Centos6优化

#防火墙配置
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
iptables -F
iptables -L
/etc/init.d/iptables save
#ssh配置
cp /etc/ssh/sshd_config sshd_config_bak
#sed -i '/#Port/s/22/60022/' /etc/ssh/sshd_config
#sed -i '/#Port/s/^#//' /etc/ssh/sshd_config
sed -i '/GSSAPIAuthentication/s/yes/no/' /etc/ssh/sshd_config
sed -i '/DNS/s/yes/no/' /etc/ssh/sshd_config
sed -i '/DNS/s/^#//' /etc/ssh/sshd_config
service sshd restart
#自启动服务优化
for sun in `chkconfig --list|grep 3:on|awk '{print $1}'`;do chkconfig --level 3 $sun off;done
for sun in crond rsyslog sshd network iptables ip6tables;do chkconfig --level 3 $sun on;done
#系统优化
echo "* soft nofile 65535" >> /etc/security/limits.conf 
echo "* hard nofile 65535" >> /etc/security/limits.conf 
echo "* soft nproc 65535" >> /etc/security/limits.conf
echo "* hard nproc 65535" >> /etc/security/limits.conf
sed -i 's/1024/unlimited/g' /etc/security/limits.d/90-nproc.conf 

#在/etc/sysctl.conf 后面增加下面内容

echo "
#可用于apache，nginx，squid多种等web应用
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768

net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800

net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1025 65535" >> /etc/sysctl.conf

#删除不必要的用户
userdel adm
userdel lp
userdel sync
userdel shutdown
userdel halt
userdel news
userdel uucp
userdel operator
userdel games
userdel gopher
userdel ftp
#删除不必要的群组
groupdel adm
groupdel lp
groupdel news
groupdel uucp
groupdel games
groupdel dip
groupdel pppusers