Shulou(Shulou.com)05/31 Report--

Today, I would like to share with you about the basic tuning and security settings of centos after minimizing the installation of the system. The content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article.

Clean up the service that starts automatically on the boot

Shows the startup status of all runlevels for all services

# chkconfig-list

Stop all services that are booted on runlevel 3

# for oldboy in `chkconfig-list | grep 3:on | awk'{print $1}'`; do chkconfig-level 3$ oldboy off;done

In opening a commonly used service, crond,network,rsyslog,sshd

# for oldboy in crond network rsyslog sshd;do chkconfig-level 3$ oldboy on;done

Shows all services under all 3 runlevels (which service starts based on demand)

# chkconfig-list | grep 3:on

Ssh security configuration

Install ssh

# yum install ssh

Backup configuration file (backup is required before changing the configuration file)

# cp / etc/ssh/sshd_config / etc/ssh/sshd_config.bak

Modify sshd configuration file (improve system security)

# vi / etc/ssh/sshd_config

Port 52101 modifies the default port of ssh, default to port 22

Permitrootlogin no does not allow root users to log in

Permitemptypasswords no does not allow empty password to log in

Usedns no does not apply to dns

# man sshd_config details please click on the man

Switch users

Marking character

The $prompt is $for an ordinary user

The # prompt is # for the administrator root user

Switching between users

$su-root ordinary user switching administrator needs to enter a password

# su-xu administrator does not need to enter a password to switch to an ordinary user

Grant root administrative rights to ordinary users

# visudo uses the visudo command to edit / etc/sudoers

# user machine=commands

Root all= (all) all

Xu all= (all) all

Log in using the xu user

$sudo cat / etc/shadow ordinary users can view the shadow file

Password: the password entered here is not the administrator password, but the password of the xu user.

User environment variable

# echo $path

/ usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

$echo $path

/ usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/xu/bin

The path of the ordinary user is different from that of the administrator. The command used by the ordinary user is the path of path in the variable.

For example: $useradd aaa

-bash: useradd: command not found

When an ordinary user enters a command, the system will look for the path in the path variable. If the prompt command not found is not found,

Linux character set

After installing the operating system in English, if there is Chinese in the system, the garbled code will be displayed and the character set needs to be modified.

# vim / etc/sysconfig/i18n

Lang= "en_us.utf-8"

Sysfont= "latarcyrheb-sun16"

En_us.utf-8 English character set

Zh_cn.gb18030 Chinese character set

Make the changes effective immediately

# source / etc/sysconfig/i18n

Update server time using ntp service

Ntp Network time Protocol

Install ntp

# yum install ntp

Update time

# ntpdate time.windows.com

Perform an update every 5 minutes

# echo'* / 5 * ntpdate time.windows.com > / dev/null 2 > & 1 > > / var/spool/cron/root

View scheduled tasks

# crontab-l

Enlarge the server file descriptor

When the system service is turned on, the traffic becomes larger and more file descriptors are used.

Displays the current number of file descriptors

# uimits-n

1024

Increase the number of file descriptors

# vim / etc/security/limits.conf

*-nofile 65536 # add to the last line of the text

Log in to the user again and view the file descriptor for the second time

# ulimit-n

65536

Adjust kernel parameters

# vim / etc/sysctl.conf

Net.ipv4.tcp_fin_timeout = 2

Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_tw_recycle = 1

Net.ipv4.tcp_syncookies = 1

Net.ipv4.tcp_keepalive_time = 600,

Net.ipv4.ip_local_port_range = 4000 65000

Net.ipv4.tcp_max_syn_backlog = 16384

Net.ipv4.tcp_max_tw_buckets = 36000

Net.ipv4.route.gc_timeout = 100

Net.ipv4.tcp_syn_retries = 1

Net.ipv4.tcp_synack_retries = 1

Net.ipv4.ip_conntrack_max = 25000000

Net.ipv4.netfilter.ip_conntrack_max=25000000

Net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180

Net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120

Net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60

Net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120

Make the changes effective immediately

# sysctl-p

These are all the contents of this article entitled "basic tuning and Security Settings after centos minimization installation system". Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.