Ubuntu Virtual machine Mirroring best practices
Partition
/boot >1g
/root >10g
/var >5g
With swap space, twice times the memory
Vi/etc/security/limits.conf
* Soft Nofile 40960
* Hard Nofile 40960
Root Soft Nofile 40960
Root Hard Nofile 40960
Vi/etc/sysctl.conf
#增加本地端口数量
net.ipv4.ip_local_port_range=1024 65000
#增加网络连接跟踪表size
Net.netfilter.nf_conntrack_max = 655350
#增肌socket最大连接数
Net.core.somaxconn = 655350
Configuration:
Net.core.netdev_max_backlog = 262144
Net.ipv4.tcp_max_syn_backlog = 262144
System parameter Optimization
Kernel.shmall = 2097152
Kernel.shmmax = 2147483648
Kernel.shmmni = 4096
Kernel.sem = 250 32000 100 128
Fs.file-max = 655360
Safety reinforcement
A)/etc/ssh/sshd_config
Protocol 2
Passwordauthentication No
Permitrootlogin No
Permitemptypasswords No
b) sudo
Log
c) syslog operation log
/etc/profile Increase
user_ip= ' who-u am I 2>/dev/null|awk ' {print $NF} ' |sed-e ' s/[()]//g '
Origin_user= ' who-u am I 2>/dev/null|awk ' {print '} ' |sed-e ' s/[()]//g '
Histdir=/var/log/.bash_history
If [-Z $USER _ip]
Then
User_ip= ' hostname '
Fi
if [!-D $HISTDIR]
Then
Mkdir-p $HISTDIR
chmod 777 $HISTDIR
Fi
Export histsize=9999
dt= ' Date +%y%m%d '
Export histfile= "$HISTDIR/history. $DT"
Export histtimeformat= "|normal|%f%t| $USER _ip| $ORIGIN _user: $LOGNAME |$$|"
chmod 644%histdir/histroy* 2>/dev/null
Export prompt_command= ' builtin history 1 >> $HISTFILE '
Edit/etc/rsyslog.d/bash_log.conf
Module (load= "Imfile" pollinginterval= "1")
Input (type= "Imfile" file= "/var/log/.bash_history/*history*"
Tag= "Bash-log"
Facility= "Local7"
severity= "Debug"
Deletestateonfiledelete= "On"
)
Edit/etc/rsyslog.d/logserver.conf
* * @192.168.0.15
D) iptables
Default Deny
Open 22,3306,8080,8443,9042,7000
Be managed
Zabbix
Salt
Tool: Iostat,vmstat,perf,top,iftop
Clock synchronization
Apply Image
Non-root account installation and deployment
Tomcat Configuration Optimizations
MySQL Configuration optimization
Ubuntu Virtual Machine System tuning