CentOS the basic tuning and security settings after minimizing the installation of the system _linux

Source: Internet
Author: User
Tags i18n administrator password rsyslog

Cleaning up the boot-up service

Shows the startup status of all running levels for all services
#chkconfig –list
Stop all services starting at run Level 3
#for Oldboy in ' chkconfig–list |grep 3:on |awk ' {print $} ';d o chkconfig–level 3 $oldboy off;done
In the opening of common services, crond,network,rsyslog,sshd
#for Oldboy in Crond network Rsyslog sshd;do chkconfig–level 3 $oldboy on;done
Show all services under all 3 run levels (decide which service to start on demand)
#chkconfig –list |grep 3:on

SSH Security Configuration

Installing SSH
#yum Install SSH
Back up the configuration file (you need to make a backup before changing the profile)
#cp/etc/ssh/sshd_config/etc/ssh/sshd_config.bak
Modify SSHD configuration file (improve system security)
#vi/etc/ssh/sshd_config
Port 52101 modifies the default ports for SSH, which defaults to 22 ports
Permitrootlogin no does not allow root user login
Permitemptypasswords no do not allow null password login
Usedns no is not appropriate for DNS
#man sshd_config details please take a look at the man
Toggle User
Identifiers
$ prompt is $ for normal user
# Prompt for # is represented as admin root user
Switching between users
$su –root Normal User Switching administrator needs to enter a password
#su –XU Administrator switch to normal users do not need to enter a password
Grant root Admin permissions to ordinary users
#visudo Use the Visudo command to edit/etc/sudoers
#user Machine=commands
Root all= (All)
Xu All= (All)

Log on using Xu User

$sudo Cat/etc/shadow Ordinary users can view the shadow file
Password: The password entered here is not the administrator password, but Xu the user's own password

User Environment variables

#echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
$echo $PATH
/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/xu/bin
Normal user and administrator path is not the same, ordinary users use the command is the path of the variable
For example: $ useradd AAA
-bash:useradd:command not found
When a normal user enters a command, the system looks for the path in the path variable, if the prompt command not found is not found

Linux Character Set

In the use of English installation of the operating system, if the system has Chinese, this time will display garbled, need to modify the character set
#vim/etc/sysconfig/i18n
Lang= "en_US. Utf-8″
Sysfont= "Latarcyrheb-sun16″
en_US. UTF-8 English Character Set
Zh_cn. GB18030 Chinese Character Set
Make the contents of the changes immediately effective
#source/etc/sysconfig/i18n
Update server time with NTP service
NTP Network Time Protocol

Installing NTP

#yum Install NTP
Update Time
#ntpdate time.windows.com
Perform an update every 5 minutes
#echo ' */5 * * * * ntpdate time.windows.com >/dev/null 2>&1 >>/var/spool/cron/root

View Scheduled Tasks

#crontab –l
Increase server file descriptors
When the system service is turned on, the access is large, and more file descriptors are used.
Displays the current number of file descriptors
#uimits –n
1024
Increase the number of file descriptors
#vim/etc/security/limits.conf
*-Nofile 65536 #在文本的最后一行添加
Re-log in user, view file descriptor at a time
#ulimit –n
65536

Adjust kernel parameters

#vim/etc/sysctl.conf
Net.ipv4.tcp_fin_timeout = 2
Net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_keepalive_time = +
Net.ipv4.ip_local_port_range = 4000     65000
Net.ipv4.tcp_max_syn_backlog = 16384
Net.ipv4.tcp_max_tw_buckets = 36000
Net.ipv4.route.gc_timeout = +
Net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
Net.ipv4.ip_ Conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_max=25000000
Net.ipv4.netfilter.ip_conntrack_tcp_ timeout_established=180
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
Net.ipv4.netfilter.ip_ conntrack_tcp_timeout_close_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120
to make the modification take effect immediately
#sysctl –p

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.