1, modifyIpaddress, Gateway, host name,Dnswait
[[email protected] ~]# cat/etc/sysconfig/network-scripts/ ifcfg-eth0device=eth0 #网卡名称HWADDR =00:0c:29:06 :c2:bc #MAC地址TYPE =ethernet # Network card type uuid=00c8bfff-f6fa-4d4e-9062-3b82a00c7123 unique onboot=yes in #UUID号 system #重启网卡或服务器是否启动网卡NM_CONTROLLED =yesbootproto=none #设置IP为静态或动态IPADDR =10.0.0.200 #IP地址NETMASK =255.255.255.0 #子网掩码GATEWAY =10.0.0.2 #网关DNS1 =223.5.5.5 # DNS1 address dns2=223.6.6.6 #DNS2地址 (alternate DNS)
2, add a regular user, andSudoAuthorization Management
[[email protected] ~]# useradd ljx[[email protected] ~]# echo "123456" |passwd--stdin ljx&&history–c[[email prote CTED] ~]# Visudo under root all= (all) All this line, add the following content Ljx all= (All) all
3, scheduled automatic Update server time
[[email protected] ~]# echo ' */5 * * * */usr/sbin/ntpdate time.windows.com>/dev/null 2 >&1 ' >>/var/spool /cron/root[[email protected] ~]# echo ' */10 * * * */usr/sbin/ntpdatetime.nist.gov >/dev/null 2>&1 ' >>/va R/spool/cron/root
Tips: CentOS 6.4 the time Synchronization command path is different
6 is /usr/sbin/ntpdate.
5 is /sbin/ntpdate.
4, closeSELinux, EmptyIptables
Close SELinux
[[email protected] ~]# sed–i ' s/selinux=enforcing/selinux=disabled/g '/etc/selinux/config #修改配置文件则永久生效, but the system must be restarted. [[email protected] ~]# grep selinux=disabled/etc/selinux/configselinux=disabled #查看更改后的结果 [[email protected] ~]# SETENF Orce 0 #临时生效命令 [[email protected] ~]# Getenforce #查看selinux当前状态
Permissive
Clear iptables
[Email protected] ~]# iptables–f #清理防火墙规则 [[email protected] ~]# iptables–l #查看防火墙规则Chain INPUT (policy ACCEPT) t Arget prot opt source Destinationchain FORWARD (policy ACCEPT) target prot opt source Desti Nationchain OUTPUT (policy ACCEPT) target prot opt source Destination[[email protected] ~]#/etc/init.d/ipta Bles Save #保存防火墙配置信息
5, updateYumsource and necessary software installation
Yum Install the software, get it by default rpm the way of the package from the official source of foreign countries, changed to domestic sources.
configured using the Mirror site Yum installation Source configuration file
Mv/etc/yum.repos.d/centos-base.repo/etc/yum.repos.d/centos-base.repo.backupwget-o/etc/yum.repos.d/ Centos-base.repohttp://mirrors.aliyun.com/repo/centos-6.repo
Next, execute the following command to detect if Yum is normal
[email protected] ~]# Yum clean all #清空yum缓存 [[email protected] ~] #yum makecache #建立yum缓存
Then use the following command to update the system to the latest
[Email protected] ~]# rpm--import/etc/pki/rpm-gpg/rpm-gpg-key* #导入签名KEY到RPM [[email protected] ~] #yum upgrade-y #更新 System kernel to the latest
Then we need to install a few necessary software.
[email protected] ~]# Yum install Lrzsz ntpdatesysstat-y
Lrzsz is a software that uploads and downloads
Sysstat a tool for detecting system performance and efficiency
6, streamlined boot-up service
just installed the operating system can only keep crond,network,syslog,sshd these four services. (centos6.x for rsyslog)
for sun in ' chkconfig --list|grep 3:on|awk ' {print$1} ';d o chkconfig - -level 3 $sun off;donefor sun in crond rsyslog sshd network;do chkconfig--level 3 $sun on;donechkconfig --list|grep 3:oncrond 0:off 1:off 2:on 3:on 4:on 5:on 6:offnetwork 0:off 1:off 2:on 3:on 4:on 5:on 6:offrsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:offsshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
7, change the defaultSshservice port, disableRootUser remote Connection
[[Email protected] ~] #cp/etc/ssh/sshd_config/etc/ssh/sshd_config.bak[[email protected] ~]# vim/etc/ssh/sshd_ Configport 52113 #ssh连接默认的端口PermitRootLogin No #root用户黑客都知道, it is forbidden to telnet permitemptypasswords no #禁止空密码登录UseDNS No #不使用DNS [[email protected] ~]#/etc/init.d/sshd reload #从新加载配置 [[email protected] ~] #netstat-lnt #查看端口信息 [[Email Prote CTED] ~]# lsof-i tcp:52113
8, locking critical file systems
[[email protected] ~]# chattr +i/etc/passwd[[email protected] ~]# chattr +i/etc/inittab[[email protected] ~] #chattr +i/ Etc/group[[email protected] ~] #chattr +i/etc/shadow[[email protected] ~]# chattr +i/etc/gshadow after using the chattr command, For security we need to rename it [[email protected] ~]#/bin/mv/usr/bin/chattr/usr/bin/any name
9, adjust file descriptor size
[Email protected] ~]# ulimit–n #查看文件描述符大小1024 [[email protected] ~]# echo ' *-nofile 65535 ' >>/etc/securi Ty/limits.conf
Once the configuration is complete, log in again to view it.
Tips: you can also put Ulimit-shn 65535 command to join the /etc/rc.local , and then each reboot takes effect
[Email protected] ~]# cat>>/etc/rc.local<<eof#open filesulimit-hsn 65535#stack sizeulimit-s 65535EOF
10, remove system and kernel version before login screen display
[Email protected] ~]# >/etc/redhat-release[[email protected] ~]# >/etc/issue
This article is from the "one small step per day" blog, so be sure to keep this source http://fenyuer.blog.51cto.com/11265169/1928326
Linux system optimization