Linux system optimization

Source: Internet
Author: User
Tags gpg rsyslog

1, modifyIpaddress, Gateway, host name,Dnswait
[[email protected] ~]# cat/etc/sysconfig/network-scripts/ ifcfg-eth0device=eth0            #网卡名称HWADDR =00:0c:29:06 :c2:bc      #MAC地址TYPE =ethernet        # Network card type uuid=00c8bfff-f6fa-4d4e-9062-3b82a00c7123   unique onboot=yes    in #UUID号    system         #重启网卡或服务器是否启动网卡NM_CONTROLLED =yesbootproto=none             #设置IP为静态或动态IPADDR =             #IP地址NETMASK =     #子网掩码GATEWAY =       #网关DNS1 =          # DNS1 address dns2=          #DNS2地址 (alternate DNS) 

2, add a regular user, andSudoAuthorization Management
[[email protected] ~]# useradd ljx[[email protected] ~]# echo "123456" |passwd--stdin ljx&&history–c[[email prote CTED] ~]# Visudo under root all= (all) All this line, add the following content Ljx all= (All) all
3, scheduled automatic Update server time
[[email protected] ~]# echo ' */5 * * * */usr/sbin/ntpdate>/dev/null 2 >&1 ' >>/var/spool /cron/root[[email protected] ~]# echo ' */10 * * * */usr/sbin/ >/dev/null 2>&1 ' >>/va R/spool/cron/root

Tips: CentOS 6.4 the time Synchronization command path is different

6 is /usr/sbin/ntpdate.

5 is /sbin/ntpdate.

4, closeSELinux, EmptyIptables

Close SELinux

[[email protected] ~]# sed–i ' s/selinux=enforcing/selinux=disabled/g '/etc/selinux/config #修改配置文件则永久生效, but the system must be restarted. [[email protected] ~]# grep selinux=disabled/etc/selinux/configselinux=disabled #查看更改后的结果 [[email protected] ~]# SETENF Orce 0 #临时生效命令 [[email protected] ~]# Getenforce #查看selinux当前状态

Clear iptables

[Email protected] ~]# iptables–f #清理防火墙规则 [[email protected] ~]# iptables–l #查看防火墙规则Chain INPUT (policy ACCEPT) t Arget prot opt source Destinationchain FORWARD (policy ACCEPT) target prot opt source Desti Nationchain OUTPUT (policy ACCEPT) target prot opt source Destination[[email protected] ~]#/etc/init.d/ipta Bles Save #保存防火墙配置信息

5, updateYumsource and necessary software installation

Yum Install the software, get it by default rpm the way of the package from the official source of foreign countries, changed to domestic sources.

configured using the Mirror site Yum installation Source configuration file

Mv/etc/yum.repos.d/centos-base.repo/etc/yum.repos.d/centos-base.repo.backupwget-o/etc/yum.repos.d/ Centos-base.repo

Next, execute the following command to detect if Yum is normal

[email protected] ~]# Yum clean all #清空yum缓存 [[email protected] ~] #yum makecache #建立yum缓存

Then use the following command to update the system to the latest

[Email protected] ~]# rpm--import/etc/pki/rpm-gpg/rpm-gpg-key* #导入签名KEY到RPM [[email protected] ~] #yum upgrade-y #更新 System kernel to the latest

Then we need to install a few necessary software.

[email protected] ~]# Yum install Lrzsz ntpdatesysstat-y

Lrzsz is a software that uploads and downloads

Sysstat a tool for detecting system performance and efficiency

6, streamlined boot-up service

just installed the operating system can only keep crond,network,syslog,sshd these four services. (centos6.x for rsyslog)

for sun in  ' chkconfig --list|grep 3:on|awk  ' {print$1} ';d o chkconfig - -level 3  $sun  off;donefor sun in crond rsyslog sshd network;do  chkconfig--level 3  $sun  on;donechkconfig --list|grep 3:oncrond           0:off   1:off   2:on    3:on    4:on    5:on   6:offnetwork         0:off   1:off   2:on   3:on     4:on    5:on   6:offrsyslog         0:off   1:off   2:on   3:on     4:on    5:on   6:offsshd            0:off   1:off   2:on   3:on    4:on     5:on   6:off
7, change the defaultSshservice port, disableRootUser remote Connection
[[Email protected] ~] #cp/etc/ssh/sshd_config/etc/ssh/sshd_config.bak[[email protected] ~]# vim/etc/ssh/sshd_    Configport 52113 #ssh连接默认的端口PermitRootLogin No #root用户黑客都知道, it is forbidden to telnet permitemptypasswords no #禁止空密码登录UseDNS No #不使用DNS [[email protected] ~]#/etc/init.d/sshd reload #从新加载配置 [[email protected] ~] #netstat-lnt #查看端口信息 [[Email Prote CTED] ~]# lsof-i tcp:52113
8, locking critical file systems
[[email protected] ~]# chattr +i/etc/passwd[[email protected] ~]# chattr +i/etc/inittab[[email protected] ~] #chattr +i/ Etc/group[[email protected] ~] #chattr +i/etc/shadow[[email protected] ~]# chattr +i/etc/gshadow after using the chattr command, For security we need to rename it [[email protected] ~]#/bin/mv/usr/bin/chattr/usr/bin/any name

9, adjust file descriptor size
[Email protected] ~]# ulimit–n #查看文件描述符大小1024 [[email protected] ~]# echo ' *-nofile 65535 ' >>/etc/securi Ty/limits.conf

Once the configuration is complete, log in again to view it.

Tips: you can also put Ulimit-shn 65535 command to join the /etc/rc.local , and then each reboot takes effect

[Email protected] ~]# cat>>/etc/rc.local<<eof#open filesulimit-hsn 65535#stack sizeulimit-s 65535EOF
10, remove system and kernel version before login screen display
[Email protected] ~]# >/etc/redhat-release[[email protected] ~]# >/etc/issue

This article is from the "one small step per day" blog, so be sure to keep this source

Linux system optimization

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.