How to optimize CentOS (5.8/6.4) Linux production environment

After the CentOS system is installed, it cannot be immediately used in the production environment. It usually needs to be optimized by our O & M personnel. Here are some basic optimization operations for Linux system installation. Note: This optimization is based on CentOS (5.8/6.4 ).

Next, I will briefly explain some basic optimization operations on Linux after installation.

Note: This optimization is based on CentOS (5.8/6.4 ). I will mention the minor differences between 5.8 and 6.4 During optimization.

Optimization entry:

• Modify IP addresses, gateways, host names, DNS, etc.
• Disable selinux and clear iptables
• Add common users and perform sudo authorization management
• Update yum source and necessary software installation
• Timed automatic Server Update
• Streamline boot auto-start services
• Automatically clear/var/spool/clientmqueue/directory junk files at regular intervals, and place inode nodes fully occupied
• Change the default ssh service port and disable remote connection from the root user.
• Lock key file systems
• Adjust file descriptor size
• Adjust the character set to support Chinese Characters
• Remove screen display before system and kernel version Logon
• Kernel Parameter Optimization

1. Modify the IP address, gateway, host name, DNS, etc.

[Root @ localhost ~] # Vi/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE = eth0 # Nic name
BOOTPROTO = static # obtain the static IP address. For example, DHCP indicates that the IP address is automatically obtained.
IPADDR = 192.168.1.113 # IP Address
NETMASK = 255.255.255.0 # Subnet Mask
ONBOOT = yes # activate during boot
GATEWAY = 192.168.1.1
[Root @ localhost ~] # Cat/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE = eth0
BOOTPROTO = static
IPADDR = 192.168.1.113
NETMASK = 255.255.255.0
ONBOOT = yes
GATEWAY = 192.168.1.1
[Root @ localhost ~] # Vi/etc/sysconfig/network
HOSTNAME = c64 # modify the Host Name and restart it to take effect.
GATEWAY = 192.168.1.1 # modify the default GATEWAY. If no GATEWAY is configured in eth0, the GATEWAY here is used by default.
[Root @ localhost ~] # Cat/etc/sysconfig/network
HOSTNAME = c64
GATEWAY = 192.168.1.1
You can also use hostnamec64 to temporarily modify the Host Name and log on again.
Modify DNS
[Root @ localhost ~] # Vi/etc/resolv. conf # modify DNS information
Nameserver 114.114.114.114
Nameserver 8.8.8.8
[Root @ localhost ~] # Cat/etc/resolv. conf # view the modified DNS information
Nameserver 114.114.114.114
Nameserver 8.8.8.8
[Root @ localhost ~] # Service network restart # restart the NIC to take effect
Restart the NIC. You can also use the following command
[Root @ localhost ~] #/Etc/init. d/network restart

 

2. Disable selinux and clear iptables.
Disable selinux

[Root @ c64 ~] # Sed-I's/SELINUX = enforcing/SELINUX = disabled/G'/etc/selinux/config # modifying the configuration file takes effect permanently, but the system must be restarted.
[Root @ c64 ~] # Grep SELINUX = disabled/etc/selinux/config
SELINUX = disabled # view the changed result
[Root @ c64 ~] # Setenforce 0 # temporary effective command
[Root @ c64 ~] # Getenforce # view the current status of selinux
Permissive

 

Clear iptables

[Root @ c64 ~] # Iptables-F # clear firewall rules
[Root @ c64 ~] # Iptables-L # view firewall rules
Chain INPUT (policy ACCEPT)
Target prot opt source destination
Chain FORWARD (policy ACCEPT)
Target prot opt source destination
Chain OUTPUT (policy ACCEPT)
Target prot opt source destination
[Root @ c64 ~] #/Etc/init. d/iptables save # save firewall configuration information

3. Add common users and perform sudo authorization management

[Root @ c64 ~] # Useradd sunsky
[Root @ c64 ~] # Echo "123456" | passwd -- stdin sunsky & history-c
[Root @ c64 ~] # Mongodo
Add the following content under the root ALL = (ALL) ALL row:
Sunsky ALL = (ALL) ALL

4. Update yum source and necessary software installation
Yum install software. By default, the rpm package is obtained from the foreign official source and changed to the domestic source.
Two fast domestic sites: Sohu image site and Netease image site
Method 1: configure the source configuration file and upload it to linux.
Method 2: Install the source configuration file using the yum configured on the Image site

[Root @ c64 ~] # Cd/etc/yum. repos. d/
[Root @ c64 yum. repos. d] #/bin/mv CentOS-Base.repo CentOS-Base.repo.bak
[Root @ c64 yum. repos. d] # wget http://mirrors.163.com/.help/CentOS6-Base-163.repo

Run the following command to check whether yum is normal.

[Root @ c64 yum. repos. d] # yum clean all # Clear yum Cache
[Root @ c64 yum. repos. d] # yum makecache # create yum Cache

Run the following command to update the system to the latest version.

[Root @ c64 yum. repos. d] # rpm -- import/etc/pki/rpm-gpg/RPM-GPG-KEY * # import the signature KEY to RPM
[Root @ c64 yum. repos. d] # yum upgrade-y # update the system kernel to the latest version

Next we need to install several necessary software.

[Root @ c64 yum. repos. d] # yum install lrzsz ntpdate sysstat-y

Lrzsz is a software for uploading and downloading data.
Sysstat is a tool used to detect system performance and efficiency.
5. automatically update server time on a regular basis

[Root @ c64 ~] # Echo '*/5 *****/usr/sbin/ntpdate time.windows.com>/dev/null 2> & 1'>/var/spool/cron/root
[Root @ c64 ~] # Echo '*/10 *****/usr/sbin/ntpdate time.nist.gov>/dev/null 2> & 1'>/var/spool/cron/root

Tip: The time synchronization command paths for CentOS 6.4 are different.
6 is/usr/sbin/ntpdate
5 is/sbin/ntpdate
Extension: when the number of machines is small, the synchronization time of the above scheduled tasks is enough. If the number of machines is large, you can deploy another time synchronization Server NTP Server in the network. This is only mentioned here and is not deployed.
Time synchronization server architecture diagram:

 

1 2 Next Page