centos8环境基本优化

centos8环境基本优化

1.防火墙优化

参考链接

https://www.cnblogs.com/zttong/p/17511695.html

systemctl stop firewalld && systemctl disable firewalld
cat /etc/selinux/config
setenforce 0 && sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config

2.源优化：

方案1.更换阿里源

cd /etc/yum.repos.d/
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
yum makecache
安装epel源
dnf install epel-release -y

方案2.使用centos8.5 源

[root@models yum.repos.d]# cat CentOS8-vault.repo 
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#
 
[base]
name=CentOS-8.5.2111 - Base - mirrors.aliyun.com
baseurl=http://mirrors.aliyun.com/centos-vault/8.5.2111/BaseOS/$basearch/os/
gpgcheck=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
 
#additional packages that may be useful
[extras]
name=CentOS-8.5.2111 - Extras - mirrors.aliyun.com
baseurl=http://mirrors.aliyun.com/centos-vault/8.5.2111/extras/$basearch/os/
gpgcheck=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
 
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-8.5.2111 - Plus - mirrors.aliyun.com
baseurl=http://mirrors.aliyun.com/centos-vault/8.5.2111/centosplus/$basearch/os/
gpgcheck=0
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
 
[PowerTools]
name=CentOS-8.5.2111 - PowerTools - mirrors.aliyun.com
baseurl=http://mirrors.aliyun.com/centos-vault/8.5.2111/PowerTools/$basearch/os/
gpgcheck=0
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official


[AppStream]
name=CentOS-8.5.2111 - AppStream - mirrors.aliyun.com
baseurl=http://mirrors.aliyun.com/centos-vault/8.5.2111/AppStream/$basearch/os/
gpgcheck=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official

安装epel源

dnf install epel-release -y

3.ssh连接慢解决

ll /etc/ssh/sshd_config 
vim     /etc/ssh/sshd_config
GSSAPIAuthentication no
UseDNS no

[root@oldboy-muban ~]# egrep '^GSSAPIA|^UseDNS'
/etc/ssh/sshd_config
GSSAPIAuthentication no
UseDNS no
systemctl restart sshd   未来连接速度就很快

4.关闭公网，只开放内网（可选）

[root@huge-muban ~]# systemctl disable NetworkManager

Removed symlink /etc/systemd/system/multi
user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus
org.freedesktop.nm-dispatcher.service.
Removed symlink /etc/systemd/system/network
online.target.wants/NetworkManager-wait-online.service.
[root@huge-muban ~]# systemctl stop NetworkManager

5.配置定时任务,时间同步

centos7 ntpd

crontab -e

# sync time by huge

*/2 * * * * /sbin/ntpdate   ntp1.aliyun.com &>/dev/null

centos8

[root@models yum.repos.d]# rpm -qa |grep chrony
chrony-3.5-1.el8.x86_64
dnf install chrony -y

6.PS1

PS1 控制命令行格式
man bash 搜索PS1
vim /etc/profile   最后一行写入
export PS1='[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\] \[\e[31;1m\]\w\[\e[0m\]]\\$ '

[root@huge-muban ~]# tail -1   /etc/profile
export PS1='[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\
[\e[0m\] \[\e[31;1m\]\w\[\e[0m\]]\\$ '
[root@huge-muban ~]# source /etc/profile

[故障集合]Linux必备故障及原因50个
https://www.jianshu.com/p/99ec5bb4183f

7.配置sudo

[root@huge-muban ~]$ grep wheel /etc/sudoers
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
# %wheel ALL=(ALL) NOPASSWD: ALL
[root@oldboy-muban ~]$ id huge
uid=1000(hueg) gid=1000(huge)
groups=1000(huge),10(wheel)
想要配置可以这么操作
huge  ALL=(ALL) NOPASSWD: ALL