Shulou(Shulou.com)06/01 Report--

This article shows you the basic optimization and security configuration after starting with CentOS VPS. The content is concise and easy to understand, which will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Applicable environment and conditions: install any VPS of CentOS5 or 6

Upgrade the system

The code is as follows:

Yum update

Upgrade firewall policy

The code is as follows:

# clear existing firewall rules

Iptables-F

Iptables-X

Iptables-Z

# allow local access to this machine

Iptables-An INPUT-s 127.0.0.1-d 127.0.0.1-j ACCEPT

# allow established or related traffic

Iptables-An INPUT-m state-- state ESTABLISHED,RELATED-j ACCEPT

# allow limited ping functionality, 10 times per second

Iptables-An INPUT-p icmp-m limit-- limit 10/sec-j ACCEPT

# allow all local outward access

Iptables-An OUTPUT-j ACCEPT

# allow access to port 22. Default SSH port. Please keep it until you modify the sshd_conf.

Iptables-An INPUT-p tcp-- dport 22-j ACCEPT

# allow access to port 80

Iptables-An INPUT-p tcp-- dport 80-j ACCEPT

# you only need to change the port number to allow other ports

# prohibit access to other unauthorized rules

Iptables-An INPUT-j REJECT (Note: if port 22 does not join the allow rule, the SSH link will be broken directly. )

Iptables-A FORWARD-j REJECT

# keep firewall rules

Service iptables save

# if it fails because of the lack of policycoreutils, please install it first

Yum-y install policycoreutils

# save it later

# add iptables to random startup

Chkconfig-level 345 iptables on

Delete unused applications

The code is as follows:

Yum remove Deployment_Guide-en-US cups-libs cups

Bluez-libs desktop-file-utils ppp rp-pppoe wireless-tools irda-utils

Nfs-utils nfs-utils-lib rdate fetchmail eject ksh mkbootdisk mtools

Syslinux tcsh startup-notification talk apmd rmt dump setserial portmap yp-tools

Ypbind

# Delete unsafe services

Yum remove telnet rsh ftp rcp

# install postfix instead of sendmail

Yum install postfix

# Delete sendmail

Yum remove sendmail

# disable and delete xinetd service

/ sbin/service xinetd stop; / sbin/chkconfig xinetd off

Rm-rf / etc/xinetd.d

Clean up unwanted users and user groups

The code is as follows:

# copy and back up a passwd and group

Cp / etc/passwd / etc/passwd.sav

Cp / etc/group / etc/group.sav

# Delete useless users and user groups

For an in adm lp sync news uucp operator games gopher mailnull nscd rpc

Do / usr/sbin/userdel $a-f; done

For an in lp news uucp games gopher users floopy nscd rpc rpcuser nfsnobody

Do / usr/sbin/groupdel $a-f; done

Updated to Hong Kong time zone

The code is as follows:

Ln-sf / usr/share/zoneinfo/Hongkong / etc/localtime

Support for zip and unzip

The code is as follows:

Yum install zip unzip

The above content is the basic optimization and security configuration after CentOS VPS. Have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.