System optimization and security settings
Last time I talked about the basic software installation and configuration of FreeBSD, next I will talk about the detailed configuration and security settings of the system.
I. system optimization settings
1. network settings
Nic and IP address settings:
If no IP address is set during installation, you need to enter the system and set the IP address as follows.
# Cd/etc
# Vi rc. conf
Find ifconfig _ Nic name write (example)
Ifconfig_bce0 = "inet 192.168.10.125 netmask 255.255.255.128"
Defaultrouter = "192.168.10.1"
Save and exit
Easy, no need to edit any if-eth0 files. You can simply write it in the startup configuration, so it is very easy to set multiple IP addresses for one network card.
# Vi/etc/rc. conf
Ifconfig_bce0 = "inet 192.168.10.125 netmask 255.255.255.128" ifconfig_bce0_alias0 = "inet 192.168.255.125 netmask 255.255.255.128"
You can continue to write down, such as alias1, alias2 ......
Next, let's take the DNS conversion settings as follows:
# Vi/etc/resolv. conf
Input
Nameserver 127.0.0.1
Nameserver 202.106.0.20
Nameserver 202.106.196.115
Save and exit
The first line writes the local address, and DNS resolution caches the local address. The local address is first cached for search. if no local address is found, the local address is queried sequentially, the IP address is the DNS resolution server provided by your local service provider.
I have edited the Nic address. how does it take effect? A simple command
#/Etc/rc. d/netif restart
Restart Nic
#/Etc/rc. d/routing restart
Restart the route settings. if OSPF is configured, it will be used.
I have modified many system service configurations and kernel configurations, but I don't want to restart the server. This situation may be frequently encountered by many system administrators.
# Sh/etc/rc
Okay.
There are some kernel parameter adjustments that can improve or reduce the system performance, which we call sysctl. You can edit sysctl. conf to adjust it.
# Vi/etc/sysctl. conf
Kern. ipc. somaxconn = 65535
# Maximum number of connections
Net. inet. tcp. inflight. enable = 1
Net. inet. tcp. inflight. min = 6144
# Reduce latency
Kernel. maxvnodes = 142901
# Adjust the virtual memory size
Kern. maxusers = 1024
# Maximum number of users
# There are still many parameter adjustments. you can run man sysctl to view them, but note that some parameters need to be placed in/boot/loader. conf.
II. security settings
In fact, I think security is more important. However, even if you do not configure the following content, freebsd is safe. But isn't it even better if you configure it.
Security-related settings in rc. conf
1. disabling unnecessary ports and services and adjusting system log records are the first step in network security.
# Vi/etc/rc. conf
Join
Sendmail_enable = "NONE"
# YES indicates that port 25 is enabled, NO indicates that only the local host is monitored, and NONE indicates that port 25 is completely disabled.
Sendmail_submit_enable = "NO"
Sendmail_outbound_enable = "NO"
Sendmail_msp_queue_enable = "NO"
Nfs_server_enable = "NO"
Nfs_client_enable = "NO"
Portmap_enable = "NO"
# Disable NFS
Syslogd_enable = "YES"
Syslogd_flag = "-ss"
# Enable syslog log
Log_in_vain = "YES"
Accounting_enable = "YES"
# Account protection
Update_motd = "NO"
# Disable Motion Of Today. the file is/etc/motd. we recommend that you delete all content Of the file.
Icmp_drop_redirect = "YES"
# Ping is forbidden. it is not recommended to disable it. you need to recompile the kernel to support it.
Put IPFW and IPF in the next section.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
