Basic optimization of centos5.8/6.4 system after installation

Source: Internet
Author: User
Tags character set config gpg centos iptables nameserver rsyslog linux

In operation, we found that after the installation of Linux system can not immediately put into production environment to use, often need to go through our operations to optimize the personnel.

Here I will briefly explain a few of the Linux system after the installation of the basic optimization operation.

Note: This optimization is based on CentOS (5.8/6.4). As for the small differences between the 5.8 and the 6.4 optimizations, I'll mention them in the text.

Optimization entries:

Modify IP address, gateway, host name, DNS, etc.

Close SELinux, empty iptables

Add ordinary users and perform sudo authorization management

Update Yum source and necessary software installation

Timed Automatic update of server time

Streamlined power-on self-boot service

Timed to automatically clean/var/spool/clientmqueue/directory garbage files, put the Inode node is full

Change the default SSH service port to prevent remote connections to the root user

Locking Critical file Systems

resizing file descriptors

Adjust the character set so that it supports Chinese

Remove system and kernel version before login screen display

Kernel parameter optimization

1, modify IP address, gateway, host name, DNS, etc.

[Root@localhost ~]# vi/etc/sysconfig/network-scripts/ifcfg-eth0 device=eth0 #网卡名字 bootproto=static #静态IP地址获取状                      States such as: DHCP means to automatically obtain IP address ipaddr=192.168.1.113 #IP地址 netmask=255.255.255.0 #子网掩码 onboot=yes #引导时是否激活 gateway=192.168.1.1 [root@localhost ~]# cat/etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO= Static ipaddr=192.168.1.113 netmask=255.255.255.0 onboot=yes gateway=192.168.1.1 [root@localhost ~]# Vi/etc/sysconfig
/network HOSTNAME=C64 #修改主机名, restart effective gateway=192.168.1.1 #修改默认网关, if the above eth0 does not configure the gateway, the default use of the gateway here. [Root@localhost ~]# cat/etc/sysconfig/network HOSTNAME=C64 gateway=192.168.1.1 We can also use HOSTNAME C64 to temporarily modify the host name, login to the effective change DN  S [root@localhost ~]# vi/etc/resolv.conf #修改DNS信息 nameserver 114.114.114.114 nameserver 8.8.8.8 [root@localhost ~]# Cat   /etc/resolv.conf #查看修改后的DNS信息 nameserver 114.114.114.114 nameserver 8.8.8.8 [root@localhost ~]# Service Network restart #重启网卡, to restart the network card, you can also use the following command [Root@localhost ~]#/etc/init.d/network restart 

2, close SELinux, empty iptables

Close SELinux

[Root@c64 ~]# sed–i ' s/selinux=enforcing/selinux=disabled/g '/etc/selinux/config #修改配置文件则永久生效, but the system must be restarted.

[ROOT@C64 ~]# grep selinux=disabled/etc/selinux/config

Selinux=disabled #查看更改后的结果

[ROOT@C64 ~]# Setenforce 0 #临时生效命令

[ROOT@C64 ~]# Getenforce #查看selinux当前状态

Permissive

Empty iptables

[ROOT@C64 ~]# iptables–f #清理防火墙规则

[ROOT@C64 ~]# iptables–l #查看防火墙规则

Chain INPUT (Policy ACCEPT)

Target Prot opt source destination

Chain FORWARD (Policy ACCEPT)

Target Prot opt source destination

Chain OUTPUT (Policy ACCEPT)

Target Prot opt source destination

[Root@c64 ~]#/etc/init.d/iptables Save #保存防火墙配置信息

3, add ordinary users and the sudo authorization management

[ROOT@C64 ~]# Useradd Sunsky

[Root@c64 ~]# echo "123456" |passwd--stdin sunsky&&history–c

[ROOT@C64 ~]# Visudo

Under Root all= (All), add the following

Sunsky all= (All)

4, update Yum source and necessary software installation

Yum installation software, the default access to the RPM package from foreign official sources, into domestic sources.

Domestic faster two sites: Sohu Mirror site, NetEase Mirror site

Law 1: Configure your own installation source configuration file, and upload to Linux.

Method 2: Use a mirrored site configured yum to install the source configuration file

[ROOT@C64 ~]# cd/etc/yum.repos.d/

[ROOT@C64 yum.repos.d]#/bin/mv Centos-base.repo Centos-base.repo.bak

[ROOT@C64 yum.repos.d]# wget Http://mirrors.163.com/.help/CentOS6-Base-163.repo

Next execute the following command to detect if Yum is normal

[Root@c64 yum.repos.d]# yum Clean all #清空yum缓存

[Root@c64 yum.repos.d]# Yum Makecache #建立yum缓存

Then use the following command to update the system to the latest

[ROOT@C64 yum.repos.d]# rpm--import/etc/pki/rpm-gpg/rpm-gpg-key* #导入签名KEY到RPM

[Root@c64 yum.repos.d]# Yum upgrade-y #更新系统内核到最新

Next, we need to install some necessary software.

[ROOT@C64 yum.repos.d]# yum install Lrzsz ntpdate

Lrzsz is a software that uploads and downloads

Ntpdate is a software that is used to update time with a remote time server

Sysstat is a tool used to detect system performance and efficiency.

5, timing Automatic Update server time

[Root@c64 ~]# echo ' */5 * * */usr/sbin/ntpdate time.windows.com >/dev/null 2 >&1 ' >>/var/spool/cron/roo T

[Root@c64 ~]# echo ' */10 * * */usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1 ' >>/var/spool/cron/root

Tip: CentOS 6.4 's Time Sync command path is different

6 is/usr/sbin/ntpdate.

5 is/sbin/ntpdate.

Expansion: In the number of machines, the above scheduled task synchronization time is OK. If the number of machines is large, you can deploy another time synchronization server NTP server in the network. Only mentioned here, do not deploy.

Time Synchronization server architecture diagram:

6. Streamlined power-on self-starter service

Just install the operating system can retain only crond,network,syslog,sshd these four services. (Centos6.4 for Rsyslog)

[Root@c64 ~]# for Sun in ' chkconfig--list|grep 3:on|awk ' {print $} ';d o chkconfig--level 3 $sun off;done

[Root@c64 ~]# for Sun in Crond rsyslog sshd network;do chkconfig--level 3 $sun on;done

[ROOT@C64 ~]# chkconfig--list|grep 3:on

Crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Network 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off

sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/OS/Linux/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.