Skip to content
高进波的博客

Linux基础配置

linux内核优化

#阿里云
vm.swappiness = 0
kernel.sysrq = 1


net.ipv4.neigh.default.gc_stale_time = 120


# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2


# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_slow_start_after_idle = 0
#华为云
vm.swappiness=0
net.core.somaxconn=1024
net.ipv4.tcp_max_tw_buckets=5000
net.ipv4.tcp_max_syn_backlog=1024


kernel.randomize_va_space = 2

禁止IPV6

vim /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
sysctl -p

配置NAT网关

vi /opt/nat.sh
#!/bin/bash


if (( `grep ^net.ipv4.ip_forward /etc/sysctl.conf|wc -l` < 1 ));then
        echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
        echo 'change sysctl.conf ok'
fi
iptables -A FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
sysctl -p


chmod +x /opt/nat.sh

ubuntu/debian开机启动

ln -fs /lib/systemd/system/rc-local.service /etc/systemd/system/rc-local.service
touch /etc/rc.local
chmod 755 /etc/rc.local


vi /etc/rc.local
#!/bin/bash
/opt/nat.sh

ubuntu配置DNS

apt install -y systemd-resolved


vim /etc/systemd/resolved.conf
[Resolve]
DNS=114.114.114.114
LLMNR=no


systemctl restart systemd-resolved
resolvectl status
rm -f /etc/resolv.conf
ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

ssh免密登录

ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
#将id_rsa.pub文件内容复制到其他机器的authorized_keys文件
cat ~/.ssh/id_rsa.pub>> ~/.ssh/authorized_keys

睡眠管理

禁用

systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
sed -i 's/#sleep-inactive-ac-timeout=1200/sleep-inactive-ac-timeout=0/g' /etc/gdm3/greeter.dconf-defaults
systemctl reload gdm; systemctl reload gdm3

启用

systemctl unmask sleep.target suspend.target hibernate.target hybrid-sleep.target

文件描述符

cat << EOF >/etc/security/limits.conf
*                -       core            unlimited
*                -       data            unlimited
*                -       fsize           unlimited
*                -       sigpending      119934
*                -       memlock         64
*                -       rss             unlimited
*                -       nofile          1048576
*                -       msgqueue        819200
*                -       stack           8192
*                -       cpu             unlimited
*                -       nproc           12000
*                -       locks           unlimited
EOF

journalctl日志管理

journalctl --disk-usage  #查看大小
journalctl --vacuum-time=7d  #删除7天前的
journalctl --vacuum-size=1G  #清理超过1G的日志文件
crontab -e  #自动清理7天前的
0 0 * * * journalctl --vacuum-time=7d


#使用
#过滤
journalctl -u nginx | grep "timeout"
journalctl | grep "error"


#指定时间
journalctl -u nginx -p err --since "2023-01-01"
journalctl --since today
journalctl --since "2023-01-01" --until "2023-01-02"


#日志等级-p
0 紧急(Emergency)
1 警报(Alert)
2 严重(Critical)
3 错误(Error)
4 警告(Warning)
5 通知(Notice)
6 信息(Info)
7 调试(Debug)

历史记录增加时间和用户

vi /etc/profile.d/history.sh
export HISTSIZE=10000
export HISTTIMEFORMAT="%F %T `whoami` "

一键换源

bash <(curl -sSL https://linuxmirrors.cn/main.sh)

时间同步

vi /etc/chrony.conf
pool cn.ntp.org.cn iburst


systemctl restart chronyd
chronyc sources
systemctl status chronyd

磁盘在线扩容

lsblk  #查看分区


#扩展分区,注意修改磁盘名称和分区号
growpart /dev/nvme0n1 1
growpart /dev/xvda 1
lsblk


#扩展文件系统
df -hT
xfs_growfs -d /  #xfs


#ext4
resize2fs /dev/nvme0n1p1
resize2fs /dev/xvda1

ubuntu安装精简桌面

#unity
apt-get install --no-install-recommends ubuntu-desktop -y
#kde
apt-get install --no-install-recommends kubuntu-desktop -y

RAID配置

安装

yum install mdadm -y
lsblk

建立raid1并挂载

mdadm -C -v /dev/md1  -l 1 -n 2 /dev/nvme0n1 /dev/nvme1n1
cat /proc/mdstat


mdadm  -D /dev/md1
mkfs.ext4  /dev/md1


vi /etc/fstab
UUID="dad8748c-c9a0-4182-a0ad-074cd6c051b3"     /data   ext4    defaults,noatime 1 2


mkdir /data
mount /data
df -h