Simple optimization:
1. Remove unnecessary packages (such as postfix, etc.)
yum remove -y postfix
Installation management:
1. Password
1.1 At least 8 characters, combination of upper and lower case, special characters and numbers, change regularly
1.2 Password length can be edited /etc/login.defs to modify
2. User
2.1 Static root user remote login
2.2 Edit /etc/hosts .allow or /etc/hosts.deny limit the source IP that allows login
such as: ALL: ALL: DENY Deny all users access
3. Network
3.1 Shield ICMP echo:
3.1.1 Temporary shield: echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
3.1.2 Permanent shield: /etc/sysctl.conf Add: net.ipv4.icmp_echo_ignore_all=1, sysctl -p makes the configuration take effect. 3.2 Prohibit IP masquerading :
Edit /etc/host.conf and add nospoof on 5 times): sysctl -w net.ipv4.tcp_synack_retries=3 sysctl -w net.ipv4.tcp_syn_retries=3 Method 2: Use SYN Cookie technology: sysctl -w net.ipv4.tcp_syncookies=1 //Do not establish three-way handshake method 3 : increase the backlog queue (default is 1024): sysctl -w net.ipv4.tcp_max_syn_backlog=2048
4. Delete system information at login:
rm -rf /etc/issue*
System parameter optimization
Increase the number of files opened by the system
#ulimit -n 65536