1. Server information statistics:
(1)CPU, memory, hard disk, network card and other hardware model statistics;
(2) application software information (version, installation directory), network configuration information and other records;
(3) host name setting statistics, the name is practical and clear, can consider business and IP Fusion to name;
Good asset statistics are beneficial to management.
2. Security:
(1)BIOS encryption;
(2) disk encryption;
(3) Server login policy:
1> Rights Management, disabling Root remote login;
2> Password Policy modification: password length, password expiration days, etc. (Modify /etc/login.defs );
3 > SSH Key authentication, modify port;
(4) firewall settings: Open the port according to the demand, only put the remote connection IP of the company ;
(5) cessation of useless services;
(6) application permission settings;
(7) Delete unnecessary users of the system;
(8) turn off selinux;
3. Optimization:
(1) turn on CPU Hyper-threading;
so-called " Hyper-Threading ( hyper-threading , referred to as " HT ")" technology. Hyper-Threading technology is the use of special hardware instructions to simulate a physical core into two logical cores, so that a single processor can use thread-level Parallel Computing , which is compatible with multi-threaded operating systems and software, reducing the CPU Idle time, improve the efficiency of the CPU operation.
have a HT The field represents a hyper-threading support:
[Email protected] ~]$ Cat/proc/cpuinfo | grep HT--color
FLAGS:FPU VME de PSE TSC MSR PAE MCE cx8apic Sep MTRR PGE MCA cmov Pat PSE36 clflush DTS MMX fxsr SSE SSE2 SS ht Syscall NX RDTSCP LMCONSTANT_TSC
(2) Adjust the file descriptor size, process and file opening will consume descriptors;
ULIMIT-HSN 65536 (the maximum number of open files can be added to the /etc/rc.local Boot up)
(3) Timing synchronization system time (ntpdate);
(4)yum source update;
(5) kernel parameter optimization (/etc/sysctl.conf);
(6) optimize the application (apache,mysql,nginx ...) );
This article is from the "unplug the Operational Space" blog, please be sure to keep this source http://zhangdj.blog.51cto.com/9210512/1887150
Linux Security and optimization