setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

 

yum -y update

yum -y install ncdu mailx whois net-tools wget vim bind-utils mc curl curl-devel iptables-services epel-release kernel-devel ntpdate ntp gcc net-snmp net-snmp-perl unzip

yum -y install conntrack ipvsadm ipset jq iptables sysstat libseccomp

yum -y install yum-utils device-mapper-persistent-data lvm2 nfs-utils rsync

yum -y install gcc perl-CPAN gettext-devel perl-devel openssl-devel zlib-devel autoconf expat expat-devel

yum -y install tcptraceroute bc

cd /usr/bin

wget http://www.vdberg.org/~richard/tcpping

chmod 755 tcpping

chmod +x /etc/rc.d/rc.local

cd /root

 

mkdir -p /infra/bin

mkdir -p /infra/sbin

mkdir -p /infra/backup

mkdir -p /infra/crond

mkdir -p /infra/ssl/conf/

mkdir -p /infra/ssl/cert/

mkdir -p /infra/server

 

## 優化

cat > /etc/sysctl.conf << EOF

net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.default.send_redirects = 0

net.ipv4.tcp_max_syn_backlog = 1280

net.ipv4.icmp_echo_ignore_broadcasts = 1

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.all.secure_redirects = 0

net.ipv4.conf.default.accept_source_route = 0

net.ipv4.conf.default.accept_redirects = 0

net.ipv4.conf.default.secure_redirects = 0

net.ipv4.icmp_echo_ignore_broadcasts = 1

net.ipv4.icmp_ignore_bogus_error_responses = 1

net.ipv4.tcp_timestamps = 0

net.ipv4.ip_forward = 1

# Optimization for 300k connections

fs.file-max = 10000000

fs.nr_open = 10000000

net.ipv4.tcp_mem = 786432 1697152 1945728

net.ipv4.tcp_rmem = 4096 4096 16777216

net.ipv4.tcp_wmem = 4096 4096 16777216

net.core.default_qdisc = fq

net.ipv4.tcp_congestion_control = bbr

# disable IPV6

net.ipv6.conf.all.disable_ipv6= 1

net.ipv6.conf.default.disable_ipv6= 1

net.ipv6.conf.lo.disable_ipv6 = 1

 

net.ipv4.tcp_fin_timeout = 10

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_tw_reuse = 1

net.core.somaxconn=1024

EOF

sysctl -p

 

cat > /etc/security/limits.conf << EOF

* soft nofile 655360

* hard nofile 655360

EOF

ulimit -Hn 655360

ulimit -Sn 655360

 

#systemctl stop NetworkManager && systemctl disable NetworkManager

systemctl stop firewalld.service && systemctl disable firewalld.service

systemctl stop iptables.service && systemctl disable iptables.service

systemctl stop yum-cron && systemctl disable yum-cron

systemctl enable snmpd && systemctl restart snmpd

timedatectl set-timezone Asia/Shanghai && timedatectl set-local-rtc 0 && systemctl restart rsyslog && systemctl restart crond

 

sed -i 's/^\%wheel.*/%wheel ALL=(ALL) NOPASSWD: ALL/' /etc/sudoers