CentOS系统环境精简优化详解

第一步、删除不必要的自带软件包

yum remove Deployment_Guide-en-US finger cups-libs cups ypbind

yum remove bluez-libs desktop-file-utils ppp rp-pppoe wireless-tools irda-utils

yum remove sendmail* samba* talk-server finger-server bind* xinetd

yum remove nfs-utils nfs-utils-lib rdate fetchmail eject ksh mkbootdisk mtools

yum remove syslinux tcsh startup-notification talk apmd rmt dump setserial portmap yp-tools

yum groupremove "Mail Server" "Games and Entertainment" "X Window System" "X Software Development"

yum groupremove "Development Libraries" "Dialup Networking Support"

yum groupremove "Games and Entertainment" "Sound and Video" "Graphics" "Editors"

yum groupremove "Text-based Internet" "GNOME Desktop Environment" "GNOME Software Development"

第二步、升级centos系统

yum update #更新系统

yum clean all #清理全部缓存文件

第三步、禁用seLinux

sestatus #先执行看seLinux状态，如果不是disabled，就需要执行下面步骤，否则不要执行

vi /etc/selinux/config

SELINUX=disabled #禁用SeLinux

SELINUX=enforcing #使用SeLinux

第四步、禁止IPV6（执行后需要reboot重启）

vi /etc/modprobe.conf #打开文件，把下面两行加到最后

alias net-pf-10 off

alias ipv6 off

第五步、初始化防火墙

touch /etc/sysconfig/iptables

iptables -F

iptables -X

iptables -Z

service iptables save

service iptables restart

第六步、禁止无用服务

#! /bin/bash

service acpid off

service atd stop

service auditd stop

service avahi-daemon stop

service avahi-dnsconfd stop

service bluetooth stop

service conman stop

service cpuspeed stop

service cups stop

service dnsmasq stop

service dund stop

service firstboot stop

service hidd stop

service httpd stop

service ibmasm stop

service ip6tables stop

service irda stop

service kdump stop

service lm_sensors stop

service mcstrans stop

service messagebus stop

service microcode_ctl stop

service netconsole stop

service netfs stop

service netplugd stop

service nfs stop

service nfslock stop

service nscd stop

service ntpd stop

service oddjobd stop

service pand stop

service pcscd stop

service portmap stop

service psacct stop

service rdisc stop

service restorecond stop

service rpcgssd stop

service rpcidmapd stop

service rpcsvcgssd stop

service saslauthd stop

service sendmail stop

service setroubleshoot stop

service smb stop

service vncserver stop