The last two days to do another thing: the host in Shanghai Hua Cao Road room for 2 years of almost 200G data server to all format, and then replaced by CentOS. Very depressed is unexpectedly the technology said there is no CentOS the latest version, I installed a version of 5.2, and finally I made a mistake several times, reloading the system two times.
Considering that in many Linux distributions, CentOS is an excellent one, because it is based on the original Redhat Linux, is relative to Rhel (Red Hat Enterprise Linux, is now charged) free version, excellent performance, available documentation and other resources are rich. In many panels, from resource occupancy, ease of use, and so on, Kloxo (formerly Lxadmin) is undoubtedly the most suitable for VPS novice, and its basic function is free, compared to the expensive cpanel panel is still quite good, The only business limitation is that you can't bind more than 40 domain names, which is really enough for our average user. So the Centos+kloxo platform is a great choice for us to build Web services for people who don't know Linux.
Here are a few steps to explain the initialization setup after you get the newly installed server/vps, just for a brief description. The following methods are mainly collected from the Internet.
——————————-the first step ——————————-
Because the server is generally installed CentOS full version, with the Apache and other components, we want to use KLOXO with the server components, we need to uninstall the Apache, MySQL and so on.
Uninstall MySQL
# Rpm-qa | grep MySQL
Mysql-3.23.58-9
Php-mysql-4.3.4-11
mod_auth_mysql-20030510-4.1
Mysql-server-3.23.58-9
Description: Rpm-qa | The grep mysql command is designed to list MySQL-related packages, and uninstall starts at the bottom of the package until the first one is unloaded.
For example: In this example, we should first uninstall the Mysql-server-3.23.58-9 method as follows:
Rpm-e Mysql-server
Description: RPM-E is the command to uninstall the RPM package, followed by the package name, the final version number is not to play, such as our next uninstall mod_auth_mysql-20030510-4.1 package, the following methods:
Rpm-e Mod_auth_mysql
Uninstall Apache
# Rpm-qa | grep httpd
Uninstall PHP
# Rpm-qa | grep php
Note: When uninstalling, if the uninstall does not drop, the system will generally prompt the package dependencies, and list the name of the dependent package, first uninstall the hint depends on the package can be. If there is really no unloading of the package, you can add-nodeps this parameter to uninstall, such as we uninstall php-4.3.4-11, really unloaded. Just use:
Rpm-e Php-4.3.4-11-nodeps
The order is tough and should be done.
——————————-the second step ——————————-
CentOS system security Settings
1, change the SSH port, preferably to more than 10000, other people scan to the probability of the port will also drop
Vi/etc/ssh/ssh_config
Vi/etc/ssh/sshd_config
And then modify the port number that is required for port
As Root service sshd restart
2, delete the system bloated redundant account:
Userdel Adm.
Userdel LP
Userdel Sync
Userdel shutdown
Userdel Halt
Userdel News
Userdel UUCP
Userdel operator
Userdel Games
Userdel Gopher
Userdel FTP If you do not allow anonymous FTP, delete this user account
Groupdel Adm.
Groupdel LP
Groupdel News
Groupdel UUCP
Groupdel Games
Groupdel Dip
Groupdel pppusers
3, increase the ordinary account, and prohibit root remote login:
Useradd newuser//Add new user
passwd newuser//Change Password
USERMOD-G10 NewUser
or usermod-g wheel NewUser//Add user to Wheel Group, allow su– command to be used as root
Vi/etc/ssh/sshd_config
Add a line:
Permitrootlogin No//no root telnet
Vi/etc/pam.d/su
#auth required/lib/security/$ISA/pam_wheel.so use_uid← Find this line, remove the "#" at the beginning of the line
echo "Su_wheel_only yes" >>/etc/login.defs//above to prohibit users who are not in the WHEEL group from using the SU-command
Restart the sshd service
#service sshd Restart
4, change the following file permissions, so that no one change the account permissions:
Chattr +i/etc/passwd
Chattr +i/etc/shadow
Chattr +i/etc/group
Chattr +i/etc/gshadow
5, edit the "host.conf" file (vi/etc/host.conf) to join the following lines:
Order Bind,hosts
Multi on
Nospoof on
chmod 600/etc/xinetd.conf
Vi/etc/xinetd.conf prohibits all unwanted services, such as FTP, Telnet, shell, login, exec, talk, Ntalk, IMAP, pop-2, pop-3, finger, auth, etc. You can also set up service items directly through the Setup command.
After changing the "inetd.conf" file, don't forget to send a sighup signal to the inetd process:
Killall-hup xinetd
Chattr +i/etc/xinetd.conf//Make inetd.conf immutable, if you want to change the xinetd.conf file, you must first clear this is not allowed to change the flag:
Chattr-i/etc/inetd.conf
For server security, you can configure the ping:
First use/sbin/ifconfig to view the network card information, find out the name of the network card, such as Venet0
Run
/sbin/iptables-a output-o venet0-p icmp-j ACCEPT
/sbin/iptables-a input-i venet0-p icmp–icmp-type echo-reply-j ACCEPT
/sbin/iptables-a input-i venet0-p icmp–icmp-type echo-request-j DROP
/sbin/service iptables Save
After you see OK reboot.
You can also optimize MySQL by using mysqltuner analysis. Mysqltuner is a Perl script that analyzes your MySQL performance and gives recommendations for optimization.
Yum Install php-bcmath/* high-precision mathematical operation components, the default is not installed, MD5 operation to use the * *
Yum check-update/* Check all updates * *
Yum Update/* Updates all updates * *
Yum Clean All/* Cleans up all cached installation files to save space.
This is the end of the installation Kloxo, you can web landing panels.
Address: https://yourdomain:7777//* Secure connection * *
http://yourdomain:7778//* Common links, commonly used * *
Generally for security reasons, in the panel to modify the default 7777 and 7778 ports, modified to SSH to run:
/script/restart
Restart the Kloxo service to take effect.
Below you can follow the instructions in the Panel to add the site.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.