Centos maintenance and Optimization

Centos maintenance and Optimization

The CentOS 5.2 server should be maintained and optimized in a simple and efficient manner.

1. disable unnecessary services

# Ntsysv

Only services to be started are listed below, and all services not listed are closed:

Crond

Irqbalance (enabled only when the server CPU is s.m.p or supports dual-core, HT technology; otherwise disabled)

Microcode_ctl

Network

Random

Sshd

Syslog

2. Adjust TCP/IP network parameters to enhance anti-SYN Flood capability

# Echo 'Net. ipv4.tcp _ syncookies = 1'>/etc/sysctl. conf

# Sysctl-p

3. Modify the command history record

# Vi/etc/profile

Change "HISTSIZE = 1000" to "HISTSIZE = 50" (depending on the actual situation)

4. timed calibration of server time

# Yum install ntp

# Crontab-e

Add a row: */5 ***** ntpdate 210.72.145.44

#210.72.145.44 is the address of the China National Time Service Center Server

Copy Code 5. Because it is a server, in line with the principle of security, efficiency and security, the fewer files on the www.linuxidc.com server, the better. However, it is recommended to select tools including development tools, or else it will be very troublesome; the centos system is okay to say that the red hat is born and tortured.

6. Stop the printing service.

If you do not want to provide the printing service, stop the printing service that is set to auto start by default.

Root@www.linuxidc.com ~ #/Etc/rc. d/init. d/cups stop slave stop printing service

Stopping cups: [OK] The slave instance stops the service successfully. "OK" appears"

Root@www.linuxidc.com ~ # Chkconfig cups off schedule disable auto start of the Print Service

Root@www.linuxidc.com ~ # Chkconfig-list cups startup confirm the status of the Service self-starting setting

Cups0: off 1: off 2: off 3: off 4: off 5: off 6: off running 0-6 is OK (the current printing service is disabled) 7. Stop ipv6. ipv6 can be stopped completely.

In the default CentOS status, ipv6 is enabled. Because we do not use ipv6, stop ipv6 to maximize security and speed.

First, check whether the ipv6 feature is enabled.

Root@www.linuxidc.com ~ # Ifconfig-a Networks: list all network interfaces

Eth0 Link encap: Ethernet HWaddr 00: 0C: 29: B6: 16: A3

Inet addr: 192.168.0.13 Bcast: 192.168.0.255 Mask: 255.255.255.0

Inet6 addr: fe80: 20c: 29ff: feb6: 16a3/64 Scope: Link

Up broadcast running multicast mtu: 1500 Metric: 1

RX packets: 84 errors: 0 dropped: 0 overruns: 0 frame.: 0

TX packets: 93 errors: 0 dropped: 0 overruns: 0 carrier: 0

Collisions: 0 FIG: 1000

RX bytes: 10288 (10.0 KiB) TX bytes: 9337 (9.1 KiB)

Interrupt: 185 Base address: 0 ×1400

Lo Link encap: Local Loopback

Inet addr: 127.0.0.1 Mask: 255.0.0.0

Inet6 addr: 1/128 Scope: Host

Up loopback running mtu: 16436 Metric: 1

RX packets: 12 errors: 0 dropped: 0 overruns: 0 frame.: 0

TX packets: 12 errors: 0 dropped: 0 overruns: 0 carrier: 0

Collisions: 0 txqueuelen: 0

RX bytes: 952 (952.0 B) TX bytes: 952 (952.0 B)

Sit0 Link encap: The IPv6-in-IPv4 consumer confirms that ipv6 is in the started status

Noarp mtu: 1480 Metric: 1

RX packets: 0 errors: 0 dropped: 0 overruns: 0 frame.: 0

TX packets: 0 errors: 0 dropped: 0 overruns: 0 carrier: 0

Collisions: 0 txqueuelen: 0

RX bytes: 0 (0.0 B) TX bytes: 0 (0.0 B)

Modify the configuration file to stop ipv6.

Root@www.linuxidc.com ~ # Vi/etc/modprobe. conf configure modify the corresponding configuration file, add the following line to the end of the article: alias net-pf-10 off

Alias ipv6 off

Echo "IPV6INIT = no">/etc/sysconfig/network-scripts/ifcfg-eth0

Copy the Code [root@www.linuxidc.com ~] # Shutdown-r now restart the system to make the settings take effect

Finally, verify that the ipv6 function is disabled.

Root@www.linuxidc.com ~ # Ifconfig-a Networks: list all network interfaces

Eth0 Link encap: Ethernet HWaddr 00: 0C: 29: B6: 16: A3

Inet addr: 192.168.0.13 Bcast: 192.168.0.255 Mask: 255.255.255.0

Inet6 addr: fe80: 20c: 29ff: feb6: 16a3/64 Scope: Link

Up broadcast running multicast mtu: 1500 Metric: 1

RX packets: 84 errors: 0 dropped: 0 overruns: 0 frame.: 0

TX packets: 93 errors: 0 dropped: 0 overruns: 0 carrier: 0

Collisions: 0 FIG: 1000

RX bytes: 10288 (10.0 KiB) TX bytes: 9337 (9.1 KiB)

Interrupt: 185 Base address: 0 × 1400lo Link encap: Local Loopback

Inet addr: 127.0.0.1 Mask: 255.0.0.0

Inet6 addr: 1/128 Scope: Host

Up loopback running mtu: 16436 Metric: 1

RX packets: 12 errors: 0 dropped: 0 overruns: 0 frame.: 0

TX packets: 12 errors: 0 dropped: 0 overruns: 0 carrier: 0

Collisions: 0 txqueuelen: 0

RX bytes: 952 (952.0 B) TX bytes: 952 (952.0 B)

7. Optimize the kernel and adjust the temporary port range

Vim/etc/sysctl. conf net. ipv4.ip _ local_port_range = 1024 65535

Copy the code without restarting to make the kernel take effect immediately

/Sbin/sysctl-p

8. Adjust the maximum number of opened files in Linux. Otherwise, squid will have low performance during high load.

Vim/etc/security/limit. conf, add * soft nofile 65535 in the last line

* Hard nofile 70000

It is worth noting that the command ulimit-SHn cannot change the maximum number of files opened in linux.