1. do not use root management, and use sudo authorization management in the name of common users;
2. change the default remote connection to the server, disable remote connection from the root user, or even change the listening intranet ip address only;
3. automatically update the server time on a regular basis to synchronize the server time with the Internet time;
4. configure the yum update source and download the installation package from the domestic update source.
5. disable selinux and iptables (in work scenarios, if an external ip address exists, it must be enabled );
6. adjust the number of descriptors. opening processes and files consumes file descriptors;
7. automatically clear the junk files in the Mail directory at regular intervals to prevent inodes from being full (note that the directories of Centos6 and Centos5 are different );
8. streamline and retain necessary auto-start services (sshd, rsyslog, network, crond, and recovery );
9. optimize the Linux kernel parameter/etc. sysctl. conf and use the sysctl-p option to make it take effect;
10. change the character set to support Chinese characters. However, we recommend that you use the English character set to prevent garbled characters;
11. lock key system files such as/etc/passwd,/etc/shadow,/etc/gshadow,/etc/group, and/etc/inittab;
It is much safer to change chattr and lsattr to you or other commands.
12. clear/etc/issue and/etc/issue.net to remove the prompts before the system and kernel versions;
13. clear unnecessary virtual accounts;
14. add a password to the grub menu;
15. PING and PING are prohibited;
16. upgrade the vulnerability software.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
