Personal experience in Linux optimization and security configuration (1)

Source: Internet
Author: User
Tags blank page

I have not written any articles for a long time. Recently, I have received many letters from my friends about configuration optimization and some new security issues. I would like to discuss these issues with you briefly, if there is any inaccuracy or a better way, please send me a letter to discuss and improve it.
I have seen many good articles on linux Optimization on the internet, and I will not repeat these articles here. I just want to talk about these issues from my own experiences.
As a system administrator, I will talk about linux based on server applications. Since linux on a personal computer may not be the same as on a server, security and stability are preferred, therefore, a friend who uses a PC can only make a reference.
The systems mentioned in this Article, if not specifically stated, all adopt redhat's redhat linux system.
Speaking of optimization, the best optimization is to improve the hardware configuration, such as improving the cpu computing capability and memory capacity. I personally think that if you want to upgrade the hardware, we recommend that you increase the memory capacity first. Generally, server applications require the highest memory consumption. Of course this is a digress.
We will first discuss how to optimize your system with the same server under the same hardware configuration without upgrading the hardware.
As a system administrator, I think that first, we need to clarify the point of view that security must be considered first when performing any operations on the server, upgrading or modifying any configuration file or software, it's not something new, it's better. That's why linux management feels different from windows. For windows, we recommend that you use the latest version of the software and operating system, in fact, I personally think this is a business behavior. In terms of system management, this is very bad. Using new software and systems may bring new problems, and some may even be fatal.
Therefore, for management, we should still consider stable and long-term software versions as our versions. I will not talk about the specific advantages. I believe you should know it as an administrator.
In fact, the most direct optimization of linux is to upgrade the kernel. The self-compiled kernel is compiled based on the system, and the maximum performance and minimum kernel will be obtained.
However, the server is not the same. Of course, we also hope that each server is a self-compiled kernel, which is efficient and exquisite. However, there is a gap between the actual situation and the desire. Imagine that if you manage 100 linux Hosts and each of them may have different configurations, a process of compiling the kernel will be a huge project, in addition, the workload is hard to imagine. I don't think you would like to do this. Therefore, it is recommended that you use the officially released kernel upgrade package.
First, we will perform a series of upgrades to the newly installed system, including software and kernel. This is an important step, for details about this, please refer to my other article on upgrade ).
After upgrading all the software and completing basic firewall and configuration, we will start to optimize some detailed configurations. If you are an old system, before doing some operations and optimizing your system, you must back up all the data to other media.
1. Virtual Memory Optimization
First, check the usage of the virtual memory and use the command

# free
View the memory usage of the current system.
In general, linux's physical memory is almost completely used. This is very different from windows. Its memory management mechanism makes full use of the system memory. It is not the same for windows to use some virtual memory no matter how large the memory is. Note This.
Use commands to configure virtual memory in Linux
# cat /proc/sys/vm/freepages
You can view the following three numbers: the minimum memory blank page, the Minimum Memory blank page, and the maximum memory blank page.
Note that the system uses the virtual memory principle: if the number of blank pages is lower than the maximum number of blank pages, the disk swap space is used. When the minimum blank page setting is reached, use memory swap. Note: I have obtained some information and need to observe it for specific applications, however, this does not affect the configuration of new virtual memory parameters ).
Memory is generally allocated in 4 K bytes per page. The Minimum Memory blank page setting is 2 times the number of memory in the system, the Minimum Memory blank page setting is 4 times the number of memory, and the maximum memory blank page setting is 6 times the system memory. These values are determined at system startup.
In general, in terms of configuring the virtual memory configuration allocated by the system, I personally think that increasing the maximum memory blank page is a good configuration method. Take the 1 GB memory configuration as an example:
You can change the original configuration proportion:
2048 4096 6444 run the command # echo "2048 4096 6444">/proc/sys/vm/freepages
Because the maximum blank page configuration is added, the memory can be used more effectively.
2. Hard Disk Optimization
If you are using a scsi hard disk or an ide array, skip this section. The parameter adjustment described in this section is only applicable to servers that use an ide hard disk.
We use the hdparm program to set the IDE hard disk,
Using DMA and 32-bit transmission can greatly improve system performance. Run the following command:
# /sbin/hdparm -c 1 /dev/hda
This command specifies the PCI bus of the first IDE hard disk as 32-bit, and uses the-c 0 parameter to disable 32-bit transmission.
To use DMA on a hard disk, run the following command:
# /sbin/hdparm -d 1 /dev/hda
You can use the-d 0 parameter to disable DMA.
After the modification is complete, you can use hdparm to check the modified result and run the following command:
# /sbin/hdparm -t /dev/had
To ensure that the set results remain unchanged, run the following command:
# /sbin/hdparm -k 1 /dev/hda

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.