In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-20 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Take Ali CVM as an example
Mount the hard disk
1. Disk partition
When fdisk-l # looks at the device, you can generally see that the device is named / dev/xvdb or / dev/vdb (Aliyun io optimized)
Fdisk / dev/xvdb # partitions the disk, or fdisk / dev/vdb
Enter n # to create a new partition
Enter p # to create the primary partition
Enter 1 # to create the first primary partition
Enter w # to save and execute the above command to create a partition
After the above command has been executed, look at it using fdisk-l, and you will see something like this
Partition of / dev/xvdb1
Or for
Partition of / dev/vdb1 (the following steps are similar, note the distinction between xvdb1 and vdb1)
Indicates that the partition was successful.
2. Disk formatting
Mkfs.ext4 / dev/xvdb1 # formats partitions
Description: ext4 is the default partition format for CentOS6.x. Please use ext3 for CentOS5.x.
Mkfs.xfs / dev/vdb1 or mkfs-t xfs / dev/vdb1
# CentOS 7.x uses xfs partitions by default
After the formatting is complete (the time required for formatting varies according to the size of the partition, please wait patiently), mount the partition
3. Mount the disk
For example: to mount / dev/xvdb1 to the / data directory
Mkdir-p / data # create directory
Mount / dev/xvdb1 / data # mount
Mount-t ext4 / dev/xvdb1 / data # mount
Mount-t xfs / dev/vdb1 / data # mount
Df-h # View the mount result
Vi / etc/fstab # sets auto-mount on boot. Enter the following code on the last line
/ dev/xvdb1 / data ext4 defaults 0 0
: wq! # Save exit
Or mount using UUID
Blkid / dev/xvdb1 # gets the UUID of the disk, for example:
Dev/xvdb1: UUID= "9c991d14-9372-4fd8-97d6-2aa1ac1acf47" TYPE= "xfs"
Vi / etc/fstab # sets auto-mount on boot. Enter the following code on the last line
UUID=9c991d14-9372-4fd8-97d6-2aa1ac1acf47 / data xfs defaults 0 0
: wq! # Save exit
Mount-a # makes the partition settings take effect immediately
Create a SWAP partition
Note: the default Ali Cloud service does not have a swap partition. When a 512m CVM installs php 5.6m, it will be prompted that it is out of memory and the installation fails.
It is strongly recommended that swap partitions be added no matter how large the memory is.
Add 1024m of swap space to the 512m Ali Cloud service
Specific operations:
1. Dd if=/dev/zero of=/home/swap bs=1M count=1024 # create a 1024m file block
2. Mkswap / home/swap # create swap file
3. Swapon / home/swap # activate the swap file
4. Swapon-s # View swap
5. Modify the / etc/fstab file and add the following to let the system boot automatically.
Vi / etc/fstab # adds the following code at the end
/ home/swap swap swap default 0 0
: wq! # Save exit
System operation and maintenance www.osyunwei.com warm reminder: qihang01 original content ©all rights reserved, reprint please indicate the source and the original link
III. Kernel optimization of the system
1 、 CentOS 5.x CentOS 6.x CentOS 7.x
Vi / etc/security/limits.conf # adds the following code to the last line
* soft nproc unlimited
* hard nproc unlimited
* soft nofile 655350
* hard nofile 655350
: wq! # Save exit
2 、 CentOS 5.x CentOS 6.x CentOS 7.x
Vi / etc/profile # adds the following code to the last line
Ulimit-SHn 655350
Ulimit-SHu unlimited
Ulimit-SHd unlimited
Ulimit-SHm unlimited
Ulimit-SHs unlimited
Ulimit-SHt unlimited
Ulimit-SHv unlimited
: wq! # Save exit
Source / etc/profile # makes the configuration effective immediately
Ulimit-a # View Settings
3. CentOS 6.x (this is not required for CentOS 5.x and CentOS 7.x)
Vi / etc/security/limits.d/90-nproc.conf # adds the following code to the last line
* soft nofile 655350
* hard nofile 655350
Root soft nofile 655350
Root hard nofile 655350
* soft core unlimited
* hard core unlimited
Root soft core unlimited
Root hard core unlimited
: wq! # Save exit
4 、 CentOS 5.x
Sed-I "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1max g" / etc/sysctl.conf'
Echo-e "net.core.somaxconn = 65535" > > / etc/sysctl.conf
Echo-e "net.core.netdev_max_backlog = 262144" > > / etc/sysctl.conf
Echo-e "net.core.wmem_default = 8388608" > > / etc/sysctl.conf
Echo-e "net.core.rmem_default = 8388608" > > / etc/sysctl.conf
Echo-e "net.core.rmem_max = 16777216" > > / etc/sysctl.conf
Echo-e "net.core.wmem_max = 16777216" > > / etc/sysctl.conf
Echo-e "net.ipv4.route.max_size = 5242880" > > / etc/sysctl.conf
Echo-e "net.ipv4.route.gc_timeout = 20" > > / etc/sysctl.conf
Echo-e "net.ipv4.ip_local_port_range = 1025 65535" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_retries2 = 5" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_fin_timeout = 30" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_syn_retries = 3" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_synack_retries = 3" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_timestamps = 0" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_tw_recycle = 0" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_tw_reuse = 1" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_keepalive_time = 120" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_keepalive_probes = 3" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_keepalive_intvl = 15" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_max_tw_buckets = 200000" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_max_orphans = 3276800" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_max_syn_backlog = 262144" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_wmem = 8192 131072 16777216" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_rmem = 32768 131072 16777216" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_mem = 94500000 915000000 927000000" > > / etc/sysctl.conf
Echo-e "net.ipv4.ip_conntrack_max = 25000000" > > / etc/sysctl.conf
Echo-e "net.ipv4.netfilter.ip_conntrack_max = 25000000" > > / etc/sysctl.conf
Echo-e "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180" > > / etc/sysctl.conf
Echo-e "net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 1" > > / etc/sysctl.conf
Echo-e "net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60" > > / etc/sysctl.conf
Echo-e "net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120" > > / etc/sysctl.conf
Echo-e "net.unix.max_dgram_qlen = 655360" > > / etc/sysctl.conf
Echo-e "kernel.msgmax = 655360" > > / etc/sysctl.conf
Echo-e "kernel.msgmni = 20480" > > / etc/sysctl.conf
CentOS 6.x 7.x
Sed-I "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1max g" / etc/sysctl.conf'
Echo-e "net.core.somaxconn = 65535" > > / etc/sysctl.conf
Echo-e "net.core.netdev_max_backlog = 262144" > > / etc/sysctl.conf
Echo-e "net.core.wmem_default = 8388608" > > / etc/sysctl.conf
Echo-e "net.core.rmem_default = 8388608" > > / etc/sysctl.conf
Echo-e "net.core.rmem_max = 16777216" > > / etc/sysctl.conf
Echo-e "net.core.wmem_max = 16777216" > > / etc/sysctl.conf
Echo-e "net.ipv4.route.max_size = 5242880" > > / etc/sysctl.conf
Echo-e "net.ipv4.route.gc_timeout = 20" > > / etc/sysctl.conf
Echo-e "net.ipv4.ip_local_port_range = 1025 65535" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_retries2 = 5" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_fin_timeout = 30" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_syn_retries = 3" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_synack_retries = 3" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_timestamps = 0" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_tw_recycle = 0" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_tw_reuse = 1" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_keepalive_time = 120" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_keepalive_probes = 3" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_keepalive_intvl = 15" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_max_tw_buckets = 200000" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_max_orphans = 3276800" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_max_syn_backlog = 262144" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_wmem = 8192 131072 16777216" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_rmem = 32768 131072 16777216" > > / etc/sysctl.conf
Echo-e "net.ipv4.tcp_mem = 94500000 915000000 927000000" > > / etc/sysctl.conf
Echo-e "net.nf_conntrack_max = 25000000" > > / etc/sysctl.conf
Echo-e "net.netfilter.nf_conntrack_max = 25000000" > > / etc/sysctl.conf
Echo-e "net.netfilter.nf_conntrack_tcp_timeout_established = 180" > > / etc/sysctl.conf
Echo-e "net.netfilter.nf_conntrack_tcp_timeout_time_wait = 1" > > / etc/sysctl.conf
Echo-e "net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60" > > / etc/sysctl.conf
Echo-e "net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120" > > / etc/sysctl.conf
Echo-e "net.unix.max_dgram_qlen = 655360" > > / etc/sysctl.conf
Echo-e "kernel.msgmnb = 655360" > > / etc/sysctl.conf
Echo-e "kernel.msgmax = 655360" > > / etc/sysctl.conf
Echo-e "kernel.msgmni = 20480" > > / etc/sysctl.conf
/ sbin/sysctl-p # make the configuration effective immediately
Cat / var/log/secure # check whether the system settings are correct. There is no error prompt indicating that the settings are correct.
Error:
Error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
Error: "net.bridge.bridge-nf-call-iptables" is an unknown key
Error: "net.bridge.bridge-nf-call-arptables" is an unknown key
Solution:
Modprobe bridge
Lsmod | grep bridge
Modprobe ip_conntrack
Note:
The module name in CentOS 5.x is ip_conntrack
The module name in CentOS 6.x 7.x is nf_conntrack
In / etc/sysctl.conf optimization, in CentOS 6.x 7.x
Parameters such as net.ipv4.netfilter.ip_conntrack_max
Change it to net.netfilter.nf_conntrack_max
IV. System security settings
1. Create an ordinary account
Useradd osyunwei # create an ordinary account
Passwd osyunwei # set the password according to the prompt, you need to enter it twice
2. Disable root direct login
Vi / etc/ssh/sshd_config # editing
Find PermitRootLogin and change the following yes to no
: wq! # Save exit
3. Lock system files to prevent unauthorized deletion or addition
Chattr + ia / etc/passwd
Chattr + ia / etc/shadow
Chattr + ia / etc/group
Chattr + ia / etc/gshadow
Chattr + ia / etc/services
Lsattr / etc/passwd / etc/shadow / etc/group / etc/gshadow / etc/services # displays the properties of the file
Note: after the above permission changes, users cannot be added or deleted.
If you want to add and delete users again, you need to cancel the above settings first, and then perform the above actions after the user adds and deletes.
Chattr-ia / etc/passwd
Chattr-ia / etc/shadow
Chattr-ia / etc/group
Chattr-ia / etc/gshadow
Chattr-ia / etc/services
4. Turn on the firewall
Yum install iptables # install firewall yum install wget install download tool first
Chkconfig iptables on # set boot up
Edit vi / etc/sysconfig/iptables # to add the following code
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
* filter
: INPUT ACCEPT [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
-An INPUT-m state-- state ESTABLISHED,RELATED-j ACCEPT
-An INPUT-p icmp-j ACCEPT
-An INPUT-I lo-j ACCEPT
-An INPUT-m state-- state NEW-m tcp-p tcp-- dport 22-j ACCEPT
-An INPUT-m state-- state NEW-m tcp-p tcp-- dport 80-j ACCEPT
-An INPUT-s 192.168.1.1 ACCEPT 24-m state-- state NEW-m tcp-p tcp-- dport 3306-j ACCEPT
-An INPUT-j REJECT-- reject-with icmp-host-prohibited
-A FORWARD-j REJECT-- reject-with icmp-host-prohibited
COMMIT
# Iptables For OsYunWei.Com Date 2015-05-22
Service iptables start # start the firewall
Note:-s 192.168.1.1 ip 24 indicates that only this port segment is allowed to access port 3306, which can be modified as needed.
5. Close SELINUX
Vi / etc/selinux/config
# SELINUX=enforcing # comment out
# SELINUXTYPE=targeted # comment out
SELINUX=disabled # increased
: wq! # Save exit
Setenforce 0 # makes the configuration effective immediately
6. Modify the default port of ssh
Change ssh default remote connection port 22 to 222,
Vi / etc/ssh/sshd_config
Add Port 222under port # Port 22
: wq! # Save exit
Vi / etc/ssh/ssh_config
Add Port 222under port # Port 22
: wq! # Save exit
/ etc/init.d/sshd restart # restart the sshd service
Vi / etc/sysconfig/iptables # editing
Change port 22 to 222
: wq! # Save exit
Service iptables restart # restart the firewall to make the configuration effective
7. Temporary directory / tmp, / var/tmp, / dev/shm security reinforcement
7.1and / tmp directory
7.1.1. If / tmp is a separate partition, modify the mount attribute corresponding to / tmp, and add nosuid, noexec, and nodev options.
Vi / etc/fstab # Editing and modifying
LABEL=/tmp / tmp ext3 rw,nosuid,noexec,nodev 0 0
: wq! # Save exit
Parameter description:
Nosuid, noexec, nodev: no suid programs are allowed, no scripts are allowed, no device files exist
Mount-o remount / tmp
Mount-a # remount the partition
7.1.2. If / tmp is a directory under the root directory, you can create a loopback file system mount / tmp
Dd if=/dev/zero of=/mnt/tmpfs bs=1M count=5120
Mke2fs-j / mnt/tmpfs
Cp-ap / tmp / tmp.old
Mount-o loop,noexec,nosuid,rw / mnt/tmpfs / tmp
Chmod 1777 / tmp
Mv-f / tmp.old/* / tmp/
Rm-rf / tmp.old
Vi / etc/fstab # Editing and modifying
/ mnt/tmpfs / tmp ext3 loop,nosuid,noexec,rw 0 0
: wq! # Save exit
Mount-o remount / tmp
Mount-a # remount the partition
7.2.The / var/tmp directory
7.2.1. If / var/tmp is a separate partition, modify the mount attribute corresponding to / var/tmp, and add nosuid, noexec, and nodev options.
Vi / etc/fstab # Editing and modifying
LABEL=/var/tmp / var/tmp ext3 rw,nosuid,noexec,nodev 0 0
: wq! # Save exit
7.2.2. If / var/tmp is a directory under / var partition, move the data under / var/tmp directory to / tmp partition and make a soft link to / tmp under / var.
Cp-ap / var/tmp/* / tmp/
Rm-rf / var/tmp
Ln-sf / tmp / var/tmp
7.3.The / dev/shm directory
Modify the mount properties of / dev/shm
Vi / etc/fstab # Editing and modifying
Tmpfs / dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
: wq! # Save exit
Mount-o remount / dev/shm
Mount-a # remount the partition
5. Modify the host name
Set the host name here to: www.osyunwei.com
1. Hostname "www.osyunwei.com" # set the hostname to www.osyunwei.com
2 、
Vi / etc/sysconfig/network # Edit configuration file CentOS 5.x CentOS 6.x
HOSTNAME= www.osyunwei.com # change localhost.localdomain to www.osyunwei.com
: wq! # Save exit
Vi / etc/hostname # Edit configuration file CentOS 7.x
Www.osyunwei.com # change localhost.localdomain to www.osyunwei.com
: wq! # Save exit
3. Vi / etc/hosts # Editing the configuration file
127.0.0.1 www.osyunwei.com localhost # modify localhost.localdomain to www.osyunwei.com
: wq! # Save exit
VI. Synchronize system time
Yum install-y ntp # install ntp
Ntpdate time1.aliyun.com # perform time synchronization
Hwclock-systohc # system clock and hardware clock synchronization
CentOS 5.x
Echo-e "0 * / sbin/ntpdate time1.aliyun.com & > / dev/null" > > / var/spool/cron/root # add scheduled tasks
CentOS 6.x 7.x
Echo-e "0 * / usr/sbin/ntpdate time1.aliyun.com & > / dev/null" > > / var/spool/cron/root # add scheduled tasks
Service crond restart # restart the service
Install the basic software package
Yum install-y apr* autoconf automake bison cloog-ppl compat* cpp curl curl-devel fontconfig fontconfig-devel freetype freetype* freetype-devel gcc gcc-c++ gtk+-devel gd gettext
Gettext-devel glibc kernel kernel-headers keyutils keyutils-libs-devel krb5-devel libcom_err-devel libpng* libjpeg* libsepol-devel libselinux-devel libstdc++-devel libtool*
Libgomp libxml2 libxml2-devel libXpm* libtiff libtiff* libX* libxml* make mpfr ncurses* ntp openssl openssl-devel patch pcre-devel perl php-common php-gd policycoreutils ppl telnet
T1lib T1 lib * nasm nasm* wget zlib-devel
At this point, the CentOS server initialization settings are complete.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
