Linux Intermediate Architecture First affidavit

1. basic commands are the top priority, and are not limited to the four most common enterprise commands.

2.shell shell mysql lamp zabbix

< Span style= "Font-size:14px;font-family:calibri, ' Sans-serif ';" >4. simple understanding of tuning techniques,

5.apache , Nginx Two + Services + Simple Tuning + Understand PV , UV , the concept of the network

From initial installation to completion of the overall architecture.

First, the system installation

1. system partition
   /boot Ext4 200M   Select primary partition ( force to be a primary partition
   /swap memory 1-2 times   Select primary partition ( force to be a Primary Partition no mount point
   /   &NBSP;EXT4      Select primary partition ( force to be a primary partition Select installation Type   Select a Custom installation package group here
   
   
   

2. install

Second, CRT Connections

Third, create the admin account

In daily operations, try to avoid using the root user, create an administrative account for the appropriate manager, and create admin here .

For ease of administration, set sudo permissions to admin

Mans sudo

Visudo ,vi/etc/sudoers

Iv. System Optimization

1. close iptables/etc/init.d/iptables stop

2. Close seliunx sed-i ' s#selinux=enforcing#selinux=disabled#g '

Gentenforce(View status) Setenforce 0 ( temporary effect )

3. grep ' initdefault '/etc/inittab view boot mode (level 0-6)

4. Turn off the start-up service to keep only crondnetwork rsyslog sshd these four services

For n in chkconfig--list|grep 3:on|awk ' {print $} '; Do chkconfig--level 3$n off; Done shutdown all services start automatically
For N in Crond network Rsyslog sshd;do chkconfig $n on;done crond network Rsyslog sshd These four service settings boot up

5. optimized ssh login

Sed-i ' s/#Port 22/port 52113/g '/etc/ssh/sshd_configsed-i ' s/#PermitRootLogin yes/permitrootlogin yes/g '/etc/ssh/sshd _configsed-i ' s/#PermitEmptyPasswords no/permitemptypasswords no/g '/etc/ssh/sshd_configsed-i ' s/#UseDNS yes/usedns No/g '/etc/ssh/sshd_configcat/etc/ssh/sshd_config|egrep ' Usedns no| Permitemptypasswords no| Permitrootlogin no| Port52113 "

or vi edit sshd_config directly in the tail copy the following lines

Port52113permitrootlogin nopermitemptypasswords Nousedns No

6. /etc/profile file setup boot
echo "Alias grep= ' grep--color=auto '" >>/etc/profile # set alias on
Source/etc/profile # Make it non-restart effective
sudo echo "path=/scripts/: $PATH" >>/etc/profile # setting environment variables
Any path inside the environment variable can be directly knocked out execution (the file in the path should have execute permission)
Normal user ~/.bash_profile or ~/.BASHRC

7. modifying character sets

[Email protected] ~]# cat/etc/sysconfig/i18n #LANG = "en_US. UTF-8 "lang=" ZH_CN. GB18030 "sysfont=" Latarcyrheb-sun16 "source/etc/sysconfig/i18n #使之生效

Learn Linux try to avoid Chinese characters, preferably using en_US. UTF-8 Character Set

8. System time Synchronization

NTP Time Synchronization Service

/usr/sbin/ntpdate time.nist.govecho ' #time sync by dong at 2017-02-16 ' >>/var/spool/cron/rootecho ' */5 * * * */usr/ Sbin/ntpdate time.nist.gov >/dev/null 2>&1 ' >>/var/spool/cron/rootcrontab-l

9. Increase the server file descriptor

Ulimit-n Viewing the default 1024

Echo ' *-nofile 65535 ' >>/etc/security/limits.conf

Set up auto-Modify on boot

10. Adjust kernel parameter file/etc/sysctl.conf

Net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_synack_retries = 1net.ipv4.tcp_keepalive_time  = 600net.ipv4.tcp_keepalive_probes = 3net.ipv4.tcp_keepalive_intvl =15net.ipv4.tcp_ retries2 = 5net.ipv4.tcp_fin_timeout = 2net.ipv4.tcp_max_tw_buckets =  36000net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_max_orphans =  32768net.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.tcp_ wmem = 8192 131072 16777216net.ipv4.tcp_rmem = 32768 131072  16777216net.ipv4.tcp_mem = 786432 1048576 1572864net.ipv4.ip_local_port_range =  1024 65000net.ipv4.ip_conntrack_max = 65536net.ipv4.netfilter.ip_conntrack_max= 65536net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180net.core.somaxconn =  16384net.core.netdev_max_backlog = 16384

11. Script regularly cleans up clientmqueue directory junk files to prevent full disk space

echo "find/var/spool/clientmqueue/-type f|xargs rm-f" >/scripts/del_sys_file.shecho "xx * * */bin/sh/scripts/del _sys_file.sh>/dev/null 2>&1 ">>/

12. Modify the login system prompt Information

>/etc/issue or Cat/dev/null >/etc/issue

13. Lock Critical system files

Chattr +i/etc/passwd file plus lock

chattr-i/etc/passwd file Unlock

important orders. netstat lntup or an ( L List N Digital Display T TCP Connection u UDP Protocol P process name)

[--tcp|-t] [--udp|-u] [--listening|-l]  [--all|-a]  [--numeric|-n] [--program|-p]

lsof-i: 52113 View Ports

This article is from the "Dongliqiang" blog, make sure to keep this source http://6207422.blog.51cto.com/6197422/1898534

Linux Intermediate Architecture First affidavit