服务器参数优化

#!/bin/bash
####修改系统参数####1
cat  << EOF >>  /etc/security/limits.conf
*               hard    nofile           1024000
*               soft    nofile           1024000
*               hard    nproc            102400
*               soft    nproc            102400
EOF
############2
cat << EOF >> /etc/sysctl.conf
net.core.rmem_default = 126976
net.core.wmem_default = 126976
net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
net.ipv4.tcp_mem = 8192 87380 16777216
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.tcp_rmem = 8192 87380 16777216

net.core.netdev_max_backlog = 2500
net.core.somaxconn = 262144

net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 10250 65000
net.ipv4.tcp_max_syn_backlog = 81920
net.ipv4.tcp_max_tw_buckets = 1600000
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_retries2 = 2
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 1
fs.file-max = 1024000
EOF
sysctl -p

##########3
ulimit -HSn 1024000

##########安装基础库#########
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers libtool libtool-ltdl-devel fontconfig fontconfig-devel libxslt libxslt-devel gettext gettext-devel libXpm-devel libevent-devel net-snmp net-snmp-devel

#########修改密码##########
#!/bin/bash
NAME=(zhangsan  lisi  wangwu)
for i in ${name}
do
        useradd $i
        echo    password |passwd --stdin $i
done
######allow user and ip
cat <<EOF>> /etc/security/access.conf
+:zhangsan:192.168.11. 192.168.9.1
+:lisi:192.168.11. 192.168.9.1
+:wangwu:192.168.11. 192.168.9.1
+:ALL:cron crond
-:ALL:ALL (Deny All)
EOF

######add pam modlue####
echo "account    required     pam_access.so" >> /etc/pam.d/sshd

#######allow sudo user######
cat <<EOF>> /etc/sudoerS
zhangsan     ALL=(ALL)       NOPASSWD: ALL
lisi    ALL=(ALL)       NOPASSWD: ALL
wangwu    ALL=(ALL)       NOPASSWD: ALL
EOF