Linux operating system optimization and security operations

Source: Internet
Author: User

I have seen many good articles on linux Optimization on the internet, and I will not repeat these articles here. I just want to talk about these issues from my own experiences.

The systems mentioned in this Article, if not specifically stated, all adopt redhat's redhat linux system.
  
First, we will perform a series of upgrades to the newly installed system, including software and kernel. This is an important step, (For details about this, please refer to my other article on upgrade ).

After upgrading all the software and completing basic firewall and configuration, we will start to optimize some detailed configurations. If you are an old system, before doing some operations and optimizing your system, you must back up all the data to other media.

1. Virtual Memory Optimization

First, check the usage of the virtual memory and use the command

# Free

View the memory usage of the current system.

In general, linux's physical memory is almost completely used. This is very different from windows. Its memory management mechanism makes full use of the system memory. It is not the same for windows to use some virtual memory no matter how large the memory is. Note This.

Use commands to configure virtual memory in Linux

# Cat/proc/sys/vm/freepages

You can view the following three numbers: the minimum memory blank page, the Minimum Memory blank page, and the maximum memory blank page.

Note that the system uses the virtual memory principle: if the number of blank pages is lower than the maximum number of blank pages, the disk swap space is used. When the minimum blank page setting is reached, the memory is used for swap (Note: I have obtained some information and need to observe it for specific applications, however, this does not affect the configuration of new virtual memory parameters ).

In general, in terms of configuring the virtual memory configuration allocated by the system, I personally think that increasing the maximum memory blank page is a good configuration method. Take the 1 GB memory configuration as an example:

You can change the original configuration proportion:

204840966444

Use commands

# Echo "204840966444">/proc/sys/vm/freepages

Because the maximum blank page configuration is added, the memory can be used more effectively.

2. Hard Disk Optimization

If you are using a scsi hard disk or an ide array, skip this section. The parameter adjustment described in this section is only applicable to servers that use an ide hard disk.

We use the hdparm program to set the IDE hard disk,

Using DMA and 32-bit transmission can greatly improve system performance. Run the following command:

#/Sbin/hdparm-c 1/dev/hda

This command specifies the PCI bus of the first IDE hard disk as 32-bit,

Use the-c 0 parameter to disable 32-bit transmission.

To use DMA on a hard disk, run the following command:

#/Sbin/hdparm-d 1/dev/hda

You can use the-d 0 parameter to disable DMA.

After the modification is complete, you can use hdparm to check the modified result and run the following command:

#/Sbin/hdparm-t/dev/had

To ensure that the set results remain unchanged, run the following command:

#/Sbin/hdparm-k 1/dev/hda

Some common parameters of the Hdparm command

-G: displays the disk's magnetic track, Head, magnetic area, and other parameters.

-I displays the hardware specification information of the hard disk, which is provided by the hard disk itself at startup.

-I directly reads the hardware specification information provided by the hard disk.

-P: Set the PIO mode of the hard disk.

-Tt evaluates the Read efficiency of the hard disk and the Read efficiency of the hard disk cache.

-U <0 or 1> allows other interruption requests to be executed simultaneously during hard disk access.

-V displays the hard disk settings.

3. Other Optimizations

Disable unnecessary services. I will not go into details about the services automatically started by the system;

About Security

Security check

As a system administrator, it is very important to perform a comprehensive security check on the system on a regular basis. Recently, some friends wrote that some inexplicable problems have occurred, for example, the biggest problem is that the network service is obviously slow, which is very likely to be attacked. Practice has proved that the default installation is not safe for any system. In fact, no matter whether you use windows, linux, bsd, or other systems, there are many vulnerabilities installed by default, so how can we become a secure system? This is exactly what our system administrators need to do. Configure and reconfigure. As long as you carefully configure any system and block known vulnerabilities, it can be said that the system is secure, not as many friends have said. They have installed the system, configured the firewall, and installed anti-virus software, so it is safe. In fact, if you do not set any security settings for the system, it is equivalent to opening a door to the hacker, which can be fully controlled in tens of minutes!

This is not shocking.

As a linux system, there are also many vulnerabilities that may be exploited to control your entire system. To prevent these vulnerabilities, we need to take the following steps:

1. Upgrade the latest version of all software packages in the system;

2. Set a strong firewall;

3. Regularly check key record files and configure anti-virus software

4. pay more attention to the websites that issue security information warnings, and master the characteristics of some of the latest viruses and hacker programs, which all benefit from the normal operation of the system.

This article focuses on optimization. In order to cooperate with this topic, we will only discuss some daily maintenance work.

In addition to the four listed above, they are required by administrators and are also important for the maintenance of some linux system details.

Including:

1. configuring the log training tool and regularly downloading backup logs is a good habit. This not only reduces the disk space consumed by logs, but also improves system efficiency and can detect problems in a timely manner, some good system log analyzer in linux can directly extract special items in the log, saving the trouble of reading logs;

2. Use the command lsof? Ci, netstat? Ca, ps? Ce and other commands, regularly check system service port listening and other conditions, you can also make a script for regular execution, these commands are regularly executed and then sent to the mailbox;

3. regularly check the history list, last list, And vipw user list of the root user;

4. Regularly Back Up Files and use the tar command to back up the files. Of course, you need to download these backups and transfer the media;

If you find any special situations or ports that you have never seen before, pay enough attention to them.

The above are some simple understandings of linux system security and optimization. I hope everyone can use linux safely and efficiently to bring convenience to your work and life.


 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.