Linux System Foundation Optimization 14 Summary (CentOS6.5)

one, without the root user login, to ordinary users through sudo management authorization

Ordinary users involved in the use of super-privilege, if the administrator wants to let the ordinary user through Su to switch to root for super permissions, you must give the root password to the user. However, if the normal user has root privileges, can do anything through root privileges, which will pose a threat to the security of the system

sudo is a privilege management mechanism that allows an administrator to authorize some ordinary user to perform some root operation, and the ordinary user does not need to know the root password, which relies on the/etc/sudoers file, It can be delegated to an ordinary user on the host to be able to execute as an administrator what kind of management commands, and is limited. This file is equivalent to an authorization form.

Example: Visudo (or Vi/etc/sudoers)

650) this.width=650; "Src=" Https://s5.51cto.com/oss/201710/31/6e0c61671b9be7170c461f4ba443f0a1.png-wh_500x0-wm_3 -wmp_4-s_4116329448.png "title=" Qq20171031143350.png "alt=" 6e0c61671b9be7170c461f4ba443f0a1.png-wh_ "/>

Grammar
User Machine=commands

• User who wants to assign

• Machine you want users to manage

• Commands what permissions you want the user to have (permissions are in command)

Root all= (All) all
The parentheses indicate which user's permissions are allowed for the user to do things

(1)

Ian's average user at this point is the equivalent of root.
650) this.width=650; "src=" http://img.blog.csdn.net/20160819164231789 "alt=" here write a picture describing "title=" "style=" border:none; Margin-top:15px;margin-bottom:15px;height:auto; "/>

But ordinary user Ian, when performing root operations, must add sudo to the command before it can still be executed. When the root operation is performed, the required password is no longer the root Superuser's password, but the password of the normal user.

650) this.width=650; "src=" http://img.blog.csdn.net/20160819164508909 "alt=" here write a picture describing "title=" "style=" border:none; Margin-top:15px;margin-bottom:15px;height:auto;color:rgb (63,63,63); font-family: ' Microsoft Yahei '; White-space: Normal;background-color:rgb (255,255,255); "/>

(2)

650) this.width=650; "src=" http://img.blog.csdn.net/20160819165329287 "alt=" here write a picture describing "title=" "style=" border:none; Margin-top:15px;margin-bottom:15px;height:auto; "/>

[[email protected] ~]# which useradd #which view command path/usr/sbin/useradd

650) this.width=650; "src=" http://img.blog.csdn.net/20160819165637060 "alt=" here write a picture describing "title=" "style=" border:none; Margin-top:15px;margin-bottom:15px;height:auto; "/>

Second, change the remote connection port of SSH service, prohibit the root user to telnet.

linux Remote connection default ports port

config file  
650) this.width=650; "src=" http://img.blog.csdn.net/20160807161702304 "alt=" here write a picture describing "title=" "style=" border:none; Margin-top:15px;margin-bottom:15px;height:auto;color:rgb (63,63,63); font-family: ' Microsoft Yahei '; White-space: Normal;background-color:rgb (255,255,255); "/>

Third, scheduled automatic update server time, so that it and Internet time synchronization

Iv. Configure the Yum update source to download the installation package from the domestic update source

Five, close SELinux and iptables (if there is an extranet IP open)

Six, adjust the number of file descriptors, process and file opening will consume the file descriptor

Seven, regular automatic cleanup mail directory junk file, prevent inodes node full

Viii. streamline and retain the necessary boot-up services

Nine, the Linux kernel parameter optimizes/etc/sysctl.conf, then executes the sysctl-p to take effect.

Ten, change the character set to support Chinese, but still recommend the use of English, to prevent garbled problems

Xi. lock critical system files to prevent power tampering

12, clear/etc/issue/etc/issue.net, remove the system and kernel version before landing screen display

13. Remove redundant system accounts

14. Encrypt the Grub menu

Linux System Foundation Optimization 14 Summary (CentOS6.5)