Quick Deploy for CentOS 7
Network Configuration
$ vi /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.128.222
NETMASK=255.255.255.0
GATEWAY=192.168.128.1
DNS Configuration
nmcli connection show
nmcli con mod ens160 ipv4.dns "114.114.114.114 8.8.8.8"
nmcli con up ens160
ping www.baidu.com
Edit Hostname
hostnamectl set-hostname xxx
vim /etc/hosts //修改里面的xxx
SSH Configuration
$ vi /etc/ssh/sshd_config
UseDNS no
AddressFamily inet
PermitRootLogin no
SyslogFacility AUTHPRIV
PasswordAuthentication yes
强烈建议将ssh服务的端口从22修改到其他端口, 如: 12345, 同时需要在防火墙中增加此端口权限
firewall-cmd --zone=public --add-port=12345/tcp --permanent //增加端口
firewall-cmd --reload //重新载入
firewall-cmd --zone=public --list-ports //查看开放的端口
重启ssh服务
systemctl restart sshd
Disable SELinux Service
$ vi /etc/selinux/config
SELINUX=disabled
$ setenforce 0 //临时生效
$ getenforce //查看selinux状态
Kernel Optimization
$ vi /etc/sysctl.conf
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
kernel.sysrq = 1
Generate ssh-key
ssh-keygen -t rsa
ssh-copy-id xxx
Create Users and Groups
groupadd www
useradd -g www www -s /sbin/nologin -d /var/www
mkdir -p /data/home
useradd -g wheel jxva -s /bin/bash -d /data/home/jxva
usermod -G wheel,root jxva
useradd -g wheel zane -s /bin/bash -d /data/home/zane
groupadd dev
useradd -g dev jiangz -s /bin/bash -d /data/home/jiangz
passwd root
passwd jxva
passwd zane
passwd jiangz
上面的命令大致解说如下: (1) 创建一个www用户及www组,同时确保www用户无登录权限,并将www用户锁定在/var/www目录; (2) 创建一个jxva帐号,并加入wheel与root组,默认用户目录为/data/home/jxva; (3) 创建一个zane帐号,并加入wheel组,默认用户目录为/data/home/zane; (4) 创建一个dev组, 创建一个jiangz帐号,并加入dev组, 默认用户目录为/data/home/jiangz;
Install sudo and Configure Permissions
$ yum install sudo
$ sudo sh -c 'echo "auth required pam_wheel.so use_uid group=wheel " >> /etc/pam.d/su'
or
$vi /etc/pam.d/su
auth required pam_wheel.so use_uid group=wheel
替换使用sudo命令时, 不需要输入密码(建议不要开启)
$ visudo
%wheel ALL=(ALL) NOPASSWD: ALL
Delete the Useless Accounts and Groups
userdel adm
userdel lp
userdel sync
userdel shutdown
userdel halt
userdel news
userdel uucp
userdel operator
userdel games
userdel gopher
userdel ftp
groupdel adm
groupdel lp
groupdel news
groupdel uucp
groupdel games
groupdel dip
groupdel pppusers
groupdel audio
groupdel video
Change Login Greeting
$ vi /etc/motd
Welcome to AliYun Develop Compute Service!
-----------------------------------------------------------
Please read the following words carefully.
1. Don't reboot this machine. (It can't wake up automicly)
2. Don't delete any others file.
3. Please be sure to use your own account.
4. Only members of the wheel group can run sudo.
-----------------------------------------------------------
Edit the Ulimit Limit
$ cat /proc/sys/fs/file-max
$ vi /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
Create Data Directories
mkdir -p /data/backup
mkdir -p /data/database
mkdir -p /data/software
mkdir -p /data/program
mkdir -p /data/wwwroot
mkdir -p /data/ftproot
mkdir -p /data/workspace
mkdir -p /data/document
mkdir -p /data/git
mkdir -p /data/docker
mkdir -p /data/gerrit
Mini Dependence Environment
yum install tar net-tools make gcc readline-devel pcre-devel zlib-devel bzip2 bzip2-devel perl perl-devel perl-ExtUtils-Embed libxml2-devel openssl-devel pcmisc gd gd-devel
Develop Dependence Environment
yum install vim vim-enhanced gcc gcc-c++ gdb wget bison autoconf automake man readline byacc make net-tools telnet wget patch crontabs logwatch logrotate unzip zip bzip2 gettext sysstat ctags cscope cmake nasm gettext-devel system-config-firewall-tui libyaml libffi libxml2 libxslt libicu perl-Time-HiRes psmisc libxml2-devel libxslt-devel ncurses-devel openssl-devel bzip2-devel curl-devel gd-devel gdbm-devel db4-devel libjpeg-devel libpng-devel gmp-devel pcre-devel pam-devel zlib-devel readline-devel glib2-devel libXext-devel perl-devel freetype-devel glibc-devel tcl-devel expat-devel sqlite-devel libyaml-devel libffi-devel libicu-devel python-devel cyrus-sasl-devel apr-devel apr apr-util
yum install samba
yum clean all && yum clean metadata && yum clean dbcache
yum makecache && yum update
通常我们会安装一些服务或组件:postfix gitlib redmine svn-server jdk astyle tomcat nginx php mysql redis memcached mongodb vsftpd squid varnish leveldb go lua nodejs goahead
TimeZone Setting
(1). 修改为CST时间
$ cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
(2). 修改为UTC时间
$ cp /usr/share/zoneinfo/Universal /etc/localtime
Disable Useless Service
killall rpbbind rpc.statd cups
chkconfig --level 235 rpcbind off
chkconfig --level 235 cups off
chkconfig --level 235 nfslock off
chkconfig rpcbind off
chkconfig cups off
chkconfig nfslock off
Language Setting
$ vim /etc/sysconfig/i18n
#LANG="zh_CN.UTF-8"
LANG="en_US.UTF-8"
Configure JDK Environment
export JAVA_HOME=/data/program/jdk-1.8.0_202
export JRE_HOME=$JAVA_HOME/jre
export PATH=$PATH:$JAVA_HOME/bin:/usr/local/mysql/bin
export CLASSPATH=./:$JAVA_HOME/lib:$JAVA_HOME/jre/lib