centos6.7_x64 System Optimization:
1 Turn off selinux
#Disable Selinu
Setenforce 0
Sed-i '/selinux=enforcing/cselinux=disabled '/etc/selinux/config
2 shutting down the firewall
#Stop iptables
/etc/init.d/iptables stop
/etc/init.d/ip6tables stop
Chkconfig Ip6tables off
Chkconfig Ip6tables off
3 Set the run level to 3,mini installation By default is 3
Sed-i ' s/^id:[0-6]/id:3/'/etc/inittab
4 Thin boot start service (Iptables/ip6tables is off)
#Stop Services
Chkconfig--list | grep "3:on" |grep-ve "Crond|messagebus|network|rsyslog|sshd|sysstat" | awk ' {print ' Chkconfig ', $, ' off '} ' |bash
service with a run level of 3
[Email protected] ~]# Chkconfig--list | grep "3:on"
Abrt-ccpp 0:off 1:off 2:off 3:on 4:off 5:on 6:OFF#ABRT process, providing analysis report
ABRTD 0:off 1:off 2:off 3:on 4:off 5:on 6:off#abrt (Automatic Bug Reporting Tool) daemon, requires root access and Running in the background
Acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off# power Management process
ATD 0:off 1:off 2:off 3:on 4:on 5:on 6:off# Task scheduling process (executed once)
AUDITD 0:off 1:off 2:on 3:on 4:on 5:on 6:off# kernel Audit process
Blk-availability 0:off 1:on 2:on 3:on 4:on 5:on 6:off# block Device management tools
Cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off#cpu speed control process
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off # Scheduled task process (periodic execution)
Haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off# Hardware abstraction layer process, mainly collects hardware information
Irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off#cpu load Balancing Management process
Kdump 0:off 1:off 2:off 3:on 4:on 5:on 6:off# in a system crash is the process of dumping kernel information
Lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:OFF#LVM monitoring Process
Mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off# soft radi monitoring Process
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off# mainly provide and Dbus Communication Services
Netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off# file system automatic Mount Service (Nfs,samba)
Network 0:off 1:off 2:on 3:on 4:on 5:on 6:off # Networking interface on/ off daemon
Postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off#poxtfix Mail Service
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off # log information collection service
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off #ssh telnet process
sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off # System performance monitoring Tool service
Udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off# Device Management Services
5 SSH Service configuration
#SSH
Sed-ir ' 13i Port 22\npermitrootloginyes\npermitemptypasswords no\nusedns no\ngssapiauthentication No '/etc/ssh/sshd_ Config
6 Create a regular administrator account and manage it with sudo authorization
#sudo User
GROUPADD-G 601 Admin
Useradd-u 601-g Admin Admin
\cp/etc/sudoers/etc/sudoers.ori
echo "Admin all= (All) Nopasswd:all" >>/etc/sudoers
7 System Character Set (default selection in English)
cat/etc/sysconfig/i18n
Lang= "en_US. UTF-8 "
Sysfont= "Latarcyrheb-sun16"
The Chinese needs to be set to "ZH_CN". UTF8 "
8 NTP Time synchronization
in the In-network environment, the 1-2 NTP time server is usually deployed to synchronize with the network time, and other devices in the intranet are synchronized through the intranet NTP server .
9 Modifying the number of history records
echo ' Export histsize=1000 ' >>/etc/profile
echo ' Export histfilesize=1000 ' >>/etc/profile
Modify Login Timeout
echo ' Export tmout=300 ' >>/etc/profile
File Descriptor Modification
The enterprise's production department may report that the system files can not be opened, you need to be aware of whether the number of open files caused by too few
#Open files
Echo ' *-nofile 65535 ' >>/etc/security/limits.conf
kernel Common optimization parameters
#Kernel
Cat >>/etc/sysctl.conf<<eof
net.ipv4.tcp_fin_timeout=2
Net.ipv4.tcp_tw_reuse=1
Net.ipv4.tcp_tw_recycle=1
Net.ipv4.tcp_syncookies=1
net.ipv4.tcp_keepalive_time=600
Net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog= 16384
net.ipv4.tcp_max_tw_buckets=36000
net.ipv4.route.gc_timeout=100
Net.ipv4.tcp_syn_retries=1
Net.ipv4.tcp_synack_retries=1
net.core.somaxconn=16384
net.core.netdev_max_backlog=16384
net.ipv4.tcp_max_orphans=16384
Eof
Modify version Information
Change the version information displayed by the system by modifying /etc/issue and /etc/issue.net
clear Redundant System account
After you know your company's specific business, you can disable redundant system accounts.
Encrypt the grub menu
administrators typically do not set grub passwords specifically unless the security requirements are very high
Lock key Files
Chart +i/etc/passwd, etc., are generally not locked unless the security requirements are very high
software upgrade
lifting related software, should be built in the local Yum Warehouse, intranet devices from the local yum from the library to update
This article is from the "Clark Operations" blog, please be sure to keep this source http://szcat.blog.51cto.com/665775/1812858
Linux system optimization