CentOS system basic optimization knowledge summary

Time:2020-6-28

Summary of Optimization:
1、 Without root management, it is authorized by sudo in the name of ordinary users;
2. Change the default remote connection server, forbid the root user to connect remotely, or even change to only listen to the intranet IP;
3. Update the server time automatically to synchronize with the Internet time;
4. Configure the yum update source and download the installation software package from the domestic update source
5. Turn off SELinux and iptables (in the work scenario, if there is external IP, it must be turned on);
6. Adjust the number of descriptors, process and file opening will consume the file descriptors;
7. Regularly and automatically clean the junk files in the mail directory to prevent inodes nodes from being full (note that the directories of centos6 and centos5 are different);
8. Simplify and keep necessary startup services (sshd, rsyslog, network, crond, SYSTAT);
9. Linux kernel parameter optimization/ etc.sysctl.conf , and make it effective through sysctl-p option;
10. Change the character set to support Chinese, but it is recommended to use English character set to prevent garbled code;
11. Lock key system files such as / etc / passwd, / etc / shadow, / etc / gshadow, / etc / group, / etc / inittab; it is much safer to change chattr, Lsattr to you or other commands when handling the above contents.
12. Clear / etc / issue, / etc/ issue.net Remove the prompt before the system and kernel version;
13. Remove redundant system virtual accounts;
14. Password grub menu;
15. It is forbidden to Ping or be pinged;
16. Upgrade vulnerable software.