Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to optimize the settings and security settings for the installed Linux server". Many people will encounter this dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

1. Turn off unwanted services

It should be easy to understand that all services that our system does not need will be turned off. One advantage is to reduce the use of memory and CPU time, and another benefit can relatively improve security.

So which services are sure to be retained?

There are usually four services that must be retained on the linux machine

Iptables

Linux under the powerful firewall, as long as the machine needs to connect to the Internet, where can be separated from it

Network

The network of linux machines can be turned off if you don't have access to the Internet, as long as you go online, of course you have to turn it on.

Sshd

This is openssh server, if your machine is not operated locally, but is hosted in the IDC computer room

Then you need to access the machine through this sshd service.

Syslog

This is the log system of the linux system, it must have

Otherwise, when there is something wrong with the machine, the cause will not be found.

Apart from these four essential services, what other services need to be retained?

At this point, it depends on the purpose of the system, for example: database server, you need to enable mysqld (or oracle).

Web server, you need to enable apache

2. Close unwanted tty

Please edit your / etc/inittab

Find the following paragraph:

1:2345:respawn:/sbin/mingetty tty1

2:2345:respawn:/sbin/mingetty tty2

3:2345:respawn:/sbin/mingetty tty3

4:2345:respawn:/sbin/mingetty tty4

5:2345:respawn:/sbin/mingetty tty5

6:2345:respawn:/sbin/mingetty tty6

This command enables init to open six consoles for you, which can be accessed from alt+f1 to alt+f6

These six consoles reside in memory by default, in fact, there is no need to use so many

As you can see with the command ps auxf, there are six processes.

Root 3004 0.0 0.0 1892 412 tty1 Ss+ Jun29 0:00 / sbin/mingetty tty1

Root 3037 0.0 0.0 2492 412 tty2 Ss+ Jun29 0:00 / sbin/mingetty tty2

Root 3038 0.0 0.0 2308 412 tty3 Ss+ Jun29 0:00 / sbin/mingetty tty3

Root 3051 0.0 0.0 1812 412 tty4 Ss+ Jun29 0:00 / sbin/mingetty tty4

Root 3056 0.0 0.0 2116 412 tty5 Ss+ Jun29 0:00 / sbin/mingetty tty5

Root 3117 0.0 0.0 2396 412 tty6 Ss+ Jun29 0:00 / sbin/mingetty tty6

3. How do I shut down these processes?

Usually we can just keep the first two consoles.

Just comment out the last four with #

Then there is no need to restart the machine, just execute the command init Q

Init q

What Q means as a parameter: re-execute the command in / etc/inittab

After the modification is completed, you need to restart the machine to make it effective.

4. How to close atime?

A linux file has 3 times by default:

Atime: access time to this file

Ctime: when the inode of this file changed

Mtime: the modification time of this file

If there are multiple small files, it is usually not necessary to record the access time of the file.

This reduces the io of the disk, for example, there are multiple small pictures on the page of the web server

How to set it up?

Modify the configuration file of the file system: vi / etc/fstab

Use noatime,nodiratime in partitions that contain a large number of small files

For example:

/ dev/md5 / data/pics1 ext3 noatime,nodiratime 0 0

In this way, the io for writing to disk is no longer generated when the file is accessed.

5. Make sure your server runs on level 3

Practice:

Vi / etc/inittab

Id:3:initdefault:

It is not necessary for the server to run X

6. Optimize sshd

X11Forwarding no / / do not forward x graphics

UseDNS no / / does not reverse parse the IP address

7. Optimize shell

Modify command history record

# vi / etc/profile

Find HISTSIZE=1000 and change it to HISTSIZE=100

Then source / etc/profile

This is the end of the content of "how to optimize settings and security settings for the installed Linux server". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.