1.1garbled solution appears
Change language
123 |
export.GB2312 echo $LANG en_US.GB2312 |
The character set currently used by the system
1. Echo $LANG
2, look at your current remote connection tool use language (software character set)
1234567891011 |
#1.系统当前使用的字符集 echo $LANG en_US.GB2312 #2.看你远程连接的软件的字符集 export.UTF-8 echo $LANG en_US.UTF-8 zh_CN.UTF-8 中文 |
/etc/syscionfig/i18n Permanent entry into force
# # #恢复原有的英文环境
\cp/etc/sysconfig/i18n.bak/etc/sysconfig/i18n
source/etc/sysconfig/i18n
[Email protected] ~]# echo $LANG
en_US. UTF-8
1.2 updated Yum source information
# 03: Update Yum Source information
12345 |
mv /etc/yum.repos.d/CentOS-Base.repo/etc/yum.repos.d/CentOS-Base.repo.backup wget -O /etc/yum.repos.d/CentOS-Base.repo http: //mirrors.aliyun.com/repo/Centos-6.repo mv /etc/yum.repos.d/epel.repo/etc/yum.repos.d/epel.repo.backup mv /etc/yum.repos.d/epel-testing.repo/etc/yum.repos.d/epel-testing.repo.backup wget -O /etc/yum.repos.d/epel.repo http: //mirrors.aliyun.com/repo/epel-6.repo |
1.3 Close SELinux
# 04: Turn off SELinux
12345 |
sed -i ‘s#SELINUX=.*#SELINUX=disabled#g‘ /etc/selinux/config sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/‘ /etc/selinux/config grep SELINUX=disabled /etc/selinux/config setenforce 0 getenforce |
1.4 close Iptables
# 05: Close Iptables
123 |
/etc/init.d/iptables stop /etc/init.d/iptables stop chkconfig iptables off |
1.5Simplified power-on self-boot entry
# 06: Compact boot self-boot entry
1234 |
chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat" |awk ‘{print"chkconfig",$1,"off"}‘ |\ bash export chkconfig --list|grep 3:on |
1.6The extract username can be used with sudo
# 07: Right Oldboy can use sudo
123456 |
useradd oldboy echo 123456|passwd --stdin oldboy \cp /etc/sudoers /etc/sudoers.ori echo "oldboy ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers tail -1 /etc/sudoers visudo -c |
1.7 Character Set
# 08: Set the system Chinese character set
1234 |
cp /etc/sysconfig/i18n /etc/sysconfig/i18n.ori echo ‘LANG="en_US.UTF-8"‘ >/etc/sysconfig/i18n source /etc/sysconfig/i18n echo $LANG |
1.8Enlarge file Descriptor
# 10: Enlarge file Descriptor
Echo ' *-nofile 65535 ' >>/etc/security/limits.conf
Tail-1/etc/security/limits.conf
Ulimit-shn 65535
Ulimit-n
1.9Optimizing system Kernel Information
# 11: Optimize system Kernel Information
12345678910111213141516171819202122232425262728 |
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
#以下参数是对iptables防火墙的优化,防火墙不开会提示,可以忽略不理。
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established= 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait =120
net.netfilter.nf_conntrack_tcp_timeout_close_wait =60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait =120
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
EOF
sysctl -p
|
1.10installation system common small software
Yum Install Lrzsz nmap tree Dos2unix nc-y
1.11 Small Function optimization
ps1= "\[\e[32;1m\][\[email protected]\h \w]\\$\[\e[0m\]" >>/ETC/BASHRC # #小功能优化
1.12SSH connection speed is slow optimization
Sed-i.bak ' [email protected] #UseDNS [email protected]@g; [Email protected]^gssapiauthentication [email protected] [email protected] '/etc/ssh/sshd_config
/etc/init.d/sshd Reload
1.13Summary of Linux Basic optimization and security highlights
01. Do not log on to the management system with root, and log on as a normal user through sudo authorization management.
02. Change the default remote connection SSH service port, prohibit the root user to connect remotely, even change the SSH service to listen only the intranet IP.
03. Automatically update the server time to synchronize with the Internet time.
04. Configure the Yum update source to download the installation package from the domestic update source.
05. Turn off SELinux and iptables in a working scenario, a server with high concurrency and high traffic may not turn on if an external IP is generally turned on iptables.
06. Adjust the number of file descriptors, and the number of file descriptors will be consumed by process and file opening.
07. Regular automatic cleanup of mail temporary directory junk files, to prevent the inodes of the disk is full of small files note Centos6 and Centos5 to clear the directory is different.
08. Streamline and retain the necessary boot-up services (such as Crond, sshd, Network, Rsyslog, Sysstat).
09.Linux kernel parameter optimization/etc/sysctl.conf, execution sysctl-p effective.
10. Change the system character set to "ZH_CN." UTF-8 "so that it supports Chinese and prevents garbled problems.
11. Lock critical system files such as/etc/passwd,/etc/shadow,/etc/group,/etc/gshadow,/etc/inittab,
after processing the above content, Chattr, lsattr renamed to Oldboy, transfer away, so it is much safer.
12. Clear/etc/issue,/etc/issue.net, remove the screen display before the system and kernel version login.
13. Clear the redundant system virtual user account.
14. Add a password for the Grub boot menu.
15. Disable the host from being ping.
16. Patch and upgrade software with known vulnerabilities.
Linux system optimization