Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to optimize the server based on linux". In the daily operation, I believe that many people have doubts about how to optimize the server with linux. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to optimize the server with linux". Next, please follow the editor to study!

1. Close SElinux

SElinux is the implementation of mandatory access control by the National Security Agency (NSA).

[root@xinsz08-64 ~] # setenforce 0 [root@xinsz08-64 ~] # vim / etc/selinux/config [root@xinsz08-64 ~] # sed-I's SELINUX.SeLINUXSELINUXPROUBG'/ etc/selinux/config

2. Simplified boot system startup

Linux server in the process of running, there will be many default services running, and these services are usually useless, these services occupy system resources, there are security risks, shut down these useless services

1) sshd

The remote connection service needs to be turned on, otherwise the linux cannot be connected.

2) rsyslog

Is a mechanism provided in the operating system. System daemons usually use rsyslog to write all kinds of information to system log files.

3). Network

When the system starts, if you want to shut down or activate each network interface, you must start the service

4) cron

One-time scheduled tasks: at

Periodically scheduled tasks: crontab

5) sysstat

The service includes a set of tools for monitoring system performance and efficiency. These tools are useful for collecting system performance data: core toolkits:

Iostat: cpu utilization and hard disk throughput efficiency tool

Mpstat: provides data for single or multiple processors

Sar is responsible for collecting, reporting and storing information about system activity.

3. Turn off the firewall

[root@xinsz08-64 ~] # iptables-F [root@xinsz08-64 ~] # / etc/init.d/iptables stopiptables: set chain to policy ACCEPT:filter [OK] iptables: clear firewall rules: [OK] iptables: uninstalling module: [OK] [root@xinsz08-64 ~] # chkconfig iptables off [root@xinsz08-64 ~] # service iptables stop

4. Installation of minimization principle

1) the installation of the linux system is minimized, the most optional package is minimized, the yum installation package is also minimized, and useless packages are not installed.

2) operating system command minimization

Log in to linux to minimize the number of users, do not use root, just use ordinary users

4) General authorization minimization, that is, commands given only to the necessary management system

5) linux system file and directory permission settings are minimized, and arbitrary modification, change and deletion are prohibited.

Change the configuration of remote login on the ssh server

1) do not use 22 for port

2) whether UseDNS no uses DNS. Login speed will be fast when set to no.

3) # PermitRootLogin no setting does not allow root login

4) GSSAPIAuthentication no solves the problem of slow ssh links

5) PasswordAuthentication yes password authentication is required. Default yes

Whether an empty PermitEmptyPasswords no password allows login or not

7) # LoginGraceTime 2m when the user connects to the ssh server, the user will enter a password. In this screen, the user will be forced to disconnect after how long he has not successfully connected.

Experiment:

LoginGraceTime 5 [root@xinsz08-64 ~] # service sshd restart stop sshd: [OK] starting sshd:

Test:

[root@xinsz08-1 ~] # ssh 192.168.1.20root@192.168.1.20's password:Connection closed by 192.168.1.20

8) # PrintMotd yes / / whether some information is displayed after login, such as the time and place of the last login.

[root@xinsz08-1 ~] # ssh 192.168.1.20root@192.168.1.20's password: Last login: Fri Mar 6 13:22:32 2020 from 192.168.1.4 "warning: from now on, all your whereabouts and operations will be recorded as evidence in Bo's court"

5. Sudo controls the minimization of system commands.

6. Set the time synchronization of the Linux server

Echo'* / 5 * / usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1'> > / var/spool/cron/root

About ntp Servic

7. Enlarge the server file descriptor

[root@xinsz08-64] # vim / etc/security/limits.conf [root@xinsz08-64] # ulimit-n65535

8. Prohibit ping

Echo 'net.ipv4.icmp_echo_ignore_all = 1' > > / etc/sysctl.confsysctl-p at this point, the study on "how to optimize the server based on linux" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.