  6. 設定時區:

    rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Taipei /etc/localtime

  7. 設定語系:

    echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
echo 'LC_ALL="en_US.UTF-8"' >> /etc/locale.conf

  8. 設定 SWAP:

    dd if=/dev/zero of=/swapfile bs=1M count=2048
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile   swap   swap   defaults  0 0' >> /etc/fstab

  9. 設定內核參數:

    echo 'vm.swappiness=10' >> /etc/sysctl.conf
echo 'net.ipv4.ip_forward=0' >> /etc/sysctl.conf
echo 'net.ipv4.conf.all.accept_source_route=0' >> /etc/sysctl.conf
echo 'kernel.sysrq=0' >> /etc/sysctl.conf
echo 'kernel.core_uses_pid=1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_syncookies=1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_syn_backlog=2048' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_synack_retries=2' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_syn_retries=5' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_fin_timeout=30' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_time=1800' >> /etc/sysctl.conf
echo 'net.ipv4.ip_local_port_range=1024 65535' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_tw_buckets=20000' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_fin_timeout=30' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_recycle=1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_reuse=1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_mem=786432 1048576 26777216' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_rmem=4096 87380 33554432' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_wmem=4096 87380 33554432' >> /etc/sysctl.conf
echo 'net.ipv4.ip_conntrack_max=65536' >> /etc/sysctl.conf
echo 'net.ipv4.netfilter.ip_conntrack_max=65536' >> /etc/sysctl.conf
echo 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180' >> /etc/sysctl.conf
sysctl -p

  10. 建立普通使用者:

    useradd -m username
passwd username

  11. 完成後重啟系統:

    reboot
centos7 初始化 優化設定

原文地址: https://www.cveoy.top/t/topic/3tC 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录