Linux基础配置

linux内核优化

#阿里云
vm.swappiness = 0
kernel.sysrq = 1

net.ipv4.neigh.default.gc_stale_time = 120

# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2

# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_slow_start_after_idle = 0

#华为云
vm.swappiness=0
net.core.somaxconn=1024
net.ipv4.tcp_max_tw_buckets=5000
net.ipv4.tcp_max_syn_backlog=1024

kernel.randomize_va_space = 2

禁止IPV6

vim /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
sysctl -p

配置NAT网关

vi /opt/nat.sh
#!/bin/bash

if (( `grep ^net.ipv4.ip_forward /etc/sysctl.conf|wc -l` < 1 ));then
        echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
        echo 'change sysctl.conf ok'
fi
iptables -A FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
sysctl -p

chmod +x /opt/nat.sh

ubuntu/debian开机启动

ln -fs /lib/systemd/system/rc-local.service /etc/systemd/system/rc-local.service
touch /etc/rc.local
chmod 755 /etc/rc.local

vi /etc/rc.local
#!/bin/bash
/opt/nat.sh

ubuntu配置DNS

vim /etc/systemd/resolved.conf
[Resolve]
DNS=114.114.114.114
LLMNR=no

systemctl restart systemd-resolved
resolvectl status
rm -f /etc/resolv.conf
ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

ssh免密登录

ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
#将id_rsa.pub文件内容复制到其他机器的authorized_keys文件
cat ~/.ssh/id_rsa.pub>> ~/.ssh/authorized_keys

文件描述符

vi /opt/ulimit.sh
#!/bin/bash

#pam
if (( `grep limits.so /etc/pam.d/common-session|wc -l` < 1 ));then
        echo 'session required pam_limits.so' >> /etc/pam.d/common-session
        echo 'change pam ok'
fi

#limits
if (( `grep 1000001 /etc/security/limits.conf|wc -l` < 1 ));then
        echo 'root soft nofile 1000001' >> /etc/security/limits.conf
        echo 'root hard nofile 1000001' >> /etc/security/limits.conf
        echo '* soft nofile 1000001' >> /etc/security/limits.conf
        echo '* hard nofile 1000001' >> /etc/security/limits.conf
        echo 'change limits.conf ok'
fi

#sysctl
if (( `grep 1000001 /etc/sysctl.conf|wc -l` < 1 ));then
        echo 'fs.file-max = 1000001' >> /etc/sysctl.conf
        echo 'kernel.perf_cpu_time_max_percent = 0' >> /etc/sysctl.conf
        echo 'change sysctl.conf ok'
else
        echo 'nothing...'
fi

bash /opt/ulimit.sh

journalctl日志管理

journalctl --disk-usage  #查看大小
journalctl --vacuum-time=7d  #删除7天前的
journalctl --vacuum-size=1G  #清理超过1G的日志文件
crontab -e  #自动清理7天前的
0 0 * * * journalctl --vacuum-time=7d

#使用
#过滤
journalctl -u nginx | grep "timeout"
journalctl | grep "error"

#指定时间
journalctl -u nginx -p err --since "2023-01-01"
journalctl --since today
journalctl --since "2023-01-01" --until "2023-01-02"

#日志等级-p
0 紧急（Emergency）
1 警报（Alert）
2 严重（Critical）
3 错误（Error）
4 警告（Warning）
5 通知（Notice）
6 信息（Info）
7 调试（Debug）

历史记录增加时间和用户

vi /etc/profile.d/history.sh
export HISTSIZE=10000
export HISTTIMEFORMAT="%F %T `whoami` "

一键换源

bash <(curl -sSL https://linuxmirrors.cn/main.sh)

磁盘在线扩容

lsblk  #查看分区

#扩展分区，注意修改磁盘名称和分区号
growpart /dev/nvme0n1 1
growpart /dev/xvda 1
lsblk

#扩展文件系统
df -hT
xfs_growfs -d /  #xfs

#ext4
resize2fs /dev/nvme0n1p1
resize2fs /dev/xvda1