centos7.9一键升级内核并优化，开荒新机专用

本文链接：https://blog.youkuaiyun.com/zwnlove/article/details/142849896

#!/bin/bash

# 下载并替换默认的CentOS-Base.repo文件
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

# 添加ELRepo仓库
cat <<EOF > /etc/yum.repos.d/elrepo.repo
[elrepo]
name=ELRepo.org Community Enterprise Linux Repository - el7
baseurl=https://mirrors.aliyun.com/elrepo/archive/kernel/el7/x86_64/
gpgcheck=0
enabled=1
EOF

# 清理yum缓存并重建
yum clean all && yum makecache

# 更新所有软件包
yum update -y

# 清理yum缓存并重建
yum clean all && yum makecache

# 列出所有可用的内核版本（包括重复的）
yum list --showduplicate kernel*

# 安装长期支持版的内核和开发工具
yum install -y kernel-lt kernel-lt-devel

# 打印GRUB菜单中的内核条目
cat /etc/grub2.cfg | grep 'menuentry' | awk -F "'" '$1=="menuentry " {print i++ " : " $2}'

# 设置默认启动项为第一个（即最新的内核）
grub2-set-default 0

# 更新GRUB配置
grub2-mkconfig -o /boot/grub2/grub.cfg

# 定义需要检查的包名模式
packages="kernel kernel-devel kernel-headers kernel-tools kernel-tools-libs abrt-addon-kerneloops"
 
# 遍历每个包名模式并查找不包含278的版本
for pkg in $packages; do
  # 获取已安装的包列表（只取版本号）
  installed=$(rpm -q --queryformat '%{VERSION}-%{RELEASE}\n' $pkg 2>/dev/null)
  
  # 如果没有找到任何包，则跳过
  if [ -z "$installed" ]; then
    continue
  fi
  
  # 对于每个已安装的版本，如果版本号不包含278，则标记为待删除
  for version in $installed; do
    if [[ "$version" != *278* ]]; then
      echo "计划移除: $pkg-$version"
      yum remove -y $pkg-$version
    fi
  done
done

# 关闭SELinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0

# 停止并禁用firewalld
systemctl stop firewalld
systemctl disable firewalld

# 修改文件句柄数
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf

# 优化系统内核参数
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.ip_forward=0
sysctl -w net.ipv4.conf.all.accept_redirects=0
sysctl -w net.ipv4.conf.all.send_redirects=0
sysctl -w net.ipv4.conf.default.rp_filter=1
sysctl -w net.ipv4.conf.default.accept_source_route=0
sysctl -w kernel.sysrq=0
sysctl -w vm.swappiness=10
sysctl -w vm.dirty_ratio=5
sysctl -w vm.dirty_background_ratio=5

# 将这些设置永久化
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward = 0" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
echo "net.ipv4.conf.default.rp_filter = 1" >> /etc/sysctl.conf
echo "net.ipv4.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
echo "kernel.sysrq = 0" >> /etc/sysctl.conf
echo "vm.swappiness = 10" >> /etc/sysctl.conf
echo "vm.dirty_ratio = 5" >> /etc/sysctl.conf
echo "vm.dirty_background_ratio = 5" >> /etc/sysctl.conf

# 加快SSH登录速度
echo "UseDNS no" >> /etc/ssh/sshd_config
echo "GSSAPIAuthentication no" >> /etc/ssh/sshd_config

# 重启sshd服务使更改生效
systemctl restart sshd

# 设置时间同步
yum install -y ntp
systemctl enable ntpd
systemctl start ntpd

# 关闭NetworkManager
systemctl stop NetworkManager
systemctl disable NetworkManager

# 提示用户重启
echo "为了使所有更改生效，请输入 'reboot' 来重启系统。"

关闭selinux 关闭firewalld 修改文件句柄数ulimit 优化系统内核加快ssh登录速度设置时间同步关闭NetworkManager