Linux system post-installation optimization

1. Disable Yum update kernel upgrade.

Backup first: #cp/etc/yum.conf/etc/yum.conf.bak

To modify the configuration file for Yum: #vi/etc/yum.conf

Add exclude=kernel* at the end of [main]

Directly with the Yum command

#yum--exclude kernel* Update

2, optimize the system ulimit

Edit the configuration file.

#vim/etc/security/limits.conf

* Soft Nofile 655350

* Hard Nofile 655350

* Soft Nproc 655360

* Hard Nproc 655360

3. Optimize System kernel Parameters

　　

4. Turn off SELinux

Modifying a configuration file

#sed-i ' s/selinux=enforcing/selinux=disabled/'/etc/selinux/config

#setenforce 0

#getenforce

Disabled

5. User Login Password

Modifying a configuration file/etc/login.defs

Pass_max_days 99999

Pass_min_days 0

Pass_min_len 8

Pass_warn_age 7

/etc/pam.d/system-auth

Password Required pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-2 dcredit=-1 ocredit=-2

You can try to set your password 3 times, with a minimum of 8 digits, with at least 1 lowercase letters, 2 uppercase letters, 1 digits, and 2 special characters.

6. Restrict root users to log in directly

Configuration file/etc/ssh/sshd_config

Permitrootlogin Yes change to Permitrootlogin no

7. Restrict the user to use the SU command permission

Configuration file/etc/pam.d/su

#auth required pam_wheel.so use_uid #删除

8, prohibit Ctrl+alt+del hotkey shutdown

Configuration file/usr/lib/systemd/system/ctrl-alt-del.target

Commenting out all the content will cause reboot to be disabled.

9. Continuous Error Login Lock account

Configuration file/etc/pam.d/sshd

On the second line join

Auth Required pam_tally2.so deny=5 unlock_time=600 even_deny_root root_unlock_time=300

Indicates that the average user logged on 5 times failed to lock the account for 10 minutes, root user access failed 5 times to lock for 5 minutes.

Linux system post-installation optimization