Linux系统优化

准备工作

1. 系统版本信息

[root@x1 proc]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core)

2. 内核信息

[root@x1 proc]# uname -a
Linux x1 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

系统用户优化

1. 创建用户

[root@x1 proc]# useradd dyp

清除用户

userdel 用户名

查看用户

id 用户名

2. 创建用户密码

• root用户创建密码

[root@x1 ~]# passwd dyp
Changing password for user dyp.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

• 普通用户创建密码

[root@x1 ~]# su - dyp				-------	切换用户
[dyp@x1 root]$ passwd				-------	修改密码
Changing password for user dyp.
Changing password for dyp.
(current) UNIX password: 			-------	输入旧密码
New password: 						-------	输入新密码
Retype new password: 				-------	再次输入新密码
passwd: all authentication tokens updated successfully.

• 免交互修改密码

echo 密码 | passwd --stdin 用户名

• 批量修改密码

for user(变量) in 用户名 用户名 用户名 ; do echo 123456(密码) | passwd --stdin $user ; done

系统命令提示符优化

1. 优化提示符显示信息

PS1	-------	用于设置系统命令提示符

2. 临时添加时间

[root@x1 dyp]# echo $PS1
[\u@\h \W]\$
[root@x1 ~]# PS1="[\u@\h \t \W]\$"
[root@x1 12:29:02 ~]$

3. 永久添加时间

vim /etc/profile	-------	变量修改
source /etc/profile	-------	重新加载

4. 修改命令提示符颜色

vim /etc/profile

RED='\[\033[01;31m\]'
Yello='\[\033[01;33m\]'
Green='\[\033[01;32m\]'
End='\033[0m\]'
PS1="[$RED\u$End@$Yello\h$End $Green\W$End]\\$ "

source /etc/profile

系统下载软件优化

1. yum源优化

• Base yum源优化

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

• epel yum源优化 (企业扩展yum仓库) Extra Packages for Enterprise Linux

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
或者
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo 

2. 下载

yum install -y  vim  wget  tree  telnet  nc nmap net-tools  bash-completion(补全参数软件)

系统安全优化(关闭)

1. 安全服务: firewalld(防火墙)
   关闭防火墙服务

systemctl stop firewalld.service	---	关闭firewalld防火墙服务
systemctl status firewalld.service	---	关闭开机启动firewalld防火墙服务

2. 安全服务: selinux (限制root用户行为)

• 临时关闭

setenforce 0		--- 关闭selinux服务
getenforce			---	查看selinux服务
	Permissive		---	关闭服务		0
	Enforcing		---	开启服务		1

• 永久关闭

vim /etc/selinux/config


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing			---		开启
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

修改
SELINUX=permissive — 警告
或
SELINUX=disabled — 关闭

• 重启后生效

来源：https://blog.csdn.net/mcweiyi/article/details/102755729