Linux System Security optimization (1)

Linux Server Introduction

As a system administrator, let's talk about Linux based on server applications. First of all, we need to clarify a point of view: To perform any operations on the server, upgrade or modify any configuration file or software, we must first consider security. The better is not something new, this is also why Linux management feels different from windows. windows first recommends that you use the latest version of software and operating system. In fact, I personally think this is a business behavior, in terms of system management, this is very bad. The use of new software and systems may bring new problems, some or even fatal.

First, we will perform a series of upgrades to the newly installed system, including software and kernel. This is an important step. After all the software has been upgraded, the basic firewall and configuration have been completed.OptimizationSome details are configured. If you are an old system, you must back up all the data to other media before performing the operations and optimization of this problem.

Virtual Memory Optimization

First, check the usage of the virtual memory and use the command

# Free

View the memory usage of the current system.

In general, Linux's physical memory is almost completely used. This is very different from windows. Its memory management mechanism makes full use of the system memory. It is not the same for windows to use some virtual memory no matter how large the memory is. Note This.

Use commands to configure virtual memory in Linux

# Cat/proc/sys/vm/freepages

You can view the following three numbers: the minimum memory blank page, the Minimum Memory blank page, and the maximum memory blank page.

Note that the system uses the virtual memory principle: if the number of blank pages is lower than the maximum number of blank pages, the disk swap space is used. When the minimum blank page setting is reached, the memory is used for swap (Note: I have obtained some information and need to observe it for specific applications, however, this does not affect the configuration of new virtual memory parameters ).

Memory is generally allocated in 4 K bytes per page. The Minimum Memory blank page setting is 2 times the number of memory in the system, the Minimum Memory blank page setting is 4 times the number of memory, and the maximum memory blank page setting is 6 times the system memory. These values are determined at system startup.

In general, in terms of configuring the virtual memory configuration allocated by the system, I personally think that increasing the maximum memory blank page is a good configuration method. Take the 1 GB memory configuration as an example:

You can change the original configuration proportion:

2048 4096 6444

Use commands

# Echo "2048 4096 6444">/proc/sys/vm/freepages

Because the maximum blank page configuration is added, the memory can be used more effectively.

We have finished introducing the virtual memory optimization in Linux System Security optimization, and hope you can understand it.