Centos minimizes basic tuning and security settings after installing the system

Source: Internet
Author: User
Tags i18n ssh port rsyslog

Clear automatically started services

Displays the startup status of all running levels of all services
# Chkconfig-list
Stop all services started on running level 3
# For oldboy in 'chkconfig-list | grep 3: on | awk' {print $1} ''; do chkconfig-level 3 $ oldboy off; done
When common services are enabled, crond, network, rsyslog, and sshd
# For oldboy in crond network rsyslog sshd; do chkconfig-level 3 $ oldboy on; done
Show all services under all 3 running levels (which service is started according to requirements)
# Chkconfig-list | grep 3: on

Ssh Security Configuration

Install ssh
# Yum install ssh
Back up the configuration file (back up the configuration file before changing it)
# Cp/etc/ssh/sshd_config/etc/ssh/sshd_config.bak
Modify the sshd configuration file to improve system security)
# Vi/etc/ssh/sshd_config
Port 52101: Modify the default ssh Port. The default Port is Port 22.
PermitRootLogin no. the ROOT user is not allowed to log on.
PermitEmptyPasswords no do not allow empty password login
UseDns no does not apply to DNS
# Man sshd_config
Switch user
$ Prompt $ indicates a common user
# Prompt: # represents the administrator root user
Switching between users
$ Su-root: A common user needs to enter a password to switch the administrator.
# The su-xu Administrator does not need to enter a password to switch to a common user.
Grant root management permissions to common users
# Visudo use the visudo command to edit/etc/sudoers
Root ALL = (ALL) ALL

Use user xu to log on

$ Sudo cat/etc/shadow normal users can view the shadow file
Password: the Password entered here is not the administrator Password, but the user's own Password of xu.

User Environment Variables

# Echo $ PATH
/Usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin: /usr/bin:/root/bin
$ Echo $ PATH
The PATH of a common user is different from that of an administrator. The command used by a common user is the PATH of the PATH in the variable.
For example: $ useradd aaa
-Bash: useradd: command not found
When you enter a command, the system looks for the PATH in the PATH variable. If no PATH is found, the command not found prompt is displayed.

LINUX Character Set

After the operating system is installed in English, if the system contains Chinese characters, garbled characters are displayed. You need to modify the character set.
# Vim/etc/sysconfig/i18n
LANG = en_US.UTF-8 ″
SYSFONT = latarcyrheb-sun16 ″
En_US.UTF-8 English character set
Zh_CN.GB18030 Chinese Character Set
Make the modification effective immediately
# Source/etc/sysconfig/i18n
Update Server time using ntp service
Ntp Network Time Protocol

Install ntp

# Yum install ntp
Update Time
# Ntpdate time.windows.com
Update every 5 minutes
# Echo '*/5 ***** ntpdate time.windows.com>/dev/null 2> & 1>/var/spool/cron/root

View scheduled tasks

# Crontab-l
Increase the server file descriptor
When the system service is enabled, more file descriptors will be used as the access volume increases.
Displays the number of file descriptors.
# Uimits-n
Increase the number of file descriptors
# Vim/etc/security/limits. conf
*-Nofile 65536 # Add the last line in the text
Log on to the user again and view the file descriptor.
# Ulimit-n

Adjust Kernel Parameters

# Vim/etc/sysctl. conf
Net. ipv4.tcp _ fin_timeout = 2
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ syncookies = 1
Net. ipv4.tcp _ keepalive_time = 600
Net. ipv4.ip _ local_port_range = 4000 65000
Net. ipv4.tcp _ max_syn_backlog = 16384
Net. ipv4.tcp _ max_tw_buckets = 36000
Net. Route 4.route. gc_timeout = 100
Net. ipv4.tcp _ syn_retries = 1
Net. ipv4.tcp _ synack_retries = 1
Net. ipv4.ip _ conntrack_max = 25000000
Net. ipv4.netfilter. ip_conntrack_max = 25000000
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_established = 180
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_time_wait = 120
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_close_wait = 60
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_fin_wait = 120
Make changes take effect immediately
# Sysctl-p

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.