Linux system optimization

centos6.7_x64 System Optimization:

1 Turn off selinux

#Disable Selinu

Setenforce 0

Sed-i '/selinux=enforcing/cselinux=disabled '/etc/selinux/config

2 shutting down the firewall

#Stop iptables

/etc/init.d/iptables stop

/etc/init.d/ip6tables stop

Chkconfig Ip6tables off

Chkconfig Ip6tables off

3 Set the run level to 3,mini installation By default is 3

Sed-i ' s/^id:[0-6]/id:3/'/etc/inittab

4 Thin boot start service (Iptables/ip6tables is off)

#Stop Services

Chkconfig--list | grep "3:on" |grep-ve "Crond|messagebus|network|rsyslog|sshd|sysstat" | awk ' {print ' Chkconfig ', $, ' off '} ' |bash

service with a run level of 3

[Email protected] ~]# Chkconfig--list | grep "3:on"

Abrt-ccpp 0:off 1:off 2:off 3:on 4:off 5:on 6:OFF#ABRT process, providing analysis report

ABRTD 0:off 1:off 2:off 3:on 4:off 5:on 6:off#abrt (Automatic Bug Reporting Tool) daemon, requires root access and Running in the background

Acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off# power Management process

ATD 0:off 1:off 2:off 3:on 4:on 5:on 6:off# Task scheduling process (executed once)

AUDITD 0:off 1:off 2:on 3:on 4:on 5:on 6:off# kernel Audit process

Blk-availability 0:off 1:on 2:on 3:on 4:on 5:on 6:off# block Device management tools

Cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off#cpu speed control process

crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off # Scheduled task process (periodic execution)

Haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off# Hardware abstraction layer process, mainly collects hardware information

Irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off#cpu load Balancing Management process

Kdump 0:off 1:off 2:off 3:on 4:on 5:on 6:off# in a system crash is the process of dumping kernel information

Lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:OFF#LVM monitoring Process

Mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off# soft radi monitoring Process

messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off# mainly provide and Dbus Communication Services

Netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off# file system automatic Mount Service (Nfs,samba)

Network 0:off 1:off 2:on 3:on 4:on 5:on 6:off # Networking interface on/ off daemon

Postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off#poxtfix Mail Service

rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off # log information collection service

sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off #ssh telnet process

sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off # System performance monitoring Tool service

Udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off# Device Management Services

5 SSH Service configuration

#SSH

Sed-ir ' 13i Port 22\npermitrootloginyes\npermitemptypasswords no\nusedns no\ngssapiauthentication No '/etc/ssh/sshd_ Config

6 Create a regular administrator account and manage it with sudo authorization

#sudo User

GROUPADD-G 601 Admin

Useradd-u 601-g Admin Admin

\cp/etc/sudoers/etc/sudoers.ori

echo "Admin all= (All) Nopasswd:all" >>/etc/sudoers

7 System Character Set (default selection in English)

cat/etc/sysconfig/i18n

Lang= "en_US. UTF-8 "

Sysfont= "Latarcyrheb-sun16"

The Chinese needs to be set to "ZH_CN". UTF8 "

8 NTP Time synchronization

in the In-network environment, the 1-2 NTP time server is usually deployed to synchronize with the network time, and other devices in the intranet are synchronized through the intranet NTP server .

9 Modifying the number of history records

echo ' Export histsize=1000 ' >>/etc/profile

echo ' Export histfilesize=1000 ' >>/etc/profile

Modify Login Timeout

echo ' Export tmout=300 ' >>/etc/profile

File Descriptor Modification

The enterprise's production department may report that the system files can not be opened, you need to be aware of whether the number of open files caused by too few

#Open files

Echo ' *-nofile 65535 ' >>/etc/security/limits.conf

kernel Common optimization parameters

#Kernel

Cat >>/etc/sysctl.conf<<eof

net.ipv4.tcp_fin_timeout=2

Net.ipv4.tcp_tw_reuse=1

Net.ipv4.tcp_tw_recycle=1

Net.ipv4.tcp_syncookies=1

net.ipv4.tcp_keepalive_time=600

Net.ipv4.ip_local_port_range = 4000 65000

net.ipv4.tcp_max_syn_backlog= 16384

net.ipv4.tcp_max_tw_buckets=36000

net.ipv4.route.gc_timeout=100

Net.ipv4.tcp_syn_retries=1

Net.ipv4.tcp_synack_retries=1

net.core.somaxconn=16384

net.core.netdev_max_backlog=16384

net.ipv4.tcp_max_orphans=16384

Eof

Modify version Information

Change the version information displayed by the system by modifying /etc/issue and /etc/issue.net

clear Redundant System account

After you know your company's specific business, you can disable redundant system accounts.

Encrypt the grub menu

administrators typically do not set grub passwords specifically unless the security requirements are very high

Lock key Files

Chart +i/etc/passwd, etc., are generally not locked unless the security requirements are very high

software upgrade

lifting related software, should be built in the local Yum Warehouse, intranet devices from the local yum from the library to update

This article is from the "Clark Operations" blog, please be sure to keep this source http://szcat.blog.51cto.com/665775/1812858

Linux system optimization