Clear automatically started services
Displays the startup status of all running levels of all services
# Chkconfig-list
Stop all services started on running level 3
# For oldboy in 'chkconfig-list | grep 3: on | awk' {print $1} ''; do chkconfig-level 3 $ oldboy off; done
When common services are enabled, crond, network, rsyslog, and sshd
# For oldboy in crond network rsyslog sshd; do chkconfig-level 3 $ oldboy on; done
Show all services under all 3 running levels (which service is started according to requirements)
# Chkconfig-list | grep 3: on
Ssh Security Configuration
Install ssh
# Yum install ssh
Back up the configuration file (back up the configuration file before changing it)
# Cp/etc/ssh/sshd_config/etc/ssh/sshd_config.bak
Modify the sshd configuration file to improve system security)
# Vi/etc/ssh/sshd_config
Port 52101: Modify the default ssh Port. The default Port is Port 22.
PermitRootLogin no. the ROOT user is not allowed to log on.
PermitEmptyPasswords no do not allow empty password login
UseDns no does not apply to DNS
# Man sshd_config
Switch user
Identifier
$ Prompt $ indicates a common user
# Prompt: # represents the administrator root user
Switching between users
$ Su-root: A common user needs to enter a password to switch the administrator.
# The su-xu Administrator does not need to enter a password to switch to a common user.
Grant root management permissions to common users
# Visudo use the visudo command to edit/etc/sudoers
# User MACHINE = COMMANDS
Root ALL = (ALL) ALL
Xu ALL = (ALL) ALL
Use user xu to log on
$ Sudo cat/etc/shadow normal users can view the shadow file
Password: the Password entered here is not the administrator Password, but the user's own Password of xu.
User Environment Variables
# Echo $ PATH
/Usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin: /usr/bin:/root/bin
$ Echo $ PATH
/Usr/kerberos/bin:/usr/local/bin:/usr/bin:/home/xu/bin
The PATH of a common user is different from that of an administrator. The command used by a common user is the PATH of the PATH in the variable.
For example: $ useradd aaa
-Bash: useradd: command not found
When you enter a command, the system looks for the PATH in the PATH variable. If no PATH is found, the command not found prompt is displayed.
LINUX Character Set
After the operating system is installed in English, if the system contains Chinese characters, garbled characters are displayed. You need to modify the character set.
# Vim/etc/sysconfig/i18n
LANG = en_US.UTF-8 ″
SYSFONT = latarcyrheb-sun16 ″
En_US.UTF-8 English character set
Zh_CN.GB18030 Chinese Character Set
Make the modification effective immediately
# Source/etc/sysconfig/i18n
Update Server time using ntp service
Ntp Network Time Protocol
Install ntp
# Yum install ntp
Update Time
# Ntpdate time.windows.com
Update every 5 minutes
# Echo '*/5 ***** ntpdate time.windows.com>/dev/null 2> & 1>/var/spool/cron/root
View scheduled tasks
# Crontab-l
Increase the server file descriptor
When the system service is enabled, more file descriptors will be used as the access volume increases.
Displays the number of file descriptors.
# Uimits-n
1024
Increase the number of file descriptors
# Vim/etc/security/limits. conf
*-Nofile 65536 # Add the last line in the text
Log on to the user again and view the file descriptor.
# Ulimit-n
65536
Adjust Kernel Parameters
# Vim/etc/sysctl. conf
Net. ipv4.tcp _ fin_timeout = 2
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ syncookies = 1
Net. ipv4.tcp _ keepalive_time = 600
Net. ipv4.ip _ local_port_range = 4000 65000
Net. ipv4.tcp _ max_syn_backlog = 16384
Net. ipv4.tcp _ max_tw_buckets = 36000
Net. Route 4.route. gc_timeout = 100
Net. ipv4.tcp _ syn_retries = 1
Net. ipv4.tcp _ synack_retries = 1
Net. ipv4.ip _ conntrack_max = 25000000
Net. ipv4.netfilter. ip_conntrack_max = 25000000
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_established = 180
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_time_wait = 120
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_close_wait = 60
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_fin_wait = 120
Make changes take effect immediately
# Sysctl-p
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
