1. basic commands are the top priority, and are not limited to the four most common enterprise commands.
2.shell shell mysql lamp zabbix
< Span style= "Font-size:14px;font-family:calibri, ' Sans-serif ';" >4. simple understanding of tuning techniques,
5.apache , Nginx Two + Services + Simple Tuning + Understand PV , UV , the concept of the network
From initial installation to completion of the overall architecture.
First, the system installation
-
system partition
/boot Ext4 200M Select primary partition ( force to be a primary partition
/swap memory 1-2 times Select primary partition ( force to be a Primary Partition no mount point
/ &NBSP;EXT4 Select primary partition ( force to be a primary partition Select installation Type Select a Custom installation package group here
-
install
Second, CRT Connections
Third, create the admin account
In daily operations, try to avoid using the root user, create an administrative account for the appropriate manager, and create admin here .
For ease of administration, set sudo permissions to admin
Mans sudo
Visudo ,vi/etc/sudoers
Iv. System Optimization
1. close iptables/etc/init.d/iptables stop
2. Close seliunx sed-i ' s#selinux=enforcing#selinux=disabled#g '
Gentenforce(View status) Setenforce 0 ( temporary effect )
3. grep ' initdefault '/etc/inittab view boot mode (level 0-6)
4. Turn off the start-up service to keep only crondnetwork rsyslog sshd these four services
For n in chkconfig--list|grep 3:on|awk ' {print $} '; Do chkconfig--level 3$n off; Done shutdown all services start automatically
For N in Crond network Rsyslog sshd;do chkconfig $n on;done crond network Rsyslog sshd These four service settings boot up
5. optimized ssh login
Sed-i ' s/#Port 22/port 52113/g '/etc/ssh/sshd_configsed-i ' s/#PermitRootLogin yes/permitrootlogin yes/g '/etc/ssh/sshd _configsed-i ' s/#PermitEmptyPasswords no/permitemptypasswords no/g '/etc/ssh/sshd_configsed-i ' s/#UseDNS yes/usedns No/g '/etc/ssh/sshd_configcat/etc/ssh/sshd_config|egrep ' Usedns no| Permitemptypasswords no| Permitrootlogin no| Port52113 "
or vi edit sshd_config directly in the tail copy the following lines
Port52113permitrootlogin nopermitemptypasswords Nousedns No
6. /etc/profile file setup boot
echo "Alias grep= ' grep--color=auto '" >>/etc/profile # set alias on
Source/etc/profile # Make it non-restart effective
sudo echo "path=/scripts/: $PATH" >>/etc/profile # setting environment variables
Any path inside the environment variable can be directly knocked out execution (the file in the path should have execute permission)
Normal user ~/.bash_profile or ~/.BASHRC
7. modifying character sets
[Email protected] ~]# cat/etc/sysconfig/i18n #LANG = "en_US. UTF-8 "lang=" ZH_CN. GB18030 "sysfont=" Latarcyrheb-sun16 "source/etc/sysconfig/i18n #使之生效
Learn Linux try to avoid Chinese characters, preferably using en_US. UTF-8 Character Set
8. System time Synchronization
NTP Time Synchronization Service
/usr/sbin/ntpdate time.nist.govecho ' #time sync by dong at 2017-02-16 ' >>/var/spool/cron/rootecho ' */5 * * * */usr/ Sbin/ntpdate time.nist.gov >/dev/null 2>&1 ' >>/var/spool/cron/rootcrontab-l
9. Increase the server file descriptor
Ulimit-n Viewing the default 1024
Echo ' *-nofile 65535 ' >>/etc/security/limits.conf
Set up auto-Modify on boot
10. Adjust kernel parameter file/etc/sysctl.conf
Net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_synack_retries = 1net.ipv4.tcp_keepalive_time = 600net.ipv4.tcp_keepalive_probes = 3net.ipv4.tcp_keepalive_intvl =15net.ipv4.tcp_ retries2 = 5net.ipv4.tcp_fin_timeout = 2net.ipv4.tcp_max_tw_buckets = 36000net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_max_orphans = 32768net.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.tcp_ wmem = 8192 131072 16777216net.ipv4.tcp_rmem = 32768 131072 16777216net.ipv4.tcp_mem = 786432 1048576 1572864net.ipv4.ip_local_port_range = 1024 65000net.ipv4.ip_conntrack_max = 65536net.ipv4.netfilter.ip_conntrack_max= 65536net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180net.core.somaxconn = 16384net.core.netdev_max_backlog = 16384
11. Script regularly cleans up clientmqueue directory junk files to prevent full disk space
echo "find/var/spool/clientmqueue/-type f|xargs rm-f" >/scripts/del_sys_file.shecho "xx * * */bin/sh/scripts/del _sys_file.sh>/dev/null 2>&1 ">>/
12. Modify the login system prompt Information
>/etc/issue or Cat/dev/null >/etc/issue
13. Lock Critical system files
Chattr +i/etc/passwd file plus lock
chattr-i/etc/passwd file Unlock
important orders. netstat lntup or an ( L List N Digital Display T TCP Connection u UDP Protocol P process name)
[--tcp|-t] [--udp|-u] [--listening|-l] [--all|-a] [--numeric|-n] [--program|-p]
lsof-i: 52113 View Ports
This article is from the "Dongliqiang" blog, make sure to keep this source http://6207422.blog.51cto.com/6197422/1898534
Linux Intermediate Architecture First affidavit