Take the Aliyun server as an example
One, mounted hard disk
1, disk partition
Fdisk-l #查看设备, you can generally see the device named/dev/xvdb
Fdisk/dev/xvdb #对磁盘进行分区
Enter N #创建新分区
Enter P #创建主分区
Enter 1 #创建第一个主分区
Enter the W #保存并执行以上命令 to create the partition
After the above command has been completed, use Fdisk-l to see a similar
/DEV/XVDB1 of the partition
Indicates that the partition was successful.
2. Disk format
MKFS.EXT4/DEV/XVDB1 #对分区进行格式化
Description: EXT4 is the centos6.x default partition format, centos5.x please use ext3
After the format is complete (depending on the size of the partition, the time required for formatting is different, please wait patiently), mount the partition
3, mount the disk
For example: To mount the/DEV/XVDB1 to the/data directory
Mkdir-p/data #创建目录
Mount/dev/xvdb1/data #挂载
Df-h #查看挂载结果
Vi/etc/fstab #设置开机自动挂载, enter the following code on the last line
/dev/xvdb1/data EXT4 Defaults 0 0
: wq! #保存退出
Mount-a #使分区设置立即生效
Second, create swap partitions
Note: The default Aliyun service does not have a swap partition, 512M cloud Server installed PHP 5.6 will be prompted with insufficient memory, installation failed!
It is strongly recommended that you increase the swap partition regardless of the amount of memory.
Increase the 1024M swap space on the 512M Aliyun service
Specific actions:
1, DD If=/dev/zero of=/tmp/swap bs=1m count=2048 #创建1024M的文件块
2, Mkswap/tmp/swap #创建swap文件
3, Swapon/tmp/swap #激活swap文件
4, Swapon-s #查看swap
5, modify the/etc/fstab file, add the following content, let the system boot automatically start
Vi/etc/fstab #在最后添加下面代码
/tmp/swap Swap default 0 0
: wq! #保存退出
System Yun-wei Www.111cn.net warm reminder: qihang01 original Content © Copyright, reproduced please specify the source and the original link
Third, System kernel optimization
1, CentOS 5.x CentOS 6.x CentOS 7.x
Vi/etc/security/limits.conf #在最后一行添加以下代码
* Soft Nproc Unlimited
* Hard Nproc Unlimited
* Soft Nofile 655350
* Hard Nofile 655350
: wq! #保存退出
2, CentOS 5.x CentOS 6.x CentOS 7.x
Vi/etc/profile #在最后一行添加以下代码
Ulimit-shn 655350
Ulimit-shu Unlimited
Ulimit-shd Unlimited
ULIMIT-SHM Unlimited
ULIMIT-SHS Unlimited
Ulimit-sht Unlimited
ULIMIT-SHV Unlimited
: wq! #保存退出
Source/etc/profile #使配置立即生效
Ulimit-a #查看设置
3, CentOS 6.x (CentOS 5.x and CentOS 7.x do not need to set this)
Vi/etc/security/limits.d/90-nproc.conf #在最后一行添加以下代码
* Soft Nproc Unlimited
* Hard Nproc Unlimited
* Soft Nofile 655350
* Hard Nofile 655350
: wq! #保存退出
4, CentOS 5.x CentOS 6.x CentOS 7.x
Sed-i "S/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" '/etc/sysctl.conf '
Echo-e "net.core.somaxconn = 262144" >>/etc/sysctl.conf
Echo-e "Net.core.netdev_max_backlog = 262144" >>/etc/sysctl.conf
Echo-e "Net.core.wmem_default = 8388608" >>/etc/sysctl.conf
Echo-e "Net.core.rmem_default = 8388608" >>/etc/sysctl.conf
Echo-e "Net.core.rmem_max = 16777216" >>/etc/sysctl.conf
Echo-e "Net.core.wmem_max = 16777216" >>/etc/sysctl.conf
Echo-e "Net.ipv4.netfilter.ip_conntrack_max = 131072" >>/etc/sysctl.conf
Echo-e "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180" >>/etc/sysctl.conf
Echo-e "net.ipv4.route.gc_timeout =" >>/etc/sysctl.conf
Echo-e "Net.ipv4.ip_conntrack_max = 819200" >>/etc/sysctl.conf
Echo-e "Net.ipv4.ip_local_port_range = 10024 65535" >>/etc/sysctl.conf
Echo-e "Net.ipv4.tcp_retries2 = 5" >>/etc/sysctl.conf
Echo-e "net.ipv4.tcp_fin_timeout = >>/etc/sysctl.conf"
Echo-e "net.ipv4.tcp_syn_retries = 1" >>/etc/sysctl.conf
Echo-e "net.ipv4.tcp_synack_retries = 1" >>/etc/sysctl.conf
Echo-e "net.ipv4.tcp_timestamps = 0" >>/etc/sysctl.conf
Echo-e "net.ipv4.tcp_tw_recycle = 1" >>/etc/sysctl.conf
Echo-e "Net.ipv4.tcp_tw_len = 1" >>/etc/sysctl.conf
Echo-e "Net.ipv4.tcp_tw_reuse = 1" >>/etc/sysctl.conf
Echo-e "net.ipv4.tcp_keepalive_time =/etc/sysctl.conf" >>
Echo-e "Net.ipv4.tcp_keepalive_probes = 3" >>/etc/sysctl.conf
Echo-e "NET.IPV4.TCP_KEEPALIVE_INTVL =" >>/etc/sysctl.conf
Echo-e "net.ipv4.tcp_max_tw_buckets = 36000" >>/etc/sysctl.conf
Echo-e "Net.ipv4.tcp_max_orphans = 3276800" >>/etc/sysctl.conf
Echo-e "Net.ipv4.tcp_max_syn_backlog = 262144" >>/etc/sysctl.conf
Echo-e "Net.ipv4.tcp_wmem = 8192 131072 16777216" >>/etc/sysctl.conf
Echo-e "Net.ipv4.tcp_rmem = 32768 131072 16777216" >>/etc/sysctl.conf
Echo-e "Net.ipv4.tcp_mem = 94500000 915000000 927000000" >>/etc/sysctl.conf
/sbin/sysctl-p #使配置立即生效
Cat/var/log/secure #查看系统设置是否正确, no error prompt stating correct settings
Iv. system security Settings
1, create the ordinary account
Useradd Osyunwei #创建普通账号
passwd 123456 #设置密码
2. Disable Root Direct login
Vi/etc/ssh/sshd_config #编辑
Find Permitrootlogin and change the following yes to No
: wq! #保存退出
3, open the firewall
Yum install iptables #安装防火墙 Yum install wget install the download tool first
Chkconfig iptables on #设置开机启动
Vi/etc/sysconfig/iptables #编辑, add the following code
# Firewall configuration written by System-config-firewall
# Manual Customization of this file is not recommended.
*filter
: INPUT ACCEPT [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
-A input-m state--state established,related-j ACCEPT
-A input-p icmp-j ACCEPT
-A input-i lo-j ACCEPT
-A input-m state--state new-m tcp-p TCP--dport 22-j ACCEPT
-A input-m state--state new-m tcp-p TCP--dport 80-j ACCEPT
-A input-s 192.168.1.1/24-m state--state new-m tcp-p TCP--dport 3306-j ACCEPT
-A input-j REJECT--reject-with icmp-host-prohibited
-A forward-j REJECT--reject-with icmp-host-prohibited
COMMIT
# Iptables for osyunwei.com Date 2015/05/22
Service Iptables Start #启动防火墙
Note:-s 192.168.1.1/24 says only this IP segment is allowed to access 3306 ports and can be modified according to requirements
4. Modify SSH default port
Change SSH default remote connection port 22 to 222
Vi/etc/ssh/sshd_config
Add Port 222 under #port 22
: wq! #保存退出
Vi/etc/ssh/ssh_config
Add Port 222 under #port 22
: wq! #保存退出
/etc/init.d/sshd Restart #重启sshd服务
Vi/etc/sysconfig/iptables #编辑
Change the 22 port to 222
: wq! #保存退出
/etc/init.d/iptables restart #重启防火墙 to make configuration effective
V. Modify the host name
This sets the host name: Www.111cn.net
1, hostname "www.111cn.net" #设置主机名为www. 111cn.net
2,
Vi/etc/sysconfig/network #编辑配置文件CentOS 5.x CentOS 6.x
Hostname= www.111cn.net #修改localhost. Localdomain for Www.111cn.net
: wq! #保存退出
Vi/etc/hostname #编辑配置文件CentOS 7.x
Www.111cn.net #修改localhost. Localdomain for Www.111cn.net
: wq! #保存退出
3, Vi/etc/hosts #编辑配置文件
127.0.0.1 www.111cn.net localhost #修改localhost. Localdomain for Www.111cn.net
: wq! #保存退出
Vi. Synchronization System Time
Yum install-y NTP #安装ntp
Ntpdate cn.pool.ntp.org #执行时间同步
Hwclock--SYSTOHC #系统时钟和硬件时钟同步
ECHO-E "0 0 * * */usr/sbin/ntpdate cn.pool.ntp.org >/dev/null" >>/var/spool/cron/root #添加计划任务
Service Crond Restart #重启服务
Installation of the basic software package
Yum install-y apr* autoconf automake bison cloog-ppl compat* cpp Curl curl-devel fontconfig fontconfig-devel freetype fre etype* freetype-devel gcc gcc-c++ gtk+-devel gd gettext
Gettext-devel glibc kernel kernel-headers keyutils keyutils-libs-devel krb5-devel libcom_err-devel libpng* libjpeg* Libsepol-devel Libselinux-devel Libstdc++-devel libtool*
Libgomp libxml2 libxml2-devel libxpm* libtiff libtiff* libx* make MPFR ncurses* ntp OpenSSL openssl-devel patch Pcre-devel Perl php-common php-gd policycoreutils ppl telnet
T1lib t1lib* nasm nasm* wget zlib-devel