Linux服務器內核參數優化
Linux內核參數調優主要是通過修改/proc偽文件系統和/etc/sysctl.conf配置文件的參數來實現的。
/proc目錄結構如下:
/proc/driver 與驅動器相關的信息
/proc/fs 文件系統參數
/proc/net 網絡信息
/proc/pid 每個進程的信息
/proc/sys 內核參數
/proc/scsi 與scsi相關的信息
/proc/sys/kernel 通用內核參數
/proc/sys/vm 內存管理參數
/proc/sys/dev 與設備相關的信息
/proc/sys/net 網絡信息
vim /etc/sysctl.conf
net.ipv4.tcp_syncookies = 1 #開啟SYN Cookies。可以防範少量的SYN攻擊。
net.ipv4.ip_local_port_range = 10000 65535 #設置向外連接的端口範圍
net.ipv4.route.gc_timeout = 100 #路由緩存刷新頻率
net.core.netdev_max_backlog = 16384 #允許排隊更多的報文
net.core.somaxconn = 16384 #指定更大的accept隊列backlog
net.ipv4.tcp_max_syn_backlog = 16384 #增加SYN隊列長度
net.ipv4.tcp_synack_retries = 1 #重新發送響應的次數
net.ipv4.tcp_retries2 = 5 #向遠程主機重新發送數據的次數
net.ipv4.tcp_keepalive_time = 1200 #內核向遠程主機發送Keepalive消息的頻度
net.ipv4.tcp_keepalive_intvl = 30 #內核向遠程主機發送探測消息的間隔
系統優化腳本:
#!/bin/bash
yum -y groupinstall "Development tools"
cd /usr/local/src
wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/selinux/config
sed -i ‘s/start on control-alt-delete/#start on control-alt-delete/‘ /etc/init/control-alt-delete.conf
sed -i [email protected] /sbin/shutdown -r now "Control-Alt-Delete pressed"@#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"@‘ /etc/init/control-alt-delete.conf
service iptables stop
chkconfig iptables off
ulimit -SHn 65534
echo "ulimit -SHn 65534" >> /etc/rc.local
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.ip_local_port_range = 10000 65535
net.ipv4.route.gc_timeout = 100
net.core.netdev_max_backlog = 16384
net.core.somaxconn = 16384
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_keepalive_intvl = 30
EOF
/sbin/sysctl -p
for i in `chkconfig | grep 3:on | awk ‘{print $1}‘`
do
chkconfig --level 3 $i off
done
for service in crond rsyslog sshd network
do
chkconfig --level 3 $service on
done
reboot
本文出自 “一萬年太久,只爭朝夕” 博客,請務必保留此出處http://zengwj1949.blog.51cto.com/10747365/1928018
Linux服務器內核參數優化