Linux study Notes-Server Optimization

Linux server optimization Preface: server operation suggestion 1. strict & amp; 26684; operate servers according to directory specifications 2. remote Linux server optimization preface:

Server operation suggestions

1. operate servers in strict accordance with directory specifications

2. remote servers cannot be shut down

3. do not run high-load commands during server access peaks

4. do not force yourself out of the server when configuring the firewall remotely.

1. disable unnecessary services

Ntsysv command: if the number * is earlier, it indicates that the system will start automatically at next boot!

Basic services to be enabled:

Network service

Sshd ssh remote management service

Syslog System Log service

Iptables firewall service

Crond system scheduled task service

Xinetd system super daemon service

2. disable the redundant console and disable ctrl + alt + del

1. modify the/etc/inittab file

Comment out the redundant console and retain 2.

For example: #3: 2345: respawn:/sbin/mingettytty3

2. disable the ctrl + alt + del shortcut key [hot start shortcut key]

Example: # ca: ctrlaltdel:/sbin/shutdown-t3-r now

III. network optimization

1. ping prohibited

Echo1>/proc/sys/net/ipv4/icmp_echo_ignore_all

# The original value is 0.

2. prohibit source route packages (prevent Source spoofing)

Echo1>/proc/sys/net/ipv4/conf/*/accept_source_route

3. enable the SYNcookie option to disable SYN attacks.

Echo1>/proc/sys/net/ipv4/tcp_syncookies

[Note] because the data is stored in the/proc directory, the data will be restored once the server is restarted! Therefore, you should write these commands to the self-starting directory!

4. strict security policies

1. reasonable password and regular change

Password three principles: complexity, easy to remember, timeliness

2. assign permissions reasonably

3. Use ssh for remote management. do not use telnet because telnet is transmitted in plaintext!

4. ensure the security of/etc/shadow. The shadow file saves the real password in Linux!

5. regularly back up important data and logs

5. regular Linux upgrade

Yum-y update # automatic online upgrade

Appendix: John brute force cracking tool

1. Download

1) http://www.openwall.com/john/

2) Download the dictionary

2. Installation

1) install gccyum-y install gcc

2) decompress tar-zxvf john-1.7.9.tar.gz

3) decompress the cd directory/src/

4) make

Make clean linux-x86-mmx

3. use

Cp/etc/shadow/root

Chmod 777/root/shadow

John directory/run/john/root/shadow

# If you want to use a dictionary, add the-w option before the file to be cracked

4. View

Run/john -- show/etc/shadow

Cat run/john. pot