Linux server optimization Preface: server operation suggestion 1. strict & amp; 26684; operate servers according to directory specifications 2. remote Linux server optimization preface:
Server operation suggestions
1. operate servers in strict accordance with directory specifications
2. remote servers cannot be shut down
3. do not run high-load commands during server access peaks
4. do not force yourself out of the server when configuring the firewall remotely.
1. disable unnecessary services
Ntsysv command: if the number * is earlier, it indicates that the system will start automatically at next boot!
Basic services to be enabled:
Network service
Sshd ssh remote management service
Syslog System Log service
Iptables firewall service
Crond system scheduled task service
Xinetd system super daemon service
2. disable the redundant console and disable ctrl + alt + del
1. modify the/etc/inittab file
Comment out the redundant console and retain 2.
For example: #3: 2345: respawn:/sbin/mingettytty3
2. disable the ctrl + alt + del shortcut key [hot start shortcut key]
Example: # ca: ctrlaltdel:/sbin/shutdown-t3-r now
III. network optimization
1. ping prohibited
Echo1>/proc/sys/net/ipv4/icmp_echo_ignore_all
# The original value is 0.
2. prohibit source route packages (prevent Source spoofing)
Echo1>/proc/sys/net/ipv4/conf/*/accept_source_route
3. enable the SYNcookie option to disable SYN attacks.
Echo1>/proc/sys/net/ipv4/tcp_syncookies
[Note] because the data is stored in the/proc directory, the data will be restored once the server is restarted! Therefore, you should write these commands to the self-starting directory!
4. strict security policies
1. reasonable password and regular change
Password three principles: complexity, easy to remember, timeliness
2. assign permissions reasonably
3. Use ssh for remote management. do not use telnet because telnet is transmitted in plaintext!
4. ensure the security of/etc/shadow. The shadow file saves the real password in Linux!
5. regularly back up important data and logs
5. regular Linux upgrade
Yum-y update # automatic online upgrade
Appendix: John brute force cracking tool
1. Download
1) http://www.openwall.com/john/
2) Download the dictionary
2. Installation
1) install gccyum-y install gcc
2) decompress tar-zxvf john-1.7.9.tar.gz
3) decompress the cd directory/src/
4) make
Make clean linux-x86-mmx
3. use
Cp/etc/shadow/root
Chmod 777/root/shadow
John directory/run/john/root/shadow
# If you want to use a dictionary, add the-w option before the file to be cracked
4. View
Run/john -- show/etc/shadow
Cat run/john. pot