1. add a regular user, bysudoAuthorization Management
add a regular user, by sudo Authorization Management
2. add a regular user, bysudoAuthorization Management
Port 52113
Usedns No
Permitrootlogin No
Permitemptypasswords No
gssapiauthentication N o
3. NTPConfiguration(Time Synchronization)
/usr/sbin/ntpdate time.nist.gov
Echo ' */5 * * * * */usr/sbin/ntpdate time.nist.gov ' &>/dev/null
4. Character Set
[Email protected] ~]# cat/etc/sysconfig/i18n
Lang= "ZH_CN. UTF-8 "
[Email protected] ~]# ^c
[Email protected] ~]# echo $LANG
En
[Email protected] ~]#
5. enlarge file Descriptor
Adjust the number of file descriptors, and the process and file opening will consume the file descriptor
View Ulimi T –n
Temporary Increase Ulimi T -HSN 65535
Permanent Configuration /etc/security/limits.conf
echo "*-Nofile 65535" >>/etc/security/limits.conf
Log off and log back in
on request If a large number of concurrent recommendations are turned off, the front end uses a hardware firewall
6, firewall optimization (a large number of concurrent Web sites are not recommended to open the firewall, should use a hardware firewall)
Firewall optimization
Net.nf_conntrack_max = 25000000
Net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
Net.netfilter.nf_conntrack_tcp_timeout_colse_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
7. SELinux
Close vim/etc/selinux/config selinux=disabled
8. Kernel optimization
configuration file /etc/sysctl.conf
Refresh sysctl-p
Net.ipv4.tcp_fin_timeout = 2
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_keepalived_time = 600
Net.ipv4.ip_local_port_range = 4000 65000
Net.ipv4.tcp_max_syn_backlog = 16384
Net.ipv4.tcp_max_tw_buckets = 36000
Net.ipv4.route.gz_timeout = 100
Net.ipv4.tcp_syn_retries = 1
Net.core.somaxconn = 16384
Net.core.netdev_max_backlog = 16384
Net.ipv4.tcp_max_orphans = 16384
9, hide the system version also version number
vim/etc/issue Modify a file
>/etc/issue Clear
echo "" >/etc/redhat.release
Modify the warning message.
Vim/etc/motd
Lock File system security files
Chattr +i/etc/passwd/etc/shadow/etc/group/etc/gshadow/etc/inittab
lsattr/etc/passwd View file Properties
Modify chattr the name of the command
Mv/usr/bin/charttr/usr/bin/lock ( You can remember )
This article is from the "Fire Fist Ace" blog, please be sure to keep this source http://xinzong.blog.51cto.com/10018904/1693399
Linux system post-installation optimization