Home > Developer > Linux

Linux System Optimization Summary

Source: Internet
Author: User
Tags crypt i18n iptables rsyslog
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Linux System Optimization Summary

1) do not use root login management system, and the normal user login through sudo authorization management.
For example:
Useradd Oldboy
ID Oldboy
echo "Oldboy all= (All) nopasswd:all" >>/etc/sudoers
2) Change the default remote connection SSH service port, prohibit the root user to connect remotely, even to change the SSH service only listen to the intranet IP.

[Email protected] ~]# Vim/etc/ssh/sshd_config
Port 51898 # #监听端口, Ports range (0-65535, preferably ports greater than 1024)
ListenAddress 192.168.1.128 # #监听地址, to be on the safe side, listen to the network above
Protocol 2 # #使用协议
Permitemptypasswords No # #禁止空密码登录系统, default is forbidden
Usedns No # #禁止DNS反解析
Permitrootlogin No # #禁止root远程登录
Gssapiauthentication No # #加速登录ssh

3) Automatically update the time of the server, so that it and the Internet time synchronization.
Ntpdate time-a.nist.gov
4) Configure the Yum update source to download the installation package from the domestic update source.
Wget-o/etc/yum.repos.d/centos-base.repo Http://mirrors.aliyun.com/repo/Centos-6.repo
5) Turn off SELinux and Iptables (in a working scenario, a server with high concurrency and high traffic may not turn on if an external IP is typically turned on iptables).
#关闭SElinux
Sed-i ' s/selinux=enforcing/selinux=disabled/'/etc/selinux/config
grep selinux=disabled/etc/selinux/config
Setenforce 0
Getenforce

#关闭iptables
/etc/init.d/iptables stop
Chkconfig iptables off
6) Adjust the number of file descriptors, and the number of file descriptors will be consumed by process and file opening.
#系统默认1024
Ulimit-n
# #临时设置
Ulimit-shn 65535
#检查临时设置是否成功
Ulimit-n
# #永久设置
Vim/etc/security/limits.conf
##* Soft Nofile 65535
##* Hard Nofile 65535

7) regularly automatically clean up the mail temporary directory junk files, to prevent the number of disk inodes by small files full (note Centos6 and Centos5 to clear the directory is different).


8) Streamline and retain the necessary boot-up services (such as Crond, sshd, Network, Rsyslog, Sysstat).
Method One:
For name in ' Chkconfig--list | grep 3:on | awk ' {print '} ' | Grep-ev "Sshd|crond|iptables|network|rsyslog|sshd|sysstat" ';d o chkconfig $name off;done
Method Two:
Chkconfig--list | grep 3:on | awk ' {print '} ' | Grep-ev "Sshd|crond|iptables|network|rsyslog|sshd|sysstat" | Sed-r ' s# (. *) #chkconfig \1 off#g ' | Bash
Method Three:
Chkconfig--list | grep 3:on | awk ' {print '} ' | Grep-ev "Crond|iptables|network|rsyslog|sshd|sysstat" | awk ' {print ' chkconfig "" "\" "" "Off"} ' | Bash
9) Linux kernel parameter optimization/etc/sysctl.conf, execution sysctl-p effective.
Vim/etc/sysctl.conf
#net. ipv4.tcp_syn_retries = 1
#net. ipv4.tcp_synack_retries = 1
#net. Ipv4.tcp_keepalive_time = 600
#net. Ipv4.tcp_keepalive_probes = 3
#net. IPV4.TCP_KEEPALIVE_INTVL =15
#net. Ipv4.tcp_retries2 = 5
#net. ipv4.tcp_fin_timeout = 2
#net. ipv4.tcp_max_tw_buckets = 36000
#net. ipv4.tcp_tw_recycle = 1
#net. Ipv4.tcp_tw_reuse = 1
#net. Ipv4.tcp_max_orphans = 32768
#net. ipv4.tcp_syncookies = 1
#net. Ipv4.tcp_max_syn_backlog = 16384
#net. Ipv4.tcp_wmem = 8192 131072 16777216
#net. Ipv4.tcp_rmem = 32768 131072 16777216
#net. Ipv4.tcp_mem = 786432 1048576 1572864
#net. Ipv4.ip_local_port_range = 1024 65000
#net. Ipv4.ip_conntrack_max = 65536
#net. ipv4.netfilter.ip_conntrack_max=65536
#net. ipv4.netfilter.ip_conntrack_tcp_timeout_established=180
#net. Core.somaxconn = 16384
#net. Core.netdev_max_backlog = 16384
# #立即生效
Sysctl-p

10) Change the system character set to "ZH_CN." UTF-8 "so that it supports Chinese and prevents garbled problems.
Sed-i ' S#en_us. Utf-8#zh_cn. Utf-8#g '/etc/sysconfig/i18n
source/etc/sysconfig/i18n
11) Lock the key system files such as/etc/passwd,/etc/shadow,/etc/group,/etc/gshadow,/etc/inittab, after processing the above content chattr, lsattr renamed Oldboy, transferred away, That's a lot safer.
Chattr +i/etc/passwd
Chattr +i/etc/shadow
Chattr +i/etc/group
Chattr +i/etc/gshadow
Chattr +i/etc/inittab
Chattr +i/etc/passwd
#临时创建别名
Alias chattr= ' Cha '
Alias Lsattr= ' LSA '
Permanently create aliases
echo alias chattr= ' Cha ' >>/root/.bashrc
echo alias lsattr= ' LSA ' >>/ROOT/.BASHRC
12) Clear the/etc/issue,/etc/issue.net, remove the system and the kernel version of the screen before the login display.
>/etc/issue
>/etc/issue.net
13) Clear the redundant system virtual user account.

14) Add a password for the Grub boot menu.
#执行/sbin/grub-md5-crypt will randomly generate a string
/sbin/grub-md5-crypt
Add a string to the/boot/grub/grub.conf
echo "passwd--md5 $1$fkb6n$k3euy32phkr2mlpn9rjpa0" >>/boot/grub/grub.conf

15) prevent the host from being ping.
#修改内核参数
echo "Net.ipv4.icmp_echo_ignore_all=1" >>/etc/sysctl.conf
#立即生效
Sysctl-p
16) Patching and upgrading software with known vulnerabilities.

This article from "11471403" blog, declined reprint!

Linux System Optimization Summary

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
system web optimization missing linux mobile operating system linux file system security linux select system call linux system command linux system function linux system log messages
Related Article
Linux DNS detailed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More