1 . Purpose 4
2 . System and Service version specification 4
3 . host naming specification recommendations 5
4 . internal HDD RIAD level specification 5
5 . installation language and operating system language selection 5
6 . partition Specification for partitioning disks 5
7 . file system type specification 6
8 . Network Configuration Specification 6
8 . 1. Network Configuration 6
8 . 2. DNS Configuration 7
9 . Software Installation Specifications 7
9 . 1. Software Requirements 7
9 . 2. Patch Inspection and installation 8
1 0. System Time Configuration specification 8
1 0.1. Time zone selection 8
1 0.2. Configuring time synchronization 9
1 1. User Password specification 9
1 1.1. User Password Policy (valid for root user)9
1 1.2. Password complexity (invalid for root user)
1 1.3. The new password that is set when the password is changed cannot be the first n used password ( not valid for root user)11
11.4. User Logon Failure 3 times , Lock the user ( The user is then automatically unlocked after a few minutes or using PAM_ Tally2 Command manual unlocking )
1 2. SYSTEM Account management
1 3. System Hardening entries
13.1. SSH optimization
13.2. Hide The software name and version number of Linux
13.3. locking System Key files to prevent malicious additions and deletions of users, modify key files, etc.:
13.4. Password for the grub Boot to prevent the system from being maliciously modified password: +
13.5. Turn off the ctl-alt-delete key combination restart system:
13.6. Modify History command to save the number of bars (so that both the command line and the history command file save only 5 commands):
1 4. System optimization entries
14.1. Linux Kernel parameter optimization:
14.2. Turn off selinux and iptables:
14.3. changing the yum source :
14.4. Adjust the number of file descriptors (open processes and files occupy file descriptors):
14.5. Setting the system character set to support Chinese:
14.6. streamlining and retaining the necessary boot-up services:
14.7. Regular automatic cleanup of mail directory spam to prevent inode nodes from being consumed:
1 5. nginx_web parameter optimization
15.1. Hide header and error page web software name and version number :
15.2. Hide web software name:
15.3. modifying Nginx default running User:
15.4. optimized Nginx process corresponding configuration :
15.5. using the epoll model :
15.6. Setting up concurrent connections for a single worker process :
15.7. Configuring The maximum number of open files for worker processes :
15.8. Optimizing the hash Table size of the server domain name :
15.9. enable efficient file transfer mode:
15.10. Adjusting the Connection timeout parameter:
15.11. FastCGI Related parameters optimization :
15.12. Enable the gzip compression feature :
15.13. Configuring Nginx Expires features:
15.14. Nginx Log optimization:
15.15. prohibit clients from accessing the website via IP (prevent malicious domain name resolution):
1 6. php-fpm parameter optimization
16.1. php-fpm.conf content is as follows:
16.2. php-frpm Main parameters:
Linux System Optimization Specification v1.0