Simple optimization of Linux systems

Simple optimization, probably from the following aspects to optimize

Optimization of 1.SSH Services

2.selinux/iptables

3. Character Set adjustment

4. Boot-up service optimization

5. Time optimization (Scheduled Tasks)

Optimization of SSH Service

A, modify the default port

Modify the method.

Vim/etc/ssh/sshd_config (modify config file)

650) this.width=650; "title=" 1.png "alt=" wkiol1khbkdqux6zaadhirhytve673.png-wh_50 "src=" https://s2.51cto.com/ Wyfs02/m00/93/03/wkiol1khbkdqux6zaadhirhytve673.png-wh_500x0-wm_3-wmp_4-s_2378765177.png "/>

Modify the 13 lines of the configuration file by the default of 22 others. Take care to remove the comment after you change it.

B, prohibit the root user remote login

650) this.width=650; "title=" 2.png "alt=" Wkiom1khbhwhay_xaacikmcpa4o008.png "src=" https://s1.51cto.com/wyfs02/M02/ 93/05/wkiom1khbhwhay_xaacikmcpa4o008.png "/>

Modify the configuration file 42 lines change Yes to No

C, prohibit no password login

650) this.width=650; "title=" 3.png "alt=" Wkiom1khbr7hmsg6aadrxegk2fw780.png "src=" https://s2.51cto.com/wyfs02/M00/ 93/05/wkiom1khbr7hmsg6aadrxegk2fw780.png "/>

Do not use the password when you log in via SSH. Of course password So yes the default is Yes

D, prohibit DNS parsing

650) this.width=650; "title=" 4.png "alt=" Wkiom1khb_oii5z4aacjnwn2qxy917.png "src=" https://s3.51cto.com/wyfs02/M02/ 93/05/wkiom1khb_oii5z4aacjnwn2qxy917.png "/>

Turn the DNS off, you can speed up the link.

SELinux

SELinux is an enforced access control (MAC) security system based on the domain-type model (DOMAIN-TYPE), which is written by the NSA and designed into kernel modules, and some of the corresponding security-related applications have been patched by SELinux, and finally there is a corresponding security policy.

As we all know, the standard UNIX security model is an "arbitrary access control" DAC. This means that any program has full control over its resources. If a program intends to throw a file containing potentially important information into the/tmp directory, no one can stop him in the case of a DAC!

The security policy in the case of Mac completely controls access to all resources. This is the difference between Mac and DAC nature.

SELinux provides better access control than traditional UNIX permissions.

1. The following describes shutting down and opening SELinux

[Email protected] ~]# Getenforce
Enforcing
[Email protected] ~]#

command-line mode to view SELinux status through Getrnforce

[Email protected] ~]# Setenforce
Usage:setenforce [Enforcing | Permissive | 1 | 0]
[Email protected] ~]# Setenforce 1
[Email protected] ~]# Getenforce
Enforcing
[Email protected] ~]# Setenforce 0
[Email protected] ~]# Getenforce
Permissive
[Email protected] ~]#

SELinux 0 can be temporarily modified by Setenforce to warn but does not block 1 execution

To permanently modify the status of SELinux, the configuration file will be modified.

Vim/etc/selinux/config

650) this.width=650; "title=" 5.png "alt=" Wkiom1khcoka9-tfaab8vdqppwu448.png "src=" https://s4.51cto.com/wyfs02/M00/ 93/05/wkiom1khcoka9-tfaab8vdqppwu448.png "/>

SELinux configuration file

Modify line sixth to change to

Selinux=disabled

This means that you can turn selinux off, of course, you could change it to warning and execution.

Modify the configuration file to take effect then reboot. So temporary modification plus configuration file modification equals permanent modification

Note that if you configure the file to prohibit Selinu then the command line Setenforce will not change. The Setenforce can only be modified without a prohibition.

650) this.width=650; "title=" 7.png "alt=" Wkiol1khdpawsoiraaa42nmkkxo714.png "src=" https://s2.51cto.com/wyfs02/M00/ 93/04/wkiol1khdpawsoiraaa42nmkkxo714.png "/>

Iptables (firewall)

View/etc/init.d/iptables Status

Close/etc/init.d/iptables Stop

Restart/etc/init.d/iptables restart

Open/etc/init.d/iptables Start

Specific to the situation to determine

Adjustment of the character set

[Email protected] ~]# echo $LANG
en_US. UTF-8
[Email protected] ~]#

Use the system default en_US. UTF-8 can be used in other if garbled and changed to en_US. UTF-8 just fine.

The zh_cn.gb2312 of Chinese is changed into some English in this system.

Temporary modification directly

[Email protected] ~]# export LANG=AAA
[Email protected] ~]# echo $LANG
Aaa
[Email protected] ~]# echo $LANG

Optimization of start-up service

Streamlined boot system startup

Linux while the server is running, many useless software services are running by default, which consumes system resources, poses security risks, and therefore shuts down these services. The important boot services are as follows:

Sshd

Remote Connection Linux The server requires this service program. Otherwise, Linux cannot be connected ;

Rsyslog

is a mechanism provided by the operating system, the system daemon usually uses Rsyslog writes various information to the system log file. This service is called syslogin CentOS;

Network

when the system starts, if you want to activate / shut down each network interface, you must start the service;

Crond

The service is used for periodic execution of the system and User configuration of the scheduled tasks;

Sysstat

The service includes a set of tools for monitoring system performance and efficiency. These tools are useful for collecting system performance data, Core toolkit:

The first method of modifying methods

By modifying the setup

command Line Input Setup

650) this.width=650; "title=" 8.png "alt=" Wkiom1khenwrhus7aaa7pxu38bg506.png "src=" https://s2.51cto.com/wyfs02/M00/ 93/06/wkiom1khenwrhus7aaa7pxu38bg506.png "/>

Select System Services

System Services

650) this.width=650; "title=" 9.png "alt=" wkiom1kheqhg29qoaabmxdxwijs041.png-wh_50 "src=" https://s2.51cto.com/ Wyfs02/m01/93/06/wkiom1kheqhg29qoaabmxdxwijs041.png-wh_500x0-wm_3-wmp_4-s_2347242264.png "/>

Then there are stars that are open without the star is not open can be switched with an empty SPACEBAR

Select OK and then tab.

The second Kind

[Email protected] ~]# Chkconfig | Grep-v "Sshd|rsyslog|network|crond|sysstat" |awk ' {print "Chkconfig" $ "Off"} ' |bash

It is not closed by grep-v. Then pass the concatenation of the strings and then give Bash a handle

Time optimization

Ntpdate ntp1.aliyun.com

Write this command in a timed mission.

Crontab-e

Enter * * * * * */usr/sbin/ntpdate ntp1.aliyun.com >>/dev/null 2>&1

Remember to add an absolute path to the command

This article is from "No Lover" blog, please make sure to keep this source http://caojiaoyue.blog.51cto.com/11798573/1920994

Simple optimization of Linux systems