当前位置: 代码网 > 服务器>服务器>Linux > Linux系统初始化配置指南

Linux系统初始化配置指南

2026年01月27日 Linux 我要评论
1.禁用selinuxsed -ri.bak 's/^(selinux=).*/\1disabled/' /etc/selinux/config2.关闭防火墙centos系统rpm -q firewa

1.禁用selinux

sed -ri.bak 's/^(selinux=).*/\1disabled/' /etc/selinux/config

2.关闭防火墙

centos系统

rpm -q firewalld &> /dev/null && systemctl disable --now firewalld &> /dev/null

ubuntu系统

dpkg -s ufw &> /dev/null && systemctl disable --now ufw &> /dev/null

3.设置主机名

hostnamectl set-hostname ${host}

4.修改网卡名

centos系统

#修改网卡名称配置文件
sed -ri.bak '/^grub_cmdline_linux=/s@"$@ net.ifnames=0"@' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg >& /dev/null

#修改网卡文件名
ethname=`ip addr | awk -f"[ :]" '/^2/{print $3}'`
mv /etc/sysconfig/network-scripts/ifcfg-${ethname} /etc/sysconfig/network-scripts/ifcfg-eth0

 ubuntu系统

#修改网卡名称配置文件
sed -ri.bak '/^grub_cmdline_linux=/s@"$@ net.ifnames=0"@' /etc/default/grub
grub-mkconfig -o /boot/grub/grub.cfg >& /dev/null

5.修改ip地址和网关地址

centos系统

cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<-eof
device=eth0
name=eth0
bootproto=none
onboot=yes
ipaddr=${ip}
prefix=24
gateway=${gateway}
dns1=223.5.5.5
dns2=180.76.76.76
eof

 ubuntu系统

cat > /etc/netplan/01-network-manager-all.yaml <<-eof
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses: [${ip}/24] 
      gateway4: ${gateway}
      nameservers:
        search: [neteagles.cn, neteagles.com]
        addresses: [223.5.5.5, 180.76.76.76]
eof

临时设置dns

cat > /etc/resolv.conf <<eof
nameserver 223.5.5.5    # 阿里云 dns
nameserver 180.76.76.76    # 百度 dns
nameserver 119.29.29.29    # 腾讯云 dns
eof

6.设置软件包仓库

centos8系统

#!/bin/bash
mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<eof
[baseos]
name=baseos
baseurl=https://mirrors.aliyun.com/centos/\$releasever/baseos/\$basearch/os/
        https://mirrors.huaweicloud.com/centos/\$releasever/baseos/\$basearch/os/
        https://mirrors.cloud.tencent.com/centos/\$releasever/baseos/\$basearch/os/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/baseos/\$basearch/os/
        http://mirrors.163.com//centos/\$releasever/baseos/\$basearch/os/
        http://mirrors.sohu.com/centos/\$releasever/baseos/\$basearch/os/ 
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centosofficial
[appstream]
name=appstream
baseurl=https://mirrors.aliyun.com/centos/\$releasever/appstream/\$basearch/os/
        https://mirrors.huaweicloud.com/centos/\$releasever/appstream/\$basearch/os/
        https://mirrors.cloud.tencent.com/centos/\$releasever/appstream/\$basearch/os/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/appstream/\$basearch/os/
        http://mirrors.163.com/centos/\$releasever/appstream/\$basearch/os/
        http://mirrors.sohu.com/centos/\$releasever/appstream/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centosofficial
[epel]
name=epel
baseurl=https://mirrors.aliyun.com/epel/\$releasever/everything/\$basearch/
        https://mirrors.huaweicloud.com/epel/\$releasever/everything/\$basearch/
        https://mirrors.cloud.tencent.com/epel/\$releasever/everything/\$basearch/
        https://mirrors.tuna.tsinghua.edu.cn/epel/\$releasever/everything/\$basearch/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/epel/rpm-gpg-key-epel-\$releasever
[extras]
name=extras
baseurl=https://mirrors.aliyun.com/centos/\$releasever/extras/\$basearch/os/
        https://mirrors.huaweicloud.com/centos/\$releasever/extras/\$basearch/os/
        https://mirrors.cloud.tencent.com/centos/\$releasever/extras/\$basearch/os/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/extras/\$basearch/os/
        http://mirrors.163.com/centos/\$releasever/extras/\$basearch/os/
        http://mirrors.sohu.com/centos/\$releasever/extras/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centosofficial
enabled=1
[centosplus]
name=centosplus
baseurl=https://mirrors.aliyun.com/centos/\$releasever/centosplus/\$basearch/os/
        https://mirrors.huaweicloud.com/centos/\$releasever/centosplus/\$basearch/os/
        https://mirrors.cloud.tencent.com/centos/\$releasever/centosplus/\$basearch/os/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/centosplus/\$basearch/os/
        http://mirrors.163.com/centos/\$releasever/centosplus/\$basearch/os/
        http://mirrors.sohu.com/centos/\$releasever/centosplus/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centosofficial
eof
dnf clean all
dnf repolist

 centos7系统

#!/bin/bash
mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<eof
[base]
name=base
baseurl=https://mirrors.aliyun.com/centos/\$releasever/os/\$basearch/ 
        https://mirrors.huaweicloud.com/centos/\$releasever/os/\$basearch/ 
        https://mirrors.cloud.tencent.com/centos/\$releasever/os/\$basearch/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/os/\$basearch/
        http://mirrors.163.com/centos/\$releasever/os/\$basearch/
        http://mirrors.sohu.com/centos/\$releasever/os/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-\$releasever
[epel]
name=epel
baseurl=https://mirrors.aliyun.com/epel/\$releasever/\$basearch/
        https://mirrors.huaweicloud.com/epel/\$releasever/\$basearch/
        https://mirrors.cloud.tencent.com/epel/\$releasever/\$basearch/
        https://mirrors.tuna.tsinghua.edu.cn/epel/\$releasever/\$basearch/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/epel/rpm-gpg-key-epel-\$releasever
[extras]
name=extras
baseurl=https://mirrors.aliyun.com/centos/\$releasever/extras/\$basearch/
        https://mirrors.huaweicloud.com/centos/\$releasever/extras/\$basearch/
        https://mirrors.cloud.tencent.com/centos/\$releasever/extras/\$basearch/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/extras/\$basearch/
        http://mirrors.163.com/centos/\$releasever/extras/\$basearch/
        http://mirrors.sohu.com/centos/\$releasever/extras/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-\$releasever
[updates]
name=updates
baseurl=https://mirrors.aliyun.com/centos/\$releasever/updates/\$basearch/
        https://mirrors.huaweicloud.com/centos/\$releasever/updates/\$basearch/
        https://mirrors.cloud.tencent.com/centos/\$releasever/updates/\$basearch/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/updates/\$basearch/
        http://mirrors.163.com/centos/\$releasever/updates/\$basearch/
        http://mirrors.sohu.com/centos/\$releasever/updates/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-\$releasever
[centosplus]
name=centosplus
baseurl=https://mirrors.aliyun.com/centos/\$releasever/centosplus/\$basearch/
        https://mirrors.huaweicloud.com/centos/\$releasever/centosplus/\$basearch/
        https://mirrors.cloud.tencent.com/centos/\$releasever/centosplus/\$basearch/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/centosplus/\$basearch/
        http://mirrors.163.com/centos/\$releasever/centosplus/\$basearch/
        http://mirrors.sohu.com/centos/\$releasever/centosplus/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-\$releasever
eof
yum clean all
yum repolist

 ubuntu18.04

#!/bin/bash
mv /etc/apt/sources.list /etc/apt/sources.list.bak
cat > /etc/apt/sources.list <<eof
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
eof
apt update

 ubuntu20.04

#!/bin/bash
mv /etc/apt/sources.list /etc/apt/sources.list.bak
cat > /etc/apt/sources.list <<eof
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
eof
apt update

 其他参考阿里巴巴开源镜像站-opsx镜像站-阿里云开发者社区

7.minimal安装建议安装软件包

centos系统

yum -y install gcc make autoconf gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel zlib-devel vim lrzsz tree tmux lsof tcpdump wget net-tools iotop bc bzip2 zip unzip nfs-utils man-pages bash-completion chrony &> /dev/null

 ubuntu系统

apt -y install iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev gcc openssh-server iotop unzip zip bash-completion chrony

8.配置ntp时间同步

centos系统

# 移除或注释原有的 server 配置
sed -i '/^server /d' /etc/chrony.conf
sed -i 's/^pool /#pool /' /etc/chrony.conf

# 添加阿里云时间服务器
sed -i '3i server ntp.aliyun.com iburst' /etc/chrony.conf

# 重启并设置开机自启
systemctl restart chronyd
systemctl enable chronyd

# 验证时间同步
chronyc sources -v

 ubuntu系统

# 移除或注释原有的 server 配置
sed -i '/^server /d' /etc/chrony/chrony.conf
sed -i 's/^pool /#pool /' /etc/chrony/chrony.conf

# 添加阿里云时间服务器
sed -i '3i server ntp.aliyun.com iburst' /etc/chrony/chrony.conf

# 重启并设置开机自启
systemctl restart chrony
systemctl enable chrony

# 验证时间同步
chronyc sources -v
# 使用国内ntp服务器源
server ntp.aliyun.com iburst
server ntp.tencent.com iburst
server ntp.ntsc.ac.cn iburst

# 局域网内的ntp服务器需要增加如下配置

# 允许内网客户端同步时间(如果不使用allow指令明确指定允许访问的网段,默认行为是拒绝所有外部客户端同步请求)
allow 192.168.0.0/16

# 允许本地时钟作为后备
local stratum 10

9.优化ssh

sed -i.bak -e 's/#usedns no/usedns no/' -e 's/gssapiauthentication yes/gssapiauthentication no/' /etc/ssh/sshd_config

10.优化资源限制

cat >> /etc/security/limits.conf <<-eof
root     soft   core     unlimited
root     hard   core     unlimited
root     soft   nproc    1000000
root     hard   nproc    1000000
root     soft   nofile   1000000
root     hard   nofile   1000000
root     soft   memlock  32000
root     hard   memlock  32000
root     soft   msgqueue 8192000
root     hard   msgqueue 8192000
eof

11.优化内核

cat > /etc/sysctl.conf <<-eof
# controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1

# do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# controls the system request debugging functionality of the kernel
kernel.sysrq = 0

# controls whether core dumps will append the pid to the core filename.
# useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# controls the use of tcp syncookies
net.ipv4.tcp_syncookies = 1

# disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# # controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# # controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

# tcp kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096        87380   4194304
net.ipv4.tcp_wmem = 4096        16384   4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1

# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920


# tcp conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15

# tcp conn reuse
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_timestamps = 0

net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1

# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001    65000

# swap
vm.overcommit_memory = 0
vm.swappiness = 10

#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2
eof

sysctl -p &> /dev/null

12.配置邮件

# centos安装邮箱
yum install  s-nail -y

# ubuntu安装邮箱
sudo apt install s-nail -y

cat > /etc/s-nail.rc <<-eof
set v15-compat            #启用 v15-compat 兼容性选项
set from="1726340645@qq.com"        #发件人信息
set mta=smtps://1726340645:onrjmfvxckikfcja@smtp.qq.com:465
set smtp-auth=login
eof

# 发送邮件
echo "测试内容" | s-nail -s "测试主题" recipient@example.com
s-nail -s "邮件主题" xx@163.com < /etc/passwd    #xx@163.com为收件人信息

13.总结

以上为个人经验,希望能给大家一个参考,也希望大家多多支持代码网。

(0)

相关文章:

版权声明:本文内容由互联网用户贡献,该文观点仅代表作者本人。本站仅提供信息存储服务,不拥有所有权,不承担相关法律责任。 如发现本站有涉嫌抄袭侵权/违法违规的内容, 请发送邮件至 2386932994@qq.com 举报,一经查实将立刻删除。

发表评论

验证码:
最近更新的文章
推荐阅读
大家感兴趣的文章
Copyright © 2017-2026  代码网 保留所有权利. 粤ICP备2024248653号
站长QQ:2386932994 | 联系邮箱:2386932994@qq.com