Linux基础配置
linux内核优化
#阿里云vm.swappiness = 0kernel.sysrq = 1
net.ipv4.neigh.default.gc_stale_time = 120
# see details in https://help.aliyun.com/knowledge_detail/39428.htmlnet.ipv4.conf.all.rp_filter = 0net.ipv4.conf.default.rp_filter = 0net.ipv4.conf.default.arp_announce = 2net.ipv4.conf.lo.arp_announce = 2net.ipv4.conf.all.arp_announce = 2
# see details in https://help.aliyun.com/knowledge_detail/41334.htmlnet.ipv4.tcp_max_tw_buckets = 5000net.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_syn_backlog = 1024net.ipv4.tcp_synack_retries = 2net.ipv4.tcp_slow_start_after_idle = 0
#华为云vm.swappiness=0net.core.somaxconn=1024net.ipv4.tcp_max_tw_buckets=5000net.ipv4.tcp_max_syn_backlog=1024
kernel.randomize_va_space = 2
禁止IPV6
vim /etc/sysctl.confnet.ipv6.conf.all.disable_ipv6=1net.ipv6.conf.default.disable_ipv6=1net.ipv6.conf.lo.disable_ipv6=1sysctl -p
配置NAT网关
vi /opt/nat.sh#!/bin/bash
if (( `grep ^net.ipv4.ip_forward /etc/sysctl.conf|wc -l` < 1 ));then echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf echo 'change sysctl.conf ok'fiiptables -A FORWARD -j ACCEPTiptables -t nat -I POSTROUTING -j MASQUERADEsysctl -p
chmod +x /opt/nat.sh
ubuntu/debian开机启动
ln -fs /lib/systemd/system/rc-local.service /etc/systemd/system/rc-local.servicetouch /etc/rc.localchmod 755 /etc/rc.local
vi /etc/rc.local#!/bin/bash/opt/nat.sh
ubuntu配置DNS
vim /etc/systemd/resolved.conf[Resolve]DNS=114.114.114.114LLMNR=no
systemctl restart systemd-resolvedresolvectl statusrm -f /etc/resolv.confln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
ssh免密登录
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa#将id_rsa.pub文件内容复制到其他机器的authorized_keys文件cat ~/.ssh/id_rsa.pub>> ~/.ssh/authorized_keys
文件描述符
vi /opt/ulimit.sh#!/bin/bash
#pamif (( `grep limits.so /etc/pam.d/common-session|wc -l` < 1 ));then echo 'session required pam_limits.so' >> /etc/pam.d/common-session echo 'change pam ok'fi
#limitsif (( `grep 1000001 /etc/security/limits.conf|wc -l` < 1 ));then echo 'root soft nofile 1000001' >> /etc/security/limits.conf echo 'root hard nofile 1000001' >> /etc/security/limits.conf echo '* soft nofile 1000001' >> /etc/security/limits.conf echo '* hard nofile 1000001' >> /etc/security/limits.conf echo 'change limits.conf ok'fi
#sysctlif (( `grep 1000001 /etc/sysctl.conf|wc -l` < 1 ));then echo 'fs.file-max = 1000001' >> /etc/sysctl.conf echo 'kernel.perf_cpu_time_max_percent = 0' >> /etc/sysctl.conf echo 'change sysctl.conf ok'else echo 'nothing...'fi
bash /opt/ulimit.sh
journalctl日志管理
journalctl --disk-usage #查看大小journalctl --vacuum-time=7d #删除7天前的journalctl --vacuum-size=1G #清理超过1G的日志文件crontab -e #自动清理7天前的0 0 * * * journalctl --vacuum-time=7d
#使用#过滤journalctl -u nginx | grep "timeout"journalctl | grep "error"
#指定时间journalctl -u nginx -p err --since "2023-01-01"journalctl --since todayjournalctl --since "2023-01-01" --until "2023-01-02"
#日志等级-p0 紧急(Emergency)1 警报(Alert)2 严重(Critical)3 错误(Error)4 警告(Warning)5 通知(Notice)6 信息(Info)7 调试(Debug)
历史记录增加时间和用户
vi /etc/profile.d/history.shexport HISTSIZE=10000export HISTTIMEFORMAT="%F %T `whoami` "
一键换源
bash <(curl -sSL https://linuxmirrors.cn/main.sh)
磁盘在线扩容
lsblk #查看分区
#扩展分区,注意修改磁盘名称和分区号growpart /dev/nvme0n1 1growpart /dev/xvda 1lsblk
#扩展文件系统df -hTxfs_growfs -d / #xfs
#ext4resize2fs /dev/nvme0n1p1resize2fs /dev/xvda1