Simple configuration and Optimization after CentOS6.3 system installation
CentOS6.3 system installed with minimal package, used as a local Web server, now records the entire process of configuring Netease 163 yum Source
1. Download the repo File
: Http://mirrors.163.com/.help/CentOS6-Base-163.repo
2. Back up and replace the system's repo File
[Root @ localhost ~] # Cd/etc/yum. repos. d/
[Root @ localhost ~] # Mv CentOS-Base.repo CentOS-Base.repo.bak
[Root @ localhost ~] # Mv/root/CentOS6-Base-163.repo CentOS-Base.repo
Note: If you download it directly in the/etc/yum. repos. d/directory, do not make the. repo file more than one, such as: CentOS6-Base-163.repo, CentOS-Base.repo errors
3. Execute the yum source update
[Root @ localhost ~] # Yum clean all
[Root @ localhost ~] # Yum makecache
Optimization System
1. Update the system to the latest version.
[Root@web01yum.repos.d] # yum update
Ii. install necessary software packages
[Root @ web01 ~] # Yuminstall lrzsz sysstat-y
In addition, if the required software package is left behind during installation, you can run the following command to install the package.
[Root @ web01 ~] # Yumgroupinstall "Development Tools"
[Root @ web01 ~] # Yumgroupinstall "X software development"
3. Clear self-starting services
Disable all auto-start services:
[Root @ web01 ~] # For test in 'chkconfig -- list | grep 3: on | awk '{print $1} ''; do chkconfig -- level 3 $ testoff; done
Enable the auto-start service of crond, network, rsyslog, and sshd
[Root @ web01 ~] # For test in crond network rsyslog sshd; do chkconfig -- level 3 $ test on; done
View the processing result:
[Root @ web01 ~] # Chkconfig -- list | grep 3: on
Crond 0: off 1: off2: on 3: on 4: on5: on 6: off
Network 0: off1: off 2: on 3: on4: on 5: on 6: off
Rsyslog 0: off1: off 2: on 3: on4: on 5: on 6: off
Sshd 0: off 1: off2: on 3: on 4: on5: on 6: off
4. Modify ssh login configuration
[Root @ web01 ~] # Cp/etc/ssh/sshd_config/etc/ssh/sshd_config.back # backup configuration file
[Root @ web01 ~] # Vim/etc/ssh/sshd_config
########### By test ###########################
Port 11111
PermitRootLogin no # remote login prohibited by the root user
PermitEmptyPasswords no # login prohibited if the password is blank
UseDNS no # Do not use DNS
######################################## ######
[Root @ web01 ~] #/Etc/init. d/sshd restart # takes effect after restart
5. Add the username that requires the root permission to sudo, so that the user can log on to the system with the root permission.
[Root @ web01 ~] # Mongodo # It is equivalent to directly editing/etc/sudoer. it is safer to use commands. We recommend that you
Add the user name that requires the root permission under the following content in the middle of the file. The format is as follows:
# Allow root to run any commands anywhere
RootALL = (ALL) ALL
TestALL = (ALL) ALL # indicates that test has full system administrator privileges.
Common User Environment Variable Problems and Solutions
Compare the default PATH environment variables under root and test Users
[Root @ web01 ~] # Echo $ PATH
/Usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[Test @ web01 ~] $ Echo $ PATH
/Usr/local/bin:/usr/local/sbin:/usr/sbin:/home/test/bin
After comparison, we found that the common user has several key environment variables/usr/local/sbin:/usr/sbin: is the cause of command execution failure (unless it is executed in full path)
Solution:
Edit ~ /. Bash_profile environment variable file, add:/usr/local/sbin:/usr/sbin: to the path environment variable. Note: Each PATH must be separated by a colon.
[Test @ web01 ~] $ Vim./. bash_profile
[Test @ web01 ~] $ Source./. bash_profile # Make the added content take effect
[Test @ web01 ~] $ Echo $ PATH
/Usr/local/bin:/usr/local/sbin:/usr/sbin:/home/test/bin: /home/test/bin:/usr/local/sbin:/usr/sbin
6. Modify Chinese display
Add the following command to/etc/sysconfig/i18n using quick commands:
[Root @ web01 ~] # Echo 'lang = "zh_CN.GB18030" '>/etc/sysconfig/i18n
[Root @ web01 ~] # Source/etc/sysconfig/i18n # Make the modification take effect
7. Increase the server file descriptor
[Root @ web01 ~] # Vim/etc/security/limits. conf (1024 by default)
*-Nofile 65535
Note: After the configuration is complete, you can view it after logging on again.
[Root @ web01 ~] # Ulimit-n
65535
8. Adjust the Kernel Parameter file/etc/sysctl. conf
Net. ipv4.tcp _ fin_timeout = 2
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ syscookies = 1
Net. ipv4.tcp _ keepalive_time = 600
Net. ipv4.ip _ local_port_range = 4000
Net. ipv4.tcp _ max_syn_backlog = 16384
Net, ipv4.tcp _ max_tw_buckets = 360000
Net. Route 4.route. gc_timeout = 100
Net. ipv4.tcp _ syn_retries = 1
Net. ipv4.tcp _ synack_retries = 1
Net. ipv4.ip _ conntrack_max = 25000000
Net. ipv4.netfilter. ip_conntrack_max = 25000000
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_established = 180
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_time_wait = 120
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_close_wait = 60
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_fin_wait = 120