# 更新系统
sudo yum update -y
# 安装常用工具
sudo yum install -y epel-release
sudo yum install -y vim wget curl net-tools lsof telnet htop iftop iotop unzip git
# 启动防火墙
sudo systemctl start firewalld
sudo systemctl enable firewalld
# 查看防火墙状态
sudo firewall-cmd --state
# 开放常用端口(根据需求调整)
sudo firewall-cmd --permanent --add-port=22/tcp # SSH
sudo firewall-cmd --permanent --add-port=80/tcp # HTTP
sudo firewall-cmd --permanent --add-port=443/tcp # HTTPS
sudo firewall-cmd --reload
# 查看SELinux状态
sestatus
# 临时关闭
sudo setenforce 0
# 永久关闭(编辑/etc/selinux/config,将SELINUX=enforcing改为SELINUX=disabled)
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
# 备份原始SSH配置
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
# 修改SSH配置
sudo vim /etc/ssh/sshd_config
# 推荐修改项:
# Port 2222 # 修改默认SSH端口
# PermitRootLogin no # 禁止root直接登录
# PasswordAuthentication no # 禁用密码登录,仅允许密钥登录
# MaxAuthTries 3 # 最大尝试次数
# ClientAliveInterval 300 # 客户端活动检查间隔
# ClientAliveCountMax 3 # 客户端活动检查次数
# 重启SSH服务
sudo systemctl restart sshd
# 创建新用户
sudo adduser yourusername
sudo passwd yourusername
# 将用户加入sudoers
sudo usermod -aG wheel yourusername
# 设置用户SSH密钥(先在本地生成密钥对)
mkdir -p ~/.ssh
chmod 700 ~/.ssh
vim ~/.ssh/authorized_keys # 粘贴公钥内容
chmod 600 ~/.ssh/authorized_keys
# 设置时区
sudo timedatectl set-timezone Asia/Shanghai
# 安装并配置NTP
sudo yum install -y ntp
sudo systemctl start ntpd
sudo systemctl enable ntpd
# 检查时间同步状态
ntpq -p
# 编辑limits.conf
sudo vim /etc/security/limits.conf
# 添加以下内容:
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
# 编辑sysctl.conf
sudo vim /etc/sysctl.conf
# 添加或修改以下参数:
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.core.somaxconn = 32768
vm.swappiness = 10
# 使配置生效
sudo sysctl -p
# 安装logrotate
sudo yum install -y logrotate
# 配置日志轮转(示例)
sudo vim /etc/logrotate.d/yourapp
# 示例内容:
/var/log/yourapp/*.log {
daily
missingok
rotate 30
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/yourapp.pid 2>/dev/null` 2>/dev/null || true
endscript
}
sudo yum install -y sysstat
# 启用sysstat
sudo systemctl start sysstat
sudo systemctl enable sysstat
# 安装自动更新工具
sudo yum install -y yum-cron
# 配置自动更新
sudo vim /etc/yum/yum-cron.conf
# 修改以下参数:
update_cmd = security
apply_updates = yes
# 启动服务
sudo systemctl start yum-cron
sudo systemctl enable yum-cron
# 创建备份目录
sudo mkdir /backup
sudo chmod 700 /backup
# 示例备份脚本
sudo vim /usr/local/bin/backup.sh
# 内容示例:
#!/bin/bash
DATE=$(date +%Y%m%d)
BACKUP_DIR="/backup/$DATE"
mkdir -p $BACKUP_DIR
# 备份重要配置文件
tar -czf $BACKUP_DIR/etc.tar.gz /etc
tar -czf $BACKUP_DIR/root.tar.gz /root
mysqldump -u root -p yourdatabase > $BACKUP_DIR/db_backup.sql
# 设置可执行权限
sudo chmod +x /usr/local/bin/backup.sh
# 添加到crontab
(crontab -l ; echo "0 3 * * * /usr/local/bin/backup.sh") | crontab -
# 卸载旧版本
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
# 安装依赖
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# 添加Docker仓库
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 安装Docker
sudo yum install -y docker-ce docker-ce-cli containerd.io
# 启动Docker
sudo systemctl start docker
sudo systemctl enable docker
# 测试Docker
sudo docker run hello-world
# 添加Nginx官方仓库
sudo vim /etc/yum.repos.d/nginx.repo
# 添加以下内容:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
# 安装Nginx
sudo yum install -y nginx
# 启动Nginx
sudo systemctl start nginx
sudo systemctl enable nginx
# 检查系统状态
uptime
free -m
df -h
# 检查服务状态
sudo systemctl list-units --type=service --state=running
# 检查开放端口
sudo netstat -tulnp
sudo firewall-cmd --list-all
以上是CentOS 7服务器初始化的基本设置步骤,根据实际需求可以调整或添加更多配置。