1Linux系统安装  

软件包安装

   Development Libraries
   Development Tools
   Editors
   Base
   System Tools

2Linux系统环境优化

2.1、优化Linux系统文件描述符

# vi /etc/security/limits.conf
*  soft  nofile  65535
*  hard  nofile  65535 

2.2、让系统启动环境添加文件描述符

# vi /etc/rc.local
      ulimit -HSn 65536 

2.3、优化Linux内核参数

                #  vi /etc/sysctl.conf
                     net.ipv4.ip_local_port_range = 1024 65536
      net.core.rmem_max=16777216
      net.core.wmem_max=16777216
      net.ipv4.tcp_rmem=4096 87380 16777216
      net.ipv4.tcp_wmem=4096 65536 16777216
      net.ipv4.tcp_fin_timeout = 3
      net.core.netdev_max_backlog = 30000
      net.ipv4.tcp_no_metrics_save=1
      net.core.somaxconn = 262144
      net.ipv4.tcp_syncookies = 1
      net.ipv4.tcp_max_orphans = 262144
      net.ipv4.tcp_max_syn_backlog = 262144
      net.ipv4.tcp_synack_retries = 2
      net.ipv4.tcp_syn_retries = 2
      net.ipv4.tcp_tw_reuse = 1
      net.ipv4.tcp_tw_recycle = 1

         以上参数,主要优化Linux系统网络参数,优化TCP连接

         详细参数请见http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/

2.4、防止密码被修改 

         # chattr +i /etc/passwd

         # chattr +i /etc/shadow

        注:如要修改密码,先执行

            chattr -i /etc/passwd

            chattr -i /etc/shadow 

2.5、记录用户登录和历史记录 

    # vi /etc/profile

    在文件尾加入以下内容

        HISTSIZE=5000
        export HISTTIMEFORMAT="%F %T "

        user=`whoami`
        ip=`who -u am i | awk '{print $NF}' | sed 's/[()]//g'`
        dt=`who -u am i | awk '{print $3" "$4}'`
        date=`date "+%Y-%m-%d"`
        user_date=/tmp/history/$user/$date
        history_file=$user_date/$user\_history_$date.txt
        login_file=$user_date/$user\_login_$date.txt

        if [ ! -d $user_date ]
        then
                mkdir -p $user_date
        fi

        printf "$user\t$dt\t$ip\n" >> $login_file
        chmod 600 $login_file
        touch $history_file
        export HISTFILE="$history_file"
        chmod 600 $history_file

结果如下所示:

/tmp/history/                                                       #历史记录目录
|-- root                                                               #用户名
|   `-- 2012-11-20                                                #日期
|       |-- root_history_2012-11-20.txt                     #历史操作记录
|       `-- root_login_2012-11-20.txt                       #用户登录信息(用户名,时间,登录IP)

3Web环境优化
3.1Nginx参数优化

      # vi /opt/nginx/conf/nginx.conf
  worker_rlimit_nofile 51200;
  events {
                   use epoll;
                 worker_connections  51200;
  }

       备注:使用Linux系统epoll网络模型,减少系统资源占用,增加IO并发量

增加进程描述符和连接数

3.2Php参数优化

                   # vi /opt/php/etc/php-fpm.conf
      <value name="max_children">128</value>
      <value name="rlimit_files">51200</value>

备注:增加php连接数和文件描述符

3.3Mysql参数优化

                   # vi /etc/my.cnf
                            skip-name-resolve
                            max_connections = 500
        table_open_cache = 2048
        sort_buffer_size = 8M
        join_buffer_size = 8M
        query_cache_size = 64M
        key_buffer_size = 32M
                   备注:增加mysql连接数,数据库表,排序,查询,索引缓存

4、配置yum更新源

    # mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
    # cd /etc/yum.repos.d
    # wget http://mirrors.163.com/.help/CentOS5-Base-163.repo
    # yum makecache

    详细见 http://mirrors.163.com/.help/centos.html