Shulou(Shulou.com)06/01 Report--

This article mainly shows you the "sample analysis of system optimization and security configuration in Linux", which is easy to understand and well-organized. I hope it can help you solve your doubts. Let me lead you to study and study the "sample analysis of system optimization and security configuration in Linux".

System optimization

Speaking of optimization, in fact, the best optimization is to improve the configuration of hardware, such as improving the computing power of cpu and increasing the capacity of memory. I personally think that if you consider upgrading hardware, it is recommended to increase the capacity of memory first, because general server applications have the highest requirements for memory consumption. Of course, this is all beside the point.

The first thing we discuss here is to optimize your system under the same hardware configuration (the same server without upgrading the hardware).

As a system administrator, I think, first of all, we should make a point clear: any operation on the server, upgrade or modify any configuration file or software, must first consider security, not the newer things the better, which is why Linux management feels different from windows. Windows first recommends that you use the latest version of its software and operating system. In fact, I personally think that this is a business behavior, as in terms of system management, it is very bad, the use of new software and systems may bring new problems, some even fatal.

Therefore, as a management, we should still consider a stable long-term use of the software version as our version, I will not say more about the specific benefits. I'm sure as an administrator, you should know.

In fact, one of the most direct optimization of Linux for personal use is to upgrade the kernel. The kernel compiled by yourself is compiled according to your own system, which will get the maximum performance and the smallest kernel.

However, the server is not the same, of course, we also want each server to be its own hand-compiled kernel, efficient and sophisticated. But there is a gap between reality and desire. Imagine that if you manage more than 100 Linux hosts, and each one may have a different configuration, the process of compiling the kernel will be a huge project, and from a practical point of view, the workload is unimaginable. I don't think you want to do such a thing. Therefore, it is personally recommended that the official kernel upgrade package is a good choice.

First of all, we will make a series of upgrades to the newly installed system, including software and kernel, which is a very important step.

After all the software has been upgraded and the basic firewall and configuration are in place, we begin to optimize some of the details of the configuration. If you are an old system, make sure that all data is backed up to other media before doing some of the problems and optimizing your system.

1. Virtual memory optimization

First check the usage of virtual memory and use the command

# free

View the current system's memory usage.

Generally speaking, the physical memory of Linux is almost completely used. This is very different from windows, its memory management mechanism makes full use of system memory, not windows no matter how much memory has to use some virtual memory. This needs to be noted.

The default configuration of virtual memory under Linux is through the command

# cat / proc/sys/vm/freepages

As you can see, the three numbers displayed are from the current system: the minimum memory blank page, the lowest memory blank page, and the highest memory blank page.

Note that the principle for the system to use virtual memory here is to use disk swap space if the number of blank pages is lower than the maximum blank page setting. When the minimum blank page setting is reached, use memory swapping (Note: I got this from looking at some data, and I need to see for myself when I apply it, but this does not affect our configuration of the new virtual memory parameters).

Memory is generally allocated at 4k bytes per page. The minimum memory blank page setting is 2 times the amount of memory in the system; the minimum memory blank page setting is 4 times the amount of memory; and the maximum memory blank page setting is 6 times the system memory. These values are determined when the system starts.

Generally speaking, in configuring the virtual memory configuration allocated by the system, I personally think that increasing the maximum memory blank page is a better way to configure. Take 1G memory configuration as an example:

The original configuration ratio can be changed to:

2048 4096 6444

By command

# echo "2048 4096 6444" > / proc/sys/vm/freepages

Because of the increase in the maximum blank page configuration, memory can be used more efficiently.

2. Hard disk optimization

If you have a scsi hard drive or an ide array, you can skip this section, which describes parameter adjustments only for servers using ide hard drives.

We set up the IDE hard drive through the hdparm program

The use of DMA and 32-bit transport can greatly improve system performance. Use the command as follows:

# / sbin/hdparm-c 1 / dev/hda

This command specifies the PCI bus of the first IDE hard disk as 32-bit and uses the-c 0 parameter to disable 32-bit transmission.

To use DMA on your hard drive, use the command:

# / sbin/hdparm-D1 / dev/hda

You can use the parameter of-d 0 to turn off DMA.

After the changes are complete, you can use hdparm to check the modified results, using the command:

# / sbin/hdparm-t / dev/had

To ensure that the result of the setting remains the same, use the command: # / sbin/hdparm-k 1 / dev/hda

Some other common parameter functions of the Hdparm command

-g displays the parameters of the hard disk, such as track, head, sector, etc.

-I displays the hardware specification information of the hard disk, which is provided by the hard disk itself at boot time.

-I directly read the hardware specification information provided by the hard disk.

-p sets the PIO mode of the hard drive.

-Tt evaluates the read efficiency of the hard disk and the read efficiency of the hard disk cache.

When accessing the hard disk, other interrupt requirements are allowed to be executed at the same time.

-v displays the relevant settings of the hard drive.

3. Other optimization

Turn off unwanted services. There is a lot of information on the Internet about the services that are automatically started by the system. I will not repeat them here.

Security configuration

As a system administrator, it is very important to have a comprehensive security check of the system on a regular basis. Recently, I have encountered some inexplicable problems from some friends. For example, one of the biggest problems is the obvious feeling that the network service is slow. This is most likely an attack.

Practice has proved that no matter what kind of system, the default installation is not safe, in fact, no matter you use windows, Linux,bsd or any other system, there are many loopholes installed by default, so how to become a secure system? this is exactly what we system managers need to do. Configure and reconfigure.

Any system, as long as careful configuration, plug known loopholes, it can be said that the system is secure, in fact, not as many friends said, installed the system, configured with a firewall, installed antivirus software, then it will be safe. In fact, if you do not make any security settings for the system, it is tantamount to opening a paper door to hackers and complete control in tens of minutes!

This is not appalling.

As a Linux system, there are also many vulnerabilities that may be exploited to control your entire system. To prevent these problems, we need to take the following steps:

1. Upgrade the latest version of all software packages in the system

2. Set up a stronger firewall

3. Check key record files regularly and configure antivirus software

4. Pay more attention to the websites that issue security information warnings and master the characteristics of some of the latest viruses and hacker programs, which are conducive to the normal operation of the system.

This article is mainly focused on optimization, in order to tie in with this theme, we will only discuss some of the daily maintenance work in the security part.

In addition to the four required courses for administrators listed above, it is also important to maintain some Linux system details.

These include:

1. Configure the log rotation training tool and download the backup log regularly, which is a very good habit, which can not only reduce the disk space consumed by the log, improve the system efficiency, but also find problems in time. There are some good system log analyzers under Linux, which can directly extract special items in the log and save the trouble of reading the log.

2. Use commands such as lsof-I, netstat-a, ps-e to check the system service port monitoring regularly. You can also make a script that is executed regularly and send these commands to the mailbox.

3. Regularly check whether the history list, last list and vipw user list of root users are normal.

4. Back up the files regularly and use the tar command to back up them well. Of course, you need to download these backups and transfer the media.

If you find any special situation or port that you have never seen before, you should pay enough attention to it and don't lose the big because of the small.

The above is all the contents of the article "sample Analysis of system Optimization and Security configuration in Linux". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.