Linux system optimization

1.1garbled solution appears

Change language

123	export.GB2312echo $LANGen_US.GB2312

The character set currently used by the system

1. Echo $LANG

2, look at your current remote connection tool use language (software character set)

1234567891011

#1.系统当前使用的字符集 echo $LANGen_US.GB2312#2.看你远程连接的软件的字符集 export.UTF-8 echo $LANGen_US.UTF-8zh_CN.UTF-8 中文

/etc/syscionfig/i18n Permanent entry into force

# # #恢复原有的英文环境

\cp/etc/sysconfig/i18n.bak/etc/sysconfig/i18n

source/etc/sysconfig/i18n

[Email protected] ~]# echo $LANG

en_US. UTF-8

1.2 updated Yum source information

# 03: Update Yum Source information

12345

mv /etc/yum.repos.d/CentOS-Base.repo/etc/yum.repos.d/CentOS-Base.repo.backupwget -O /etc/yum.repos.d/CentOS-Base.repo  http://mirrors.aliyun.com/repo/Centos-6.repomv /etc/yum.repos.d/epel.repo/etc/yum.repos.d/epel.repo.backupmv /etc/yum.repos.d/epel-testing.repo/etc/yum.repos.d/epel-testing.repo.backupwget -O /etc/yum.repos.d/epel.repo  http://mirrors.aliyun.com/repo/epel-6.repo

1.3 Close SELinux

# 04: Turn off SELinux

12345

sed -i ‘s#SELINUX=.*#SELINUX=disabled#g‘/etc/selinux/configsed -i ‘s/SELINUX=enforcing/SELINUX=disabled/‘/etc/selinux/configgrep SELINUX=disabled /etc/selinux/configsetenforce 0getenforce

1.4 close Iptables

# 05: Close Iptables

123	/etc/init.d/iptables stop/etc/init.d/iptables stopchkconfig iptables off

1.5Simplified power-on self-boot entry

# 06: Compact boot self-boot entry

1234	chkconfig|egrep -v"crond|sshd|network|rsyslog|sysstat"|awk ‘{print"chkconfig",$1,"off"}‘|\bashexportchkconfig --list|grep 3:on

1.6The extract username can be used with sudo

# 07: Right Oldboy can use sudo

123456

useradd oldboyecho 123456|passwd --stdin oldboy\cp /etc/sudoers /etc/sudoers.oriecho "oldboy ALL=(ALL) NOPASSWD: ALL ">>/etc/sudoerstail -1 /etc/sudoersvisudo -c

1.7 Character Set

# 08: Set the system Chinese character set

1234	cp /etc/sysconfig/i18n /etc/sysconfig/i18n.oriecho ‘LANG="en_US.UTF-8"‘>/etc/sysconfig/i18nsource /etc/sysconfig/i18necho $LANG

1.8Enlarge file Descriptor

# 10: Enlarge file Descriptor

Echo ' *-nofile 65535 ' >>/etc/security/limits.conf

Tail-1/etc/security/limits.conf

Ulimit-shn 65535

Ulimit-n

1.9Optimizing system Kernel Information

# 11: Optimize system Kernel Information

12345678910111213141516171819202122232425262728

cat >>/etc/sysctl.conf<<EOFnet.ipv4.tcp_fin_timeout = 2net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_syncookies = 1net.ipv4.tcp_keepalive_time = 600net.ipv4.ip_local_port_range = 4000    65000net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.tcp_max_tw_buckets = 36000net.ipv4.route.gc_timeout = 100net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_synack_retries = 1net.core.somaxconn = 16384net.core.netdev_max_backlog = 16384net.ipv4.tcp_max_orphans = 16384#以下参数是对iptables防火墙的优化，防火墙不开会提示，可以忽略不理。net.nf_conntrack_max = 25000000net.netfilter.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_tcp_timeout_established= 180net.netfilter.nf_conntrack_tcp_timeout_time_wait =120net.netfilter.nf_conntrack_tcp_timeout_close_wait =60net.netfilter.nf_conntrack_tcp_timeout_fin_wait =120net.core.wmem_default = 8388608net.core.rmem_default = 8388608net.core.wmem_max = 16777216net.core.rmem_max = 16777216EOFsysctl -p

1.10installation system common small software

Yum Install Lrzsz nmap tree Dos2unix nc-y

1.11 Small Function optimization

ps1= "\[\e[32;1m\][\[email protected]\h \w]\\$\[\e[0m\]" >>/ETC/BASHRC # #小功能优化

1.12SSH connection speed is slow optimization

Sed-i.bak ' [email protected] #UseDNS [email protected]@g; [Email protected]^gssapiauthentication [email protected] [email protected] '/etc/ssh/sshd_config

/etc/init.d/sshd Reload

1.13Summary of Linux Basic optimization and security highlights

01. Do not log on to the management system with root, and log on as a normal user through sudo authorization management.

02. Change the default remote connection SSH service port, prohibit the root user to connect remotely, even change the SSH service to listen only the intranet IP.

03. Automatically update the server time to synchronize with the Internet time.

04. Configure the Yum update source to download the installation package from the domestic update source.

05. Turn off SELinux and iptables in a working scenario, a server with high concurrency and high traffic may not turn on if an external IP is generally turned on iptables.

06. Adjust the number of file descriptors, and the number of file descriptors will be consumed by process and file opening.

07. Regular automatic cleanup of mail temporary directory junk files, to prevent the inodes of the disk is full of small files note Centos6 and Centos5 to clear the directory is different.

08. Streamline and retain the necessary boot-up services (such as Crond, sshd, Network, Rsyslog, Sysstat).

09.Linux kernel parameter optimization/etc/sysctl.conf, execution sysctl-p effective.

10. Change the system character set to "ZH_CN." UTF-8 "so that it supports Chinese and prevents garbled problems.

11. Lock critical system files such as/etc/passwd,/etc/shadow,/etc/group,/etc/gshadow,/etc/inittab,

after processing the above content, Chattr, lsattr renamed to Oldboy, transfer away, so it is much safer.

12. Clear/etc/issue,/etc/issue.net, remove the screen display before the system and kernel version login.

13. Clear the redundant system virtual user account.

14. Add a password for the Grub boot menu.

15. Disable the host from being ping.

16. Patch and upgrade software with known vulnerabilities.

Linux system optimization