1. Without root login management system, and as a normal user login, through sudo authorization management.
2. Change the default remote connection SSH server port, prohibit the root user to connect remotely, even change the SSH service to listen only the intranet IP.
3. The time of the server is automatically updated periodically to synchronize with the connected time.
4. Configure the Yum update source to download the installation package from the domestic update source.
5. Turn off SELinux and iptables.
6. Adjust the number of file descriptors, and the number of file descriptors will be consumed by process and file opening.
7. Regularly automatically clean up the mail temporary directory junk files, to prevent the inodes of the disk is full of small files.
8. Streamline and retain the necessary boot-up services.
9.Linux kernel parameter optimization "/etc/sysctl.conf", the execution sysctl–p takes effect.
10. Change the system character set to "ZH_CN." UTF-8 "so that it supports Chinese and prevents garbled problems.
11. Lock critical system files, such as/etc/passwd,/etc/shadow,/etc/group, etc., with chattr and lsattr commands.
12. Clear/etc/issue,/etc/issue.net. Remove the screen display before the system and kernel version login.
13. Clear the redundant system virtual user account.
14. For the Grup boot menu password, if the remote restart or automatically start the operating system only to run here, you need to enter a password to continue to run, so it is not recommended to set a password here.
This article is from the "sky9890" blog, make sure to keep this source http://sky9896.blog.51cto.com/2330653/1878283
Linux basic optimization and security focus