脚本之家 服务器常用软件
快捷导航
您的位置:首页网站技巧服务器Linux → Linux系统初始化配置

Linux系统初始化配置指南

 更新时间:2026年01月27日 10:41:23   作者:杨了个杨8982  
本文介绍了CentOS和Ubuntu系统的配置优化方法,包括禁用SELinux、关闭防火墙、设置主机名、修改网卡名、IP地址和网关、DNS设置、软件包仓库配置、最小安装建议、NTP时间同步、SSH优化、资源限制和内核优化等

1.禁用SELinux

sed -ri.bak 's/^(SELINUX=).*/\1disabled/' /etc/selinux/config

2.关闭防火墙

Centos系统

rpm -q firewalld &> /dev/null && systemctl disable --now firewalld &> /dev/null

Ubuntu系统

dpkg -s ufw &> /dev/null && systemctl disable --now ufw &> /dev/null

3.设置主机名

hostnamectl set-hostname ${HOST}

4.修改网卡名

Centos系统

#修改网卡名称配置文件
sed -ri.bak '/^GRUB_CMDLINE_LINUX=/s@"$@ net.ifnames=0"@' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg >& /dev/null

#修改网卡文件名
ETHNAME=`ip addr | awk -F"[ :]" '/^2/{print $3}'`
mv /etc/sysconfig/network-scripts/ifcfg-${ETHNAME} /etc/sysconfig/network-scripts/ifcfg-eth0

 Ubuntu系统

#修改网卡名称配置文件
sed -ri.bak '/^GRUB_CMDLINE_LINUX=/s@"$@ net.ifnames=0"@' /etc/default/grub
grub-mkconfig -o /boot/grub/grub.cfg >& /dev/null

5.修改IP地址和网关地址

Centos系统

cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<-EOF
DEVICE=eth0
NAME=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=${IP}
PREFIX=24
GATEWAY=${GATEWAY}
DNS1=223.5.5.5
DNS2=180.76.76.76
EOF

 Ubuntu系统

cat > /etc/netplan/01-network-manager-all.yaml <<-EOF
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses: [${IP}/24] 
      gateway4: ${GATEWAY}
      nameservers:
        search: [neteagles.cn, neteagles.com]
        addresses: [223.5.5.5, 180.76.76.76]
EOF

临时设置DNS

cat > /etc/resolv.conf <<EOF
nameserver 223.5.5.5    # 阿里云 DNS
nameserver 180.76.76.76    # 百度 DNS
nameserver 119.29.29.29    # 腾讯云 DNS
EOF

6.设置软件包仓库

Centos8系统

#!/bin/bash
mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<EOF
[BaseOS]
name=BaseOS
baseurl=https://mirrors.aliyun.com/centos/\$releasever/BaseOS/\$basearch/os/
        https://mirrors.huaweicloud.com/centos/\$releasever/BaseOS/\$basearch/os/
        https://mirrors.cloud.tencent.com/centos/\$releasever/BaseOS/\$basearch/os/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/BaseOS/\$basearch/os/
        http://mirrors.163.com//centos/\$releasever/BaseOS/\$basearch/os/
        http://mirrors.sohu.com/centos/\$releasever/BaseOS/\$basearch/os/ 
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[AppStream]
name=AppStream
baseurl=https://mirrors.aliyun.com/centos/\$releasever/AppStream/\$basearch/os/
        https://mirrors.huaweicloud.com/centos/\$releasever/AppStream/\$basearch/os/
        https://mirrors.cloud.tencent.com/centos/\$releasever/AppStream/\$basearch/os/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/AppStream/\$basearch/os/
        http://mirrors.163.com/centos/\$releasever/AppStream/\$basearch/os/
        http://mirrors.sohu.com/centos/\$releasever/AppStream/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[EPEL]
name=EPEL
baseurl=https://mirrors.aliyun.com/epel/\$releasever/Everything/\$basearch/
        https://mirrors.huaweicloud.com/epel/\$releasever/Everything/\$basearch/
        https://mirrors.cloud.tencent.com/epel/\$releasever/Everything/\$basearch/
        https://mirrors.tuna.tsinghua.edu.cn/epel/\$releasever/Everything/\$basearch/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/epel/RPM-GPG-KEY-EPEL-\$releasever
[extras]
name=extras
baseurl=https://mirrors.aliyun.com/centos/\$releasever/extras/\$basearch/os/
        https://mirrors.huaweicloud.com/centos/\$releasever/extras/\$basearch/os/
        https://mirrors.cloud.tencent.com/centos/\$releasever/extras/\$basearch/os/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/extras/\$basearch/os/
        http://mirrors.163.com/centos/\$releasever/extras/\$basearch/os/
        http://mirrors.sohu.com/centos/\$releasever/extras/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
enabled=1
[centosplus]
name=centosplus
baseurl=https://mirrors.aliyun.com/centos/\$releasever/centosplus/\$basearch/os/
        https://mirrors.huaweicloud.com/centos/\$releasever/centosplus/\$basearch/os/
        https://mirrors.cloud.tencent.com/centos/\$releasever/centosplus/\$basearch/os/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/centosplus/\$basearch/os/
        http://mirrors.163.com/centos/\$releasever/centosplus/\$basearch/os/
        http://mirrors.sohu.com/centos/\$releasever/centosplus/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
EOF
dnf clean all
dnf repolist

 Centos7系统

#!/bin/bash
mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<EOF
[base]
name=base
baseurl=https://mirrors.aliyun.com/centos/\$releasever/os/\$basearch/ 
        https://mirrors.huaweicloud.com/centos/\$releasever/os/\$basearch/ 
        https://mirrors.cloud.tencent.com/centos/\$releasever/os/\$basearch/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/os/\$basearch/
        http://mirrors.163.com/centos/\$releasever/os/\$basearch/
        http://mirrors.sohu.com/centos/\$releasever/os/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
[epel]
name=epel
baseurl=https://mirrors.aliyun.com/epel/\$releasever/\$basearch/
        https://mirrors.huaweicloud.com/epel/\$releasever/\$basearch/
        https://mirrors.cloud.tencent.com/epel/\$releasever/\$basearch/
        https://mirrors.tuna.tsinghua.edu.cn/epel/\$releasever/\$basearch/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/epel/RPM-GPG-KEY-EPEL-\$releasever
[extras]
name=extras
baseurl=https://mirrors.aliyun.com/centos/\$releasever/extras/\$basearch/
        https://mirrors.huaweicloud.com/centos/\$releasever/extras/\$basearch/
        https://mirrors.cloud.tencent.com/centos/\$releasever/extras/\$basearch/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/extras/\$basearch/
        http://mirrors.163.com/centos/\$releasever/extras/\$basearch/
        http://mirrors.sohu.com/centos/\$releasever/extras/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
[updates]
name=updates
baseurl=https://mirrors.aliyun.com/centos/\$releasever/updates/\$basearch/
        https://mirrors.huaweicloud.com/centos/\$releasever/updates/\$basearch/
        https://mirrors.cloud.tencent.com/centos/\$releasever/updates/\$basearch/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/updates/\$basearch/
        http://mirrors.163.com/centos/\$releasever/updates/\$basearch/
        http://mirrors.sohu.com/centos/\$releasever/updates/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
[centosplus]
name=centosplus
baseurl=https://mirrors.aliyun.com/centos/\$releasever/centosplus/\$basearch/
        https://mirrors.huaweicloud.com/centos/\$releasever/centosplus/\$basearch/
        https://mirrors.cloud.tencent.com/centos/\$releasever/centosplus/\$basearch/
        https://mirrors.tuna.tsinghua.edu.cn/centos/\$releasever/centosplus/\$basearch/
        http://mirrors.163.com/centos/\$releasever/centosplus/\$basearch/
        http://mirrors.sohu.com/centos/\$releasever/centosplus/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
EOF
yum clean all
yum repolist

 Ubuntu18.04

#!/bin/bash
mv /etc/apt/sources.list /etc/apt/sources.list.bak
cat > /etc/apt/sources.list <<EOF
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
EOF
apt update

 Ubuntu20.04

#!/bin/bash
mv /etc/apt/sources.list /etc/apt/sources.list.bak
cat > /etc/apt/sources.list <<EOF
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
EOF
apt update

 其他参考阿里巴巴开源镜像站-OPSX镜像站-阿里云开发者社区

7.Minimal安装建议安装软件包

Centos系统

yum -y install gcc make autoconf gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel zlib-devel vim lrzsz tree tmux lsof tcpdump wget net-tools iotop bc bzip2 zip unzip nfs-utils man-pages bash-completion chrony &> /dev/null

 Ubuntu系统

apt -y install iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev gcc openssh-server iotop unzip zip bash-completion chrony

8.配置NTP时间同步

Centos系统

# 移除或注释原有的 server 配置
sed -i '/^server /d' /etc/chrony.conf
sed -i 's/^pool /#pool /' /etc/chrony.conf

# 添加阿里云时间服务器
sed -i '3i server ntp.aliyun.com iburst' /etc/chrony.conf

# 重启并设置开机自启
systemctl restart chronyd
systemctl enable chronyd

# 验证时间同步
chronyc sources -v

 Ubuntu系统

# 移除或注释原有的 server 配置
sed -i '/^server /d' /etc/chrony/chrony.conf
sed -i 's/^pool /#pool /' /etc/chrony/chrony.conf

# 添加阿里云时间服务器
sed -i '3i server ntp.aliyun.com iburst' /etc/chrony/chrony.conf

# 重启并设置开机自启
systemctl restart chrony
systemctl enable chrony

# 验证时间同步
chronyc sources -v
# 使用国内NTP服务器源
server ntp.aliyun.com iburst
server ntp.tencent.com iburst
server ntp.ntsc.ac.cn iburst

# 局域网内的NTP服务器需要增加如下配置

# 允许内网客户端同步时间(如果不使用allow指令明确指定允许访问的网段,默认行为是拒绝所有外部客户端同步请求)
allow 192.168.0.0/16

# 允许本地时钟作为后备
local stratum 10

9.优化SSH

sed -i.bak -e 's/#UseDNS no/UseDNS no/' -e 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config

10.优化资源限制

cat >> /etc/security/limits.conf <<-EOF
root     soft   core     unlimited
root     hard   core     unlimited
root     soft   nproc    1000000
root     hard   nproc    1000000
root     soft   nofile   1000000
root     hard   nofile   1000000
root     soft   memlock  32000
root     hard   memlock  32000
root     soft   msgqueue 8192000
root     hard   msgqueue 8192000
EOF

11.优化内核

cat > /etc/sysctl.conf <<-EOF
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# # Controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# # Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096        87380   4194304
net.ipv4.tcp_wmem = 4096        16384   4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1

# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920


# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15

# tcp conn reuse
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_timestamps = 0

net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1

# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001    65000

# swap
vm.overcommit_memory = 0
vm.swappiness = 10

#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2
EOF

sysctl -p &> /dev/null

12.配置邮件

# Centos安装邮箱
yum install  s-nail -y

# Ubuntu安装邮箱
sudo apt install s-nail -y

cat > /etc/s-nail.rc <<-EOF
set v15-compat            #启用 v15-compat 兼容性选项
set from="1726340645@qq.com"        #发件人信息
set mta=smtps://1726340645:onrjmfvxckikfcja@smtp.qq.com:465
set smtp-auth=login
EOF

# 发送邮件
echo "测试内容" | s-nail -s "测试主题" recipient@example.com
s-nail -s "邮件主题" xx@163.com < /etc/passwd    #xx@163.com为收件人信息

13.总结

以上为个人经验,希望能给大家一个参考,也希望大家多多支持脚本之家。

您可能感兴趣的文章:

相关文章

  • Ubuntu部署python3.5的开发和运行环境

    Ubuntu部署python3.5的开发和运行环境

    这篇文章主要介绍了Ubuntu部署python3.5的开发和运行环境,具有一定的参考价值,感兴趣的小伙伴们可以参考一下。
    2017-01-01
  • Linux echo文本处理命令的使用及示例

    Linux echo文本处理命令的使用及示例

    这篇文章主要介绍了Linux echo文本处理命令的使用及示例,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧
    2020-03-03
  • Linux磁盘分区、格式化和挂载方式

    Linux磁盘分区、格式化和挂载方式

    本文详细介绍了Linux系统中磁盘分区、格式化和挂载的基本操作步骤和命令,包括MBR和GPT分区表的区别、fdisk和gdisk命令的使用、常见的文件系统格式以及/etc/fstab文件的配置
    2025-01-01
  • Linux服务器实现新建子账户

    Linux服务器实现新建子账户

    在Linux服务器中创建子账户的步骤包括:打开终端,使用root用户或sudo权限登录,使用`adduser`命令创建新用户并设置密码,选择是否将新用户添加到sudo组,以及如何以新用户身份登录和退出
    2026-01-01
  • VIM实现文件快速跳转插件详解

    VIM实现文件快速跳转插件详解

    这篇文章主要给大家介绍了关于VIM实现文件快速跳转插件的相关资料,文中通过示例代码介绍的非常详细,对大家学习或者使用vim具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧。
    2018-04-04
  • 基于linux程序中段总结详解

    基于linux程序中段总结详解

    本篇文章是对linux程序中段的学习进行了详细的总结与分析,需要的朋友参考下
    2013-05-05
  • 电脑意外关机后VMware中linux不能联网问题的解决方法

    电脑意外关机后VMware中linux不能联网问题的解决方法

    这篇文章主要为大家解决电脑意外关机后,再次开机启动VMware时发现linux不能联网的问题,具有一定的参考价值,感兴趣的小伙伴们可以参考一下
    2019-03-03
  • Linux进程间通信之管道如何实现进程池

    Linux进程间通信之管道如何实现进程池

    这篇文章主要介绍了Linux进程间通信之管道如何实现进程池问题,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教
    2025-03-03
  • Linux文件服务器实战详解(虚拟用户)

    Linux文件服务器实战详解(虚拟用户)

    这篇文章主要介绍了Linux文件服务器实战详解(虚拟用户) ,需要的朋友可以参考下
    2018-06-06
  • Apache安装配置避坑指南

    Apache安装配置避坑指南

    这篇文章主要介绍了Apache安装配置避坑,很多小伙伴会遇到两个问题,一个是80端口被占用另一个是监听端口443端口被占用,本文给大家分享解决方法,需要的朋友可以参考下
    2022-09-09

最新评论