16 pieces of knowledge about CentOS Basic Optimization

Source: Internet
Author: User
1. do not use root management, and use sudo authorization management in the name of a common user; 2. change the default remote connection to the server, prohibit remote connection from the root user, or even change the listening only intranet ip address; 3. automatically update the server time on a regular basis to synchronize the server time with the Internet; 4. configure the yum update source and download and install the software package from the domestic update source; tip 5. disable selinux and iptables (in work scenarios, if there is an external ip address, it must be enabled). 6. adjust the description.

1. do not use root management, and use sudo authorization management in the name of common users;

2. change the default remote connection to the server, disable remote connection from the root user, or even change the listening intranet ip address only;

3. automatically update the server time on a regular basis to synchronize the server time with the Internet time;

4. configure the yum update source and download the installation package from the domestic update source.

5. disable selinux and iptables (in work scenarios, if an external ip address exists, it must be enabled );

6. adjust the number of descriptors. opening processes and files consumes file descriptors;

7. automatically clear the junk files in the Mail directory at regular intervals to prevent inodes from being full (note that the directories of Centos6 and Centos5 are different );

8. streamline and retain necessary auto-start services (sshd, rsyslog, network, crond, and recovery );

9. optimize the Linux kernel parameter/etc. sysctl. conf and use the sysctl-p option to make it take effect;

10. change the character set to support Chinese characters. However, we recommend that you use the English character set to prevent garbled characters;

11. lock key system files such as/etc/passwd,/etc/shadow,/etc/gshadow,/etc/group, and/etc/inittab;

It is much safer to change chattr and lsattr to you or other commands.

12. clear/etc/issue and/etc/issue.net to remove the prompts before the system and kernel versions;

13. clear unnecessary virtual accounts;

14. add a password to the grub menu;

15. PING and PING are prohibited;

16. upgrade the vulnerability software.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.